# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Mar 3 2020 14:14:30 # Log Creation Date: 31.03.2020 14:56:19.407 Process: id = "1" image_name = "lef9nvbny3gqm5dx.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lef9nvbny3gqm5dx.exe" page_root = "0x4707a000" os_pid = "0xb24" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lef9NVBNY3Gqm5dX.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xa30 [0044.769] GetClipboardSequenceNumber () returned 0x5 [0044.769] GetClipboardSequenceNumber () returned 0x5 [0044.769] GetClipboardSequenceNumber () returned 0x5 [0044.769] GetClipboardSequenceNumber () returned 0x5 [0044.769] GetClipboardSequenceNumber () returned 0x5 [0044.769] GetProcessHeap () returned 0x650000 [0044.769] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] GetProcessHeap () returned 0x650000 [0044.770] VirtualProtect (in: lpAddress=0x401400, dwSize=0x80404, flNewProtect=0x40, lpflOldProtect=0x18ff88 | out: lpflOldProtect=0x18ff88*=0x20) returned 1 [0044.825] GetProcessHeap () returned 0x650000 [0044.825] GetProcessHeap () returned 0x650000 [0044.826] GetProcessHeap () returned 0x650000 [0044.826] GetProcessHeap () returned 0x650000 [0044.826] GetProcessHeap () returned 0x650000 [0044.826] GetProcessHeap () returned 0x650000 [0044.826] GetProcessHeap () returned 0x650000 [0044.843] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18ff80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18ff80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0044.857] GetVersionExA (in: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0044.864] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0044.864] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0044.864] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0044.864] GetProcAddress (hModule=0x76d30000, lpProcName="SuspendThread") returned 0x76d67d7e [0044.864] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0044.864] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0044.864] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0044.864] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77710000 [0044.864] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0044.865] LoadLibraryA (lpLibFileName="wtsapi32.dll") returned 0x75670000 [0044.968] GetProcAddress (hModule=0x75670000, lpProcName="WTSFreeMemory") returned 0x75671b65 [0044.969] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalUnlock") returned 0x76d5cfdf [0044.969] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0044.969] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x75650000 [0045.410] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupDelMembers") returned 0x75609322 [0048.108] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77230000 [0048.534] GetProcAddress (hModule=0x77230000, lpProcName="listen") returned 0x7723b001 [0048.534] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameA") returned 0x7773a4b4 [0048.534] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount") returned 0x76d4110c [0048.534] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupDel") returned 0x75608d7c [0048.534] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0048.534] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77130000 [0048.534] GetProcAddress (hModule=0x77130000, lpProcName="TranslateMessage") returned 0x77147809 [0048.534] GetProcAddress (hModule=0x77130000, lpProcName="LoadIconA") returned 0x7714dafb [0048.535] GetProcAddress (hModule=0x77130000, lpProcName="FillRect") returned 0x77150eb6 [0048.535] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageA") returned 0x7715612e [0048.535] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsA") returned 0x76d4e4dc [0048.535] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0048.535] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryA") returned 0x76d6d526 [0048.535] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatus") returned 0x77722a86 [0048.535] GetProcAddress (hModule=0x77230000, lpProcName="connect") returned 0x77236bdd [0048.535] GetProcAddress (hModule=0x76d30000, lpProcName="BeginUpdateResourceW") returned 0x76dd3d6c [0048.535] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0048.536] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyboardState") returned 0x7716ec68 [0048.536] GetProcAddress (hModule=0x77130000, lpProcName="UnregisterClassA") returned 0x7714dced [0048.536] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0048.536] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyState") returned 0x7715291f [0048.536] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0048.536] GetProcAddress (hModule=0x77130000, lpProcName="DrawIcon") returned 0x77158deb [0048.536] GetProcAddress (hModule=0x77710000, lpProcName="LogonUserW") returned 0x7771c1a9 [0048.536] GetProcAddress (hModule=0x77130000, lpProcName="OpenClipboard") returned 0x77158ecb [0048.536] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x755e0000 [0048.676] GetProcAddress (hModule=0x755e0000, lpProcName="WNetEnumResourceW") returned 0x755e3058 [0048.676] GetProcAddress (hModule=0x77130000, lpProcName="GetMessageA") returned 0x77147bd3 [0048.676] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0048.677] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0048.677] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0048.677] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0048.677] GetProcAddress (hModule=0x77710000, lpProcName="LsaAddAccountRights") returned 0x77758819 [0048.677] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x770a0000 [0048.677] GetProcAddress (hModule=0x770a0000, lpProcName="TextOutA") returned 0x770beda3 [0048.677] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0048.678] GetProcAddress (hModule=0x77230000, lpProcName="socket") returned 0x77233eb8 [0048.678] GetProcAddress (hModule=0x77230000, lpProcName="ioctlsocket") returned 0x77233084 [0048.678] GetProcAddress (hModule=0x75670000, lpProcName="WTSEnumerateSessionsA") returned 0x75674023 [0048.678] GetProcAddress (hModule=0x76d30000, lpProcName="Process32First") returned 0x76d68ae7 [0048.678] GetProcAddress (hModule=0x76d30000, lpProcName="WinExec") returned 0x76dc2c21 [0048.678] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExA") returned 0x77724907 [0048.679] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalAlloc") returned 0x76d4588e [0048.679] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupAddMembers") returned 0x756092fe [0048.679] GetProcAddress (hModule=0x77710000, lpProcName="ConvertSidToStringSidA") returned 0x7774192a [0048.679] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameW") returned 0x7772157a [0048.679] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessA") returned 0x76d41072 [0048.679] GetProcAddress (hModule=0x75650000, lpProcName="NetUserAdd") returned 0x75605648 [0048.679] GetProcAddress (hModule=0x755e0000, lpProcName="WNetOpenEnumW") returned 0x755e2f06 [0048.680] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0048.680] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalFree") returned 0x76d45558 [0048.680] GetProcAddress (hModule=0x77130000, lpProcName="EndPaint") returned 0x77151341 [0048.680] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0048.680] GetProcAddress (hModule=0x77130000, lpProcName="DrawTextW") returned 0x771525cf [0048.680] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x76620000 [0049.827] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0049.827] GetProcAddress (hModule=0x77230000, lpProcName="htons") returned 0x77232d8b [0049.827] GetProcAddress (hModule=0x77130000, lpProcName="EmptyClipboard") returned 0x771a7cb9 [0049.827] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0049.828] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalLock") returned 0x76d5d0a7 [0049.828] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0049.828] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesA") returned 0x76d5ecd3 [0049.828] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0049.828] GetProcAddress (hModule=0x77130000, lpProcName="DispatchMessageA") returned 0x77147bbb [0049.828] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorA") returned 0x7714dad5 [0049.828] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0049.828] GetProcAddress (hModule=0x770a0000, lpProcName="CreateSolidBrush") returned 0x770b4f17 [0049.828] GetProcAddress (hModule=0x770a0000, lpProcName="TextOutW") returned 0x770bd41c [0049.828] GetProcAddress (hModule=0x77130000, lpProcName="InvalidateRect") returned 0x77151381 [0049.829] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0049.829] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClassExA") returned 0x7714db98 [0049.829] GetProcAddress (hModule=0x77130000, lpProcName="SetTimer") returned 0x771479fb [0049.829] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0049.829] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingA") returned 0x76d45506 [0049.829] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0049.829] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileA") returned 0x76d45444 [0049.829] GetProcAddress (hModule=0x76d30000, lpProcName="BeginUpdateResourceA") returned 0x76dd3f39 [0049.829] GetProcAddress (hModule=0x77230000, lpProcName="getsockname") returned 0x772330af [0049.830] GetProcAddress (hModule=0x77130000, lpProcName="SetClipboardData") returned 0x77188e57 [0049.830] GetProcAddress (hModule=0x77230000, lpProcName="closesocket") returned 0x77233918 [0049.830] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0049.830] GetProcAddress (hModule=0x77130000, lpProcName="DestroyIcon") returned 0x771549b2 [0049.830] GetProcAddress (hModule=0x77130000, lpProcName="GetForegroundWindow") returned 0x77152320 [0049.830] GetProcAddress (hModule=0x76d30000, lpProcName="Process32Next") returned 0x76d688a4 [0049.830] GetProcAddress (hModule=0x77230000, lpProcName="htonl") returned 0x77232d57 [0049.830] GetProcAddress (hModule=0x77130000, lpProcName="InSendMessage") returned 0x77153e46 [0049.830] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0049.831] GetProcAddress (hModule=0x770a0000, lpProcName="CreateDIBSection") returned 0x770bac46 [0049.831] GetProcAddress (hModule=0x77710000, lpProcName="SetEntriesInAclA") returned 0x777615e9 [0049.831] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x759d0000 [0052.806] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractAssociatedIconW") returned 0x75bd4e1e [0052.811] GetProcAddress (hModule=0x77710000, lpProcName="CheckTokenMembership") returned 0x7771df04 [0052.811] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0052.811] GetProcAddress (hModule=0x77710000, lpProcName="SetSecurityDescriptorDacl") returned 0x7772415e [0052.812] GetProcAddress (hModule=0x76d30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76d6735f [0052.812] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableW") returned 0x76d41b48 [0052.812] GetProcAddress (hModule=0x75650000, lpProcName="NetApiBufferFree") returned 0x756413d2 [0052.812] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0052.812] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountNameW") returned 0x7771e276 [0052.813] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0052.813] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupAdd") returned 0x75608c32 [0052.813] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0052.813] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0052.813] GetProcAddress (hModule=0x77230000, lpProcName="shutdown") returned 0x7723449d [0052.813] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76e40000 [0053.378] GetProcAddress (hModule=0x76e40000, lpProcName="OleLoadPicture") returned 0x76ea7c49 [0053.378] GetProcAddress (hModule=0x770a0000, lpProcName="CreateFontIndirectA") returned 0x770bcffd [0053.378] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractIconExW") returned 0x75aef0bd [0053.379] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0053.379] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0053.379] GetProcAddress (hModule=0x76d30000, lpProcName="RtlZeroMemory") returned 0x77ca3c10 [0053.379] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0053.379] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteObject") returned 0x770b5689 [0053.379] GetProcAddress (hModule=0x76d30000, lpProcName="ResumeThread") returned 0x76d443ef [0053.379] GetProcAddress (hModule=0x770a0000, lpProcName="BitBlt") returned 0x770b5ea6 [0053.379] GetProcAddress (hModule=0x77710000, lpProcName="ConvertStringSidToSidA") returned 0x77730f23 [0053.380] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineA") returned 0x76d451a1 [0053.380] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupGetMembers") returned 0x756021be [0053.380] GetProcAddress (hModule=0x77130000, lpProcName="ShowWindow") returned 0x77150dfb [0053.380] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileA") returned 0x76d658e5 [0053.380] GetProcAddress (hModule=0x770a0000, lpProcName="SelectObject") returned 0x770b4f70 [0053.380] GetProcAddress (hModule=0x77710000, lpProcName="InitializeSecurityDescriptor") returned 0x77724620 [0053.380] GetProcAddress (hModule=0x77710000, lpProcName="SetNamedSecurityInfoW") returned 0x77719fe2 [0053.380] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0053.380] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0053.381] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0053.381] GetProcAddress (hModule=0x75670000, lpProcName="WTSLogoffSession") returned 0x75673d77 [0053.381] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0053.381] GetProcAddress (hModule=0x770a0000, lpProcName="GetDIBits") returned 0x770b6001 [0053.381] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0053.381] GetProcAddress (hModule=0x77230000, lpProcName="select") returned 0x77236989 [0053.381] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0053.381] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0053.382] GetProcAddress (hModule=0x77230000, lpProcName="recv") returned 0x77236b0e [0053.382] GetProcAddress (hModule=0x77130000, lpProcName="DestroyWindow") returned 0x77149a55 [0053.382] GetProcAddress (hModule=0x770a0000, lpProcName="SetTextColor") returned 0x770b522d [0053.382] GetProcAddress (hModule=0x77130000, lpProcName="FindWindowA") returned 0x7714ffe6 [0053.382] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0053.382] GetProcAddress (hModule=0x76d30000, lpProcName="OpenThread") returned 0x76d51248 [0053.383] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteDC") returned 0x770b58b3 [0053.383] GetProcAddress (hModule=0x77230000, lpProcName="WSAStartup") returned 0x77233ab2 [0053.383] GetProcAddress (hModule=0x76d30000, lpProcName="ProcessIdToSessionId") returned 0x76d41275 [0053.383] GetProcAddress (hModule=0x77710000, lpProcName="SetEntriesInAclW") returned 0x77722a66 [0053.383] GetProcAddress (hModule=0x77710000, lpProcName="CreateProcessWithLogonW") returned 0x777552e9 [0053.383] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserGeoID") returned 0x76d6acf0 [0053.384] GetProcAddress (hModule=0x75650000, lpProcName="NetUserSetInfo") returned 0x75605d16 [0053.384] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowPos") returned 0x77148e4e [0053.384] GetProcAddress (hModule=0x77130000, lpProcName="UpdateWindow") returned 0x77153559 [0053.384] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0053.384] GetProcAddress (hModule=0x77230000, lpProcName="accept") returned 0x772368b6 [0053.384] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0053.384] GetProcAddress (hModule=0x77130000, lpProcName="FindWindowExA") returned 0x771500d9 [0053.384] GetProcAddress (hModule=0x770a0000, lpProcName="CreateCompatibleDC") returned 0x770b54f4 [0053.384] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0053.385] GetProcAddress (hModule=0x77130000, lpProcName="PostQuitMessage") returned 0x77149abb [0053.385] GetProcAddress (hModule=0x77230000, lpProcName="bind") returned 0x77234582 [0053.385] GetProcAddress (hModule=0x77130000, lpProcName="CreateWindowExA") returned 0x7714d22e [0053.385] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0053.385] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0053.385] GetProcAddress (hModule=0x755e0000, lpProcName="WNetCancelConnection2W") returned 0x755e8cd1 [0053.385] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0053.385] GetProcAddress (hModule=0x77130000, lpProcName="DrawTextA") returned 0x7715aea1 [0053.386] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0053.386] GetProcAddress (hModule=0x76d30000, lpProcName="ReleaseMutex") returned 0x76d4111e [0053.386] GetProcAddress (hModule=0x76d30000, lpProcName="EndUpdateResourceA") returned 0x76dd3d34 [0053.386] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0053.386] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0053.386] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0053.386] GetProcAddress (hModule=0x770a0000, lpProcName="SetBkColor") returned 0x770b52d8 [0053.386] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractAssociatedIconA") returned 0x75bd4efe [0053.387] GetProcAddress (hModule=0x77230000, lpProcName="gethostbyname") returned 0x77247673 [0053.387] GetProcAddress (hModule=0x77230000, lpProcName="getpeername") returned 0x77237147 [0053.387] GetProcAddress (hModule=0x77130000, lpProcName="GetDC") returned 0x771472c4 [0053.387] GetProcAddress (hModule=0x77710000, lpProcName="OpenServiceW") returned 0x7771ca4c [0053.387] GetProcAddress (hModule=0x77130000, lpProcName="CloseClipboard") returned 0x77158e8d [0053.387] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0053.387] GetProcAddress (hModule=0x770a0000, lpProcName="CreateCompatibleBitmap") returned 0x770b5f49 [0053.387] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0053.388] GetProcAddress (hModule=0x77130000, lpProcName="DefWindowProcA") returned 0x77c824e0 [0053.388] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0053.388] GetProcAddress (hModule=0x77130000, lpProcName="GetSystemMetrics") returned 0x77147d2f [0053.388] GetProcAddress (hModule=0x76d30000, lpProcName="CreateMutexA") returned 0x76d44c6b [0053.388] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0053.388] GetProcAddress (hModule=0x77130000, lpProcName="GetIconInfo") returned 0x771549ea [0053.388] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameA") returned 0x76d414b1 [0053.388] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableA") returned 0x76d433a0 [0053.388] GetProcAddress (hModule=0x770a0000, lpProcName="GetObjectA") returned 0x770b85d4 [0053.389] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0053.389] GetProcAddress (hModule=0x77130000, lpProcName="SetClassLongA") returned 0x7715d5f9 [0053.389] GetProcAddress (hModule=0x77130000, lpProcName="BeginPaint") returned 0x77151361 [0053.389] GetProcAddress (hModule=0x77230000, lpProcName="send") returned 0x77236f01 [0053.389] GetProcAddress (hModule=0x77710000, lpProcName="LsaOpenPolicy") returned 0x7773077c [0053.389] GetProcAddress (hModule=0x755e0000, lpProcName="WNetAddConnection2W") returned 0x755e4744 [0053.389] GetProcAddress (hModule=0x76d30000, lpProcName="UpdateResourceA") returned 0x76dd363d [0053.393] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0053.414] VirtualAlloc (lpAddress=0x0, dwSize=0x73b6e, flAllocationType=0x1000, flProtect=0x40) returned 0x280000 [0053.431] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x664578 [0053.431] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x664578, dwRevision=0x1 | out: pSecurityDescriptor=0x664578) returned 1 [0053.431] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x664578, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x664578) returned 1 [0053.431] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x1d30000 [0053.457] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x220000 [0053.457] VirtualAlloc (lpAddress=0x0, dwSize=0x2300000, flAllocationType=0x3000, flProtect=0x40) returned 0x1e30000 [0053.458] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4130000 [0053.466] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4230000 [0053.472] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x230000 [0053.472] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x230000, nSize=0x200 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24 [0053.475] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e16, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e0a | out: pSid=0x458e0a*=0x663ab8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0053.475] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e28, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e1c | out: pSid=0x458e1c*=0x663ad0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0053.475] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x300000 [0053.490] SetEntriesInAclA () returned 0x0 [0053.847] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x661630 [0053.847] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x661630, dwRevision=0x1 | out: pSecurityDescriptor=0x661630) returned 1 [0053.847] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x661630, bDaclPresent=1, pDacl=0x666908, bDaclDefaulted=0 | out: pSecurityDescriptor=0x661630) returned 1 [0053.847] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x310000 [0053.848] SetEntriesInAclA () returned 0x0 [0053.848] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x660528 [0053.848] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x660528, dwRevision=0x1 | out: pSecurityDescriptor=0x660528) returned 1 [0053.848] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x660528, bDaclPresent=1, pDacl=0x666e58, bDaclDefaulted=0 | out: pSecurityDescriptor=0x660528) returned 1 [0053.848] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x320000 [0053.848] SetEntriesInAclA () returned 0x0 [0053.848] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x666e20 [0053.848] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x666e20, dwRevision=0x1 | out: pSecurityDescriptor=0x666e20) returned 1 [0053.848] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x666e20, bDaclPresent=1, pDacl=0x666ed0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x666e20) returned 1 [0053.848] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x403110 | out: lpWSAData=0x403110) returned 0 [0053.870] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="uwkkwwAk") returned 0xf4 [0053.870] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="DakkIgow") returned 0xf8 [0053.871] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x330000 [0053.895] VirtualAlloc (lpAddress=0x0, dwSize=0x402, flAllocationType=0x3000, flProtect=0x40) returned 0x340000 [0053.896] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x350000 [0053.896] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3e0000 [0053.896] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3f0000 [0053.896] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x620000 [0053.897] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x630000 [0053.897] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x640000 [0053.898] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x350000, nSize=0x1000 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0053.898] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x3e0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0053.902] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou"), lpSecurityAttributes=0x458dca) returned 1 [0053.927] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou"), lpSecurityAttributes=0x458a18) returned 0 [0053.927] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU", dwFileAttributes=0x6) returned 1 [0053.933] GetCurrentThreadId () returned 0xa30 [0053.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa1780c70, dwHighDateTime=0x1d6076c)) [0053.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa1780c70, dwHighDateTime=0x1d6076c)) [0053.933] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0053.933] GetCurrentThreadId () returned 0xa30 [0053.933] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou")) returned 0x16 [0053.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458dfa, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0053.934] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg", dwFileAttributes=0x6) returned 1 [0053.935] CreateFileMappingA (hFile=0xfc, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x100 [0053.936] MapViewOfFile (hFileMappingObject=0x100, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8e0000 [0053.936] ReleaseMutex (hMutex=0xf4) returned 1 [0053.940] WaitForSingleObject (hHandle=0x402973, dwMilliseconds=0x1b58) returned 0xffffffff [0053.959] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x8f0000 [0053.962] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x900000 [0053.965] VirtualFree (lpAddress=0x900000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0053.966] VirtualFree (lpAddress=0x8f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0053.967] ReleaseMutex (hMutex=0x402973) returned 0 [0053.967] CreateDirectoryW (lpPathName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc"), lpSecurityAttributes=0x458dca) returned 1 [0053.968] CreateDirectoryW (lpPathName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc"), lpSecurityAttributes=0x458a18) returned 0 [0053.968] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc", dwFileAttributes=0x6) returned 1 [0053.968] GetCurrentThreadId () returned 0xa30 [0053.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa17ccf30, dwHighDateTime=0x1d6076c)) [0053.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa17ccf30, dwHighDateTime=0x1d6076c)) [0053.968] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0053.968] GetCurrentThreadId () returned 0xa30 [0053.968] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc")) returned 0x16 [0053.969] CreateFileW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.969] CreateFileW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458dfa, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0053.969] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA", dwFileAttributes=0x6) returned 1 [0053.969] CreateFileMappingA (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x108 [0053.969] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8f0000 [0053.970] ReleaseMutex (hMutex=0xf4) returned 1 [0053.970] WaitForSingleObject (hHandle=0x402973, dwMilliseconds=0x1b58) returned 0xffffffff [0053.970] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x900000 [0053.972] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x910000 [0053.974] VirtualFree (lpAddress=0x910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0053.975] VirtualFree (lpAddress=0x900000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0053.977] ReleaseMutex (hMutex=0x402973) returned 0 [0053.982] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x900000 [0054.003] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x910000 [0054.004] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x4600000 [0054.004] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x4610000 [0054.005] GetUserNameA (in: lpBuffer=0x460001a, pcbBuffer=0x45db86 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45db86) returned 1 [0054.016] GetUserNameA (in: lpBuffer=0x461001a, pcbBuffer=0x45db86 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45db86) returned 1 [0054.016] Sleep (dwMilliseconds=0xfb) [0054.276] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4620000 [0054.295] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4630000 [0054.295] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x4630000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0054.295] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4640000 [0054.296] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x464000d, nSize=0x1000 | out: lpBuffer="") returned 0xe [0054.296] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x4620000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0054.296] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4650000 [0054.301] LookupAccountNameW (in: lpSystemName=0x0, lpAccountName="gjpll9uxb4hpl9ud", Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed | out: Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed) returned 0 [0054.324] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x47a0000 [0054.338] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x47a0000, nSize=0x1000 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0054.338] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x150 [0054.347] Process32First (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0054.347] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0054.348] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0054.348] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0054.349] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0054.349] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0054.350] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0054.350] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0054.351] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0054.351] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0054.352] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0054.352] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0054.353] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0054.354] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0054.354] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0054.355] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0054.355] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0054.356] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0054.357] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0054.357] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0054.358] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0054.359] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0054.359] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0054.360] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x588, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0054.360] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="pmid.exe")) returned 1 [0054.361] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ind-saved-manhattan.exe")) returned 1 [0054.362] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x71c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="trial_icq.exe")) returned 1 [0054.362] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="allowance warren.exe")) returned 1 [0054.363] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="charactermens.exe")) returned 1 [0054.364] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="syracuseworkstation.exe")) returned 1 [0054.364] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="navigate layout budget.exe")) returned 1 [0054.366] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="paradise.exe")) returned 1 [0054.366] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="placing-utils-usual.exe")) returned 1 [0054.367] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="formattingcrymovement.exe")) returned 1 [0054.368] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="revenues crossing hc.exe")) returned 1 [0054.368] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x15c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="kinda-dr.exe")) returned 1 [0054.369] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="evanescence-accomplish-california.exe")) returned 1 [0054.369] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="around.exe")) returned 1 [0054.370] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x414, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="street developmental.exe")) returned 1 [0054.371] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="investorfxaccepting.exe")) returned 1 [0054.371] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x48c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="contacting.exe")) returned 1 [0054.372] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="cfsunshinewaves.exe")) returned 1 [0054.373] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="bracelets.exe")) returned 1 [0054.373] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x634, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0054.374] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0054.375] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0054.375] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0054.376] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x738, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0054.377] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x754, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0054.377] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0054.378] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0054.379] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0054.379] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0054.380] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x35c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0054.380] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0054.381] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0054.382] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x31c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0054.382] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0054.383] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0054.384] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0054.385] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0054.386] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0054.387] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0054.388] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0054.389] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0054.390] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x87c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0054.391] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0054.392] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x89c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0054.393] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0054.394] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0054.395] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0054.396] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0054.397] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0054.398] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0054.399] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x90c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0054.400] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x91c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0054.400] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0054.401] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x93c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0054.402] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x94c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0054.402] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0054.403] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x96c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0054.404] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x97c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0054.404] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0054.405] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x99c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0054.405] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0054.406] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0054.407] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0054.407] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="contests_nelson.exe")) returned 1 [0054.408] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0054.408] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0054.409] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0054.409] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0054.410] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0054.411] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="Lef9NVBNY3Gqm5dX.exe")) returned 1 [0054.411] Process32Next (in: hSnapshot=0x150, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="Lef9NVBNY3Gqm5dX.exe")) returned 0 [0054.412] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou"), lpSecurityAttributes=0x458dca) returned 0 [0054.412] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU", dwFileAttributes=0x6) returned 1 [0054.412] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe", dwFileAttributes=0x80) returned 0 [0054.416] GetCurrentThreadId () returned 0xa30 [0054.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fc50 | out: lpSystemTimeAsFileTime=0x18fc50*(dwLowDateTime=0xa1c1d710, dwHighDateTime=0x1d6076c)) [0054.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fc50 | out: lpSystemTimeAsFileTime=0x18fc50*(dwLowDateTime=0xa1c1d710, dwHighDateTime=0x1d6076c)) [0054.419] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fc6c | out: lpSystemTimeAsFileTime=0x18fc6c*(dwLowDateTime=0xa1c1d710, dwHighDateTime=0x1d6076c)) [0054.953] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x47b0000 [0054.973] VirtualAlloc (lpAddress=0x0, dwSize=0x600, flAllocationType=0x1000, flProtect=0x40) returned 0x47c0000 [0054.977] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77c40000 [0055.000] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76d30000 [0055.018] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77130000 [0055.240] GetCurrentThreadId () returned 0xa30 [0055.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fc20 | out: lpSystemTimeAsFileTime=0x18fc20*(dwLowDateTime=0xa23ffff0, dwHighDateTime=0x1d6076c)) [0055.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fc20 | out: lpSystemTimeAsFileTime=0x18fc20*(dwLowDateTime=0xa23ffff0, dwHighDateTime=0x1d6076c)) [0055.242] GetCurrentThreadId () returned 0xa30 [0055.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458de2, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0055.261] SetFilePointer (in: hFile=0x154, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0055.261] WriteFile (in: hFile=0x154, lpBuffer=0x47c0000*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x47c0000*, lpNumberOfBytesWritten=0x468d2f*=0x600, lpOverlapped=0x0) returned 1 [0055.262] WriteFile (in: hFile=0x154, lpBuffer=0x1e7a600*, nNumberOfBytesToWrite=0x77400, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e7a600*, lpNumberOfBytesWritten=0x468d2f*=0x77400, lpOverlapped=0x0) returned 1 [0055.279] WriteFile (in: hFile=0x154, lpBuffer=0x1e50e00*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e50e00*, lpNumberOfBytesWritten=0x468d2f*=0x200, lpOverlapped=0x0) returned 1 [0055.279] WriteFile (in: hFile=0x154, lpBuffer=0x1e50600*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e50600*, lpNumberOfBytesWritten=0x468d2f*=0x200, lpOverlapped=0x0) returned 1 [0055.279] CloseHandle (hObject=0x154) returned 1 [0055.285] GetCurrentThreadId () returned 0xa30 [0055.285] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe", dwFileAttributes=0x7) returned 0 [0055.286] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x46249e*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x46248e | out: lpCommandLine=0x0, lpProcessInformation=0x46248e*(hProcess=0x158, hThread=0x154, dwProcessId=0xa94, dwThreadId=0xa84)) returned 1 [0055.560] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x15c) returned 0x0 [0055.560] RegSetValueExW (in: hKey=0x15c, lpValueName="BUccwoAg.exe", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe", cbData=0x66 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe") returned 0x0 [0055.561] RegCloseKey (hKey=0x15c) returned 0x0 [0055.561] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x47a0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0055.561] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x15c [0055.565] Process32First (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0055.566] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0055.577] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0055.578] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0055.578] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0055.579] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0055.580] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0055.580] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0055.581] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0055.582] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0055.583] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.583] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.584] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.585] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.585] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.586] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0055.586] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.587] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.588] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0055.588] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0055.589] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0055.590] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.590] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0055.591] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x588, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0055.592] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="pmid.exe")) returned 1 [0055.592] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ind-saved-manhattan.exe")) returned 1 [0055.593] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x71c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="trial_icq.exe")) returned 1 [0055.594] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="allowance warren.exe")) returned 1 [0055.594] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="charactermens.exe")) returned 1 [0055.595] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="syracuseworkstation.exe")) returned 1 [0055.596] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="navigate layout budget.exe")) returned 1 [0055.596] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="paradise.exe")) returned 1 [0055.597] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="placing-utils-usual.exe")) returned 1 [0055.645] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="formattingcrymovement.exe")) returned 1 [0055.646] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="revenues crossing hc.exe")) returned 1 [0055.647] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x15c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="kinda-dr.exe")) returned 1 [0055.647] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="evanescence-accomplish-california.exe")) returned 1 [0055.747] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="around.exe")) returned 1 [0055.748] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x414, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="street developmental.exe")) returned 1 [0055.748] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="investorfxaccepting.exe")) returned 1 [0055.749] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x48c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="contacting.exe")) returned 1 [0055.749] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="cfsunshinewaves.exe")) returned 1 [0055.750] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="bracelets.exe")) returned 1 [0055.750] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x634, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0055.751] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0055.751] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0055.752] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0055.752] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x738, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0055.753] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x754, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0055.753] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0055.754] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0055.754] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0055.755] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0055.755] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x35c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0055.755] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0055.756] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0055.756] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x31c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0055.757] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0055.757] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0055.758] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0055.759] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0055.760] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0055.760] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0055.761] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0055.762] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0055.763] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x87c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0055.764] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0055.764] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x89c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0055.765] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0055.766] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0055.767] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0055.768] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0055.768] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0055.770] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0055.770] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x90c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0055.771] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x91c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0055.772] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0055.772] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x93c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0055.773] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x94c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0055.773] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0055.774] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x96c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0055.775] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x97c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0055.775] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0055.776] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x99c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0055.776] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0055.777] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0055.778] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0055.778] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="contests_nelson.exe")) returned 1 [0055.779] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0055.779] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0055.780] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0055.780] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="Lef9NVBNY3Gqm5dX.exe")) returned 1 [0055.781] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xb24, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0055.781] Process32Next (in: hSnapshot=0x15c, lppe=0x18fd30 | out: lppe=0x18fd30*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xb24, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 0 [0055.782] CreateDirectoryW (lpPathName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc"), lpSecurityAttributes=0x458dca) returned 0 [0055.782] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc", dwFileAttributes=0x6) returned 1 [0055.782] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", dwFileAttributes=0x80) returned 0 [0055.782] GetCurrentThreadId () returned 0xa30 [0055.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fc50 | out: lpSystemTimeAsFileTime=0x18fc50*(dwLowDateTime=0xa290eeb0, dwHighDateTime=0x1d6076c)) [0055.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fc50 | out: lpSystemTimeAsFileTime=0x18fc50*(dwLowDateTime=0xa290eeb0, dwHighDateTime=0x1d6076c)) [0055.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fc6c | out: lpSystemTimeAsFileTime=0x18fc6c*(dwLowDateTime=0xa290eeb0, dwHighDateTime=0x1d6076c)) [0055.788] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77710000 [0055.812] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77230000 [0056.329] GetCurrentThreadId () returned 0xa30 [0056.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fc20 | out: lpSystemTimeAsFileTime=0x18fc20*(dwLowDateTime=0xa2e43ed0, dwHighDateTime=0x1d6076c)) [0056.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fc20 | out: lpSystemTimeAsFileTime=0x18fc20*(dwLowDateTime=0xa2e43ed0, dwHighDateTime=0x1d6076c)) [0056.329] GetCurrentThreadId () returned 0xa30 [0056.329] CreateFileW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458de2, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0056.333] SetFilePointer (in: hFile=0x168, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0056.333] WriteFile (in: hFile=0x168, lpBuffer=0x47c0000*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x47c0000*, lpNumberOfBytesWritten=0x468d2f*=0x600, lpOverlapped=0x0) returned 1 [0056.334] WriteFile (in: hFile=0x168, lpBuffer=0x1e7a600*, nNumberOfBytesToWrite=0x77000, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e7a600*, lpNumberOfBytesWritten=0x468d2f*=0x77000, lpOverlapped=0x0) returned 1 [0056.359] WriteFile (in: hFile=0x168, lpBuffer=0x1e50e00*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e50e00*, lpNumberOfBytesWritten=0x468d2f*=0x200, lpOverlapped=0x0) returned 1 [0056.359] WriteFile (in: hFile=0x168, lpBuffer=0x1e50600*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e50600*, lpNumberOfBytesWritten=0x468d2f*=0x200, lpOverlapped=0x0) returned 1 [0056.359] CloseHandle (hObject=0x168) returned 1 [0056.410] GetCurrentThreadId () returned 0xa30 [0056.410] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", dwFileAttributes=0x7) returned 0 [0056.440] CreateProcessW (in: lpApplicationName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x46249e*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x46248e | out: lpCommandLine=0x0, lpProcessInformation=0x46248e*(hProcess=0x16c, hThread=0x168, dwProcessId=0xa80, dwThreadId=0xb9c)) returned 1 [0056.514] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x174) returned 0x0 [0056.514] RegSetValueExW (in: hKey=0x174, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0056.515] RegCloseKey (hKey=0x174) returned 0x0 [0056.515] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x47d0000 [0056.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", ulOptions=0x0, samDesired=0xf013f, phkResult=0x4633cc | out: phkResult=0x4633cc*=0x174) returned 0x0 [0056.516] RegQueryValueExW (in: hKey=0x174, lpValueName="Userinit", lpReserved=0x0, lpType=0x4633ec, lpData=0x47d0000, lpcbData=0x4633e8*=0x400 | out: lpType=0x4633ec*=0x1, lpData="C:\\Windows\\system32\\userinit.exe,", lpcbData=0x4633e8*=0x44) returned 0x0 [0056.516] RegSetValueExW (in: hKey=0x174, lpValueName="Userinit", Reserved=0x0, dwType=0x1, lpData="C:\\Windows\\system32\\userinit.exe,C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe,", cbData=0x8c | out: lpData="C:\\Windows\\system32\\userinit.exe,C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe,") returned 0x0 [0056.517] RegCloseKey (hKey=0x174) returned 0x0 [0056.517] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", ulOptions=0x0, samDesired=0xf023f, phkResult=0x4633cc | out: phkResult=0x4633cc*=0x174) returned 0x0 [0056.517] RegQueryValueExW (in: hKey=0x174, lpValueName="Userinit", lpReserved=0x0, lpType=0x4633ec, lpData=0x47d0000, lpcbData=0x4633e8*=0x400 | out: lpType=0x4633ec*=0x1, lpData="userinit.exe", lpcbData=0x4633e8*=0x1a) returned 0x0 [0056.517] RegSetValueExW (in: hKey=0x174, lpValueName="Userinit", Reserved=0x0, dwType=0x1, lpData="userinit.exe,C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe,", cbData=0x64 | out: lpData="userinit.exe,C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe,") returned 0x0 [0056.518] RegCloseKey (hKey=0x174) returned 0x0 [0056.518] VirtualFree (lpAddress=0x47a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0056.519] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0xffffffff [0056.519] CreateDirectoryW (lpPathName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi"), lpSecurityAttributes=0x458dca) returned 1 [0056.520] CreateDirectoryW (lpPathName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi"), lpSecurityAttributes=0x458a18) returned 0 [0056.520] SetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI", dwFileAttributes=0x6) returned 1 [0056.520] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0x16 [0056.520] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0xffffffff [0056.520] GetCurrentThreadId () returned 0xa30 [0056.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe90 | out: lpSystemTimeAsFileTime=0x18fe90*(dwLowDateTime=0xa30330b0, dwHighDateTime=0x1d6076c)) [0056.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe90 | out: lpSystemTimeAsFileTime=0x18fe90*(dwLowDateTime=0xa30330b0, dwHighDateTime=0x1d6076c)) [0056.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18feac | out: lpSystemTimeAsFileTime=0x18feac*(dwLowDateTime=0xa30330b0, dwHighDateTime=0x1d6076c)) [0056.693] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x759d0000 [0057.213] GetCurrentThreadId () returned 0xa30 [0057.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe60 | out: lpSystemTimeAsFileTime=0x18fe60*(dwLowDateTime=0xa36bed30, dwHighDateTime=0x1d6076c)) [0057.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe60 | out: lpSystemTimeAsFileTime=0x18fe60*(dwLowDateTime=0xa36bed30, dwHighDateTime=0x1d6076c)) [0057.213] GetCurrentThreadId () returned 0xa30 [0057.213] CreateFileW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458de2, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0057.214] SetFilePointer (in: hFile=0x174, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.214] WriteFile (in: hFile=0x174, lpBuffer=0x47c0000*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x47c0000*, lpNumberOfBytesWritten=0x468d2f*=0x600, lpOverlapped=0x0) returned 1 [0057.215] WriteFile (in: hFile=0x174, lpBuffer=0x1e7a600*, nNumberOfBytesToWrite=0x77c00, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e7a600*, lpNumberOfBytesWritten=0x468d2f*=0x77c00, lpOverlapped=0x0) returned 1 [0057.327] WriteFile (in: hFile=0x174, lpBuffer=0x1e50e00*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e50e00*, lpNumberOfBytesWritten=0x468d2f*=0x200, lpOverlapped=0x0) returned 1 [0057.328] WriteFile (in: hFile=0x174, lpBuffer=0x1e50600*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e50600*, lpNumberOfBytesWritten=0x468d2f*=0x200, lpOverlapped=0x0) returned 1 [0057.328] CloseHandle (hObject=0x174) returned 1 [0057.334] GetCurrentThreadId () returned 0xa30 [0057.334] SetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe", dwFileAttributes=0x6) returned 0 [0057.334] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0x20 [0057.335] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x668500 [0057.446] OpenServiceW (hSCManager=0x668500, lpServiceName="lMMYIkPL", dwDesiredAccess=0xf01ff) returned 0x0 [0057.447] CreateServiceW (in: hSCManager=0x668500, lpServiceName="lMMYIkPL", lpDisplayName="lMMYIkPL", dwDesiredAccess=0xf003f, dwServiceType=0x10, dwStartType=0x2, dwErrorControl=0x0, lpBinaryPathName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe", lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0 | out: lpdwTagId=0x0) returned 0x6684d8 [0057.552] OpenServiceW (hSCManager=0x668500, lpServiceName="lMMYIkPL", dwDesiredAccess=0xf01ff) returned 0x6685a0 [0057.553] QueryServiceStatus (in: hService=0x6685a0, lpServiceStatus=0x45d6d2 | out: lpServiceStatus=0x45d6d2*(dwServiceType=0x10, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0057.553] StartServiceW (hService=0x6685a0, dwNumServiceArgs=0x0, lpServiceArgVectors=0x0) Thread: id = 2 os_tid = 0xa98 Process: id = "2" image_name = "buccwoag.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag.exe" page_root = "0x2ec48000" os_pid = "0xa94" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xb24" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 3 os_tid = 0xa84 [0055.817] GetVersion () returned 0x1db10106 [0055.817] GetVersion () returned 0x1db10106 [0055.817] GetVersion () returned 0x1db10106 [0055.817] GetVersion () returned 0x1db10106 [0055.817] GetVersion () returned 0x1db10106 [0055.817] GetSystemDefaultLCID () returned 0x409 [0055.839] GetSystemDefaultLCID () returned 0x409 [0055.839] GetSystemDefaultLCID () returned 0x409 [0055.839] GetSystemDefaultLCID () returned 0x409 [0055.839] GetSystemDefaultLCID () returned 0x409 [0055.839] VirtualProtect (in: lpAddress=0x401400, dwSize=0x73fa5, flNewProtect=0x40, lpflOldProtect=0x18ff88 | out: lpflOldProtect=0x18ff88*=0x20) returned 1 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.844] GetSystemDefaultLCID () returned 0x409 [0055.862] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18ff80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18ff80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0055.922] GetVersionExA (in: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0055.937] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0055.937] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0055.937] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0055.937] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0055.938] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0055.938] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0055.938] GetProcAddress (hModule=0x76d30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76d6735f [0055.938] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0055.938] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0055.938] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0055.938] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0055.938] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalFree") returned 0x76d45558 [0055.938] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0055.939] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileA") returned 0x76d45444 [0055.939] GetProcAddress (hModule=0x76d30000, lpProcName="BeginUpdateResourceA") returned 0x76dd3f39 [0055.939] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0055.939] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineA") returned 0x76d451a1 [0055.939] GetProcAddress (hModule=0x76d30000, lpProcName="ResumeThread") returned 0x76d443ef [0055.939] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalLock") returned 0x76d5d0a7 [0055.939] GetProcAddress (hModule=0x76d30000, lpProcName="OpenThread") returned 0x76d51248 [0055.939] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0055.939] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalUnlock") returned 0x76d5cfdf [0055.939] GetProcAddress (hModule=0x76d30000, lpProcName="CreateMutexA") returned 0x76d44c6b [0055.940] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryA") returned 0x76d6d526 [0055.940] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0055.940] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableW") returned 0x76d41b48 [0055.940] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0055.940] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalAlloc") returned 0x76d4588e [0055.940] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0055.940] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0055.940] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0055.940] GetProcAddress (hModule=0x76d30000, lpProcName="ProcessIdToSessionId") returned 0x76d41275 [0055.940] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0055.941] GetProcAddress (hModule=0x76d30000, lpProcName="Process32Next") returned 0x76d688a4 [0055.942] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0055.942] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0055.942] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileA") returned 0x76d658e5 [0055.942] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0055.942] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0055.942] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0055.942] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x75650000 [0056.015] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupDelMembers") returned 0x75609322 [0056.017] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77130000 [0056.017] GetProcAddress (hModule=0x77130000, lpProcName="GetIconInfo") returned 0x771549ea [0056.018] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77710000 [0056.018] GetProcAddress (hModule=0x77710000, lpProcName="LogonUserW") returned 0x7771c1a9 [0056.018] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77230000 [0056.027] GetProcAddress (hModule=0x77230000, lpProcName="ioctlsocket") returned 0x77233084 [0056.028] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameA") returned 0x7773a4b4 [0056.028] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageA") returned 0x7715612e [0056.028] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0056.028] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0056.028] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0056.028] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x770a0000 [0056.029] GetProcAddress (hModule=0x770a0000, lpProcName="TextOutW") returned 0x770bd41c [0056.029] GetProcAddress (hModule=0x770a0000, lpProcName="SelectObject") returned 0x770b4f70 [0056.029] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0056.029] GetProcAddress (hModule=0x75650000, lpProcName="NetApiBufferFree") returned 0x756413d2 [0056.029] GetProcAddress (hModule=0x77710000, lpProcName="OpenServiceW") returned 0x7771ca4c [0056.029] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupAddMembers") returned 0x756092fe [0056.030] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsA") returned 0x76d4e4dc [0056.030] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0056.030] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0056.030] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0056.030] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0056.030] GetProcAddress (hModule=0x77710000, lpProcName="ConvertStringSidToSidA") returned 0x77730f23 [0056.031] GetProcAddress (hModule=0x77130000, lpProcName="FindWindowA") returned 0x7714ffe6 [0056.031] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0056.031] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0056.031] GetProcAddress (hModule=0x77710000, lpProcName="SetEntriesInAclW") returned 0x77722a66 [0056.031] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyState") returned 0x7715291f [0056.031] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0056.032] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x755e0000 [0056.099] GetProcAddress (hModule=0x755e0000, lpProcName="WNetCancelConnection2W") returned 0x755e8cd1 [0056.099] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableA") returned 0x76d433a0 [0056.099] LoadLibraryA (lpLibFileName="wtsapi32.dll") returned 0x75670000 [0056.102] GetProcAddress (hModule=0x75670000, lpProcName="WTSFreeMemory") returned 0x75671b65 [0056.102] GetProcAddress (hModule=0x75650000, lpProcName="NetUserSetInfo") returned 0x75605d16 [0056.103] GetProcAddress (hModule=0x77130000, lpProcName="TranslateMessage") returned 0x77147809 [0056.103] GetProcAddress (hModule=0x76d30000, lpProcName="EndUpdateResourceA") returned 0x76dd3d34 [0056.103] GetProcAddress (hModule=0x77710000, lpProcName="CheckTokenMembership") returned 0x7771df04 [0056.103] GetProcAddress (hModule=0x77130000, lpProcName="CreateWindowExA") returned 0x7714d22e [0056.103] GetProcAddress (hModule=0x77230000, lpProcName="closesocket") returned 0x77233918 [0056.103] GetProcAddress (hModule=0x77130000, lpProcName="EndPaint") returned 0x77151341 [0056.103] GetProcAddress (hModule=0x77710000, lpProcName="InitializeSecurityDescriptor") returned 0x77724620 [0056.104] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0056.104] GetProcAddress (hModule=0x770a0000, lpProcName="CreateCompatibleBitmap") returned 0x770b5f49 [0056.104] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountNameW") returned 0x7771e276 [0056.104] GetProcAddress (hModule=0x77130000, lpProcName="DrawTextW") returned 0x771525cf [0056.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameA") returned 0x76d414b1 [0056.104] GetProcAddress (hModule=0x77230000, lpProcName="send") returned 0x77236f01 [0056.104] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x76620000 [0056.108] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0056.108] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0056.109] GetProcAddress (hModule=0x77130000, lpProcName="DestroyIcon") returned 0x771549b2 [0056.109] GetProcAddress (hModule=0x76d30000, lpProcName="ReleaseMutex") returned 0x76d4111e [0056.109] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0056.109] GetProcAddress (hModule=0x76d30000, lpProcName="Process32First") returned 0x76d68ae7 [0056.109] GetProcAddress (hModule=0x77710000, lpProcName="SetSecurityDescriptorDacl") returned 0x7772415e [0056.109] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0056.109] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0056.110] GetProcAddress (hModule=0x770a0000, lpProcName="GetDIBits") returned 0x770b6001 [0056.110] GetProcAddress (hModule=0x77130000, lpProcName="CloseClipboard") returned 0x77158e8d [0056.110] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupDel") returned 0x75608d7c [0056.110] GetProcAddress (hModule=0x77230000, lpProcName="select") returned 0x77236989 [0056.110] GetProcAddress (hModule=0x77710000, lpProcName="CreateProcessWithLogonW") returned 0x777552e9 [0056.110] GetProcAddress (hModule=0x77230000, lpProcName="connect") returned 0x77236bdd [0056.111] GetProcAddress (hModule=0x77130000, lpProcName="GetDC") returned 0x771472c4 [0056.111] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorA") returned 0x7714dad5 [0056.111] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyboardState") returned 0x7716ec68 [0056.111] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76e40000 [0056.114] GetProcAddress (hModule=0x76e40000, lpProcName="OleLoadPicture") returned 0x76ea7c49 [0056.114] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExA") returned 0x77724907 [0056.114] GetProcAddress (hModule=0x770a0000, lpProcName="BitBlt") returned 0x770b5ea6 [0056.114] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatus") returned 0x77722a86 [0056.114] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0056.114] GetProcAddress (hModule=0x76d30000, lpProcName="RtlZeroMemory") returned 0x77ca3c10 [0056.114] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0056.115] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupGetMembers") returned 0x756021be [0056.115] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0056.115] GetProcAddress (hModule=0x770a0000, lpProcName="CreateSolidBrush") returned 0x770b4f17 [0056.115] GetProcAddress (hModule=0x77710000, lpProcName="ConvertSidToStringSidA") returned 0x7774192a [0056.115] GetProcAddress (hModule=0x77130000, lpProcName="BeginPaint") returned 0x77151361 [0056.115] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0056.116] GetProcAddress (hModule=0x77130000, lpProcName="InvalidateRect") returned 0x77151381 [0056.116] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameW") returned 0x7772157a [0056.116] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessA") returned 0x76d41072 [0056.116] GetProcAddress (hModule=0x770a0000, lpProcName="CreateCompatibleDC") returned 0x770b54f4 [0056.116] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteObject") returned 0x770b5689 [0056.116] GetProcAddress (hModule=0x77230000, lpProcName="socket") returned 0x77233eb8 [0056.116] GetProcAddress (hModule=0x77130000, lpProcName="EmptyClipboard") returned 0x771a7cb9 [0056.116] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x759d0000 [0056.123] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractAssociatedIconA") returned 0x75bd4efe [0056.123] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0056.123] GetProcAddress (hModule=0x77230000, lpProcName="listen") returned 0x7723b001 [0056.124] GetProcAddress (hModule=0x77130000, lpProcName="DrawIcon") returned 0x77158deb [0056.124] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupAdd") returned 0x75608c32 [0056.124] GetProcAddress (hModule=0x77230000, lpProcName="recv") returned 0x77236b0e [0056.124] GetProcAddress (hModule=0x77130000, lpProcName="GetForegroundWindow") returned 0x77152320 [0056.124] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteDC") returned 0x770b58b3 [0056.124] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0056.125] GetProcAddress (hModule=0x770a0000, lpProcName="CreateFontIndirectA") returned 0x770bcffd [0056.125] GetProcAddress (hModule=0x77130000, lpProcName="InSendMessage") returned 0x77153e46 [0056.125] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0056.125] GetProcAddress (hModule=0x77230000, lpProcName="shutdown") returned 0x7723449d [0056.125] GetProcAddress (hModule=0x770a0000, lpProcName="TextOutA") returned 0x770beda3 [0056.125] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0056.125] GetProcAddress (hModule=0x755e0000, lpProcName="WNetOpenEnumW") returned 0x755e2f06 [0056.126] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractIconExW") returned 0x75aef0bd [0056.126] GetProcAddress (hModule=0x77710000, lpProcName="LsaOpenPolicy") returned 0x7773077c [0056.126] GetProcAddress (hModule=0x77130000, lpProcName="SetClipboardData") returned 0x77188e57 [0056.126] GetProcAddress (hModule=0x77130000, lpProcName="PostQuitMessage") returned 0x77149abb [0056.126] GetProcAddress (hModule=0x77130000, lpProcName="LoadIconA") returned 0x7714dafb [0056.126] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesA") returned 0x76d5ecd3 [0056.126] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0056.127] GetProcAddress (hModule=0x770a0000, lpProcName="SetTextColor") returned 0x770b522d [0056.127] GetProcAddress (hModule=0x77710000, lpProcName="SetNamedSecurityInfoW") returned 0x77719fe2 [0056.127] GetProcAddress (hModule=0x77130000, lpProcName="SetTimer") returned 0x771479fb [0056.127] GetProcAddress (hModule=0x77230000, lpProcName="accept") returned 0x772368b6 [0056.127] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0056.127] GetProcAddress (hModule=0x76d30000, lpProcName="WinExec") returned 0x76dc2c21 [0056.127] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0056.128] GetProcAddress (hModule=0x77230000, lpProcName="getsockname") returned 0x772330af [0056.128] GetProcAddress (hModule=0x75650000, lpProcName="NetUserAdd") returned 0x75605648 [0056.137] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0056.137] GetProcAddress (hModule=0x76d30000, lpProcName="UpdateResourceA") returned 0x76dd363d [0056.137] GetProcAddress (hModule=0x77130000, lpProcName="UpdateWindow") returned 0x77153559 [0056.137] GetProcAddress (hModule=0x77130000, lpProcName="GetMessageA") returned 0x77147bd3 [0056.137] GetProcAddress (hModule=0x77130000, lpProcName="DrawTextA") returned 0x7715aea1 [0056.137] GetProcAddress (hModule=0x77130000, lpProcName="UnregisterClassA") returned 0x7714dced [0056.138] GetProcAddress (hModule=0x77710000, lpProcName="LsaAddAccountRights") returned 0x77758819 [0056.138] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractAssociatedIconW") returned 0x75bd4e1e [0056.138] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0056.138] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount") returned 0x76d4110c [0056.138] GetProcAddress (hModule=0x77230000, lpProcName="gethostbyname") returned 0x77247673 [0056.138] GetProcAddress (hModule=0x77230000, lpProcName="htons") returned 0x77232d8b [0056.138] GetProcAddress (hModule=0x77130000, lpProcName="OpenClipboard") returned 0x77158ecb [0056.139] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0056.139] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0056.139] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0056.139] GetProcAddress (hModule=0x75670000, lpProcName="WTSLogoffSession") returned 0x75673d77 [0056.139] GetProcAddress (hModule=0x77230000, lpProcName="bind") returned 0x77234582 [0056.139] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0056.140] GetProcAddress (hModule=0x76d30000, lpProcName="BeginUpdateResourceW") returned 0x76dd3d6c [0056.140] GetProcAddress (hModule=0x755e0000, lpProcName="WNetEnumResourceW") returned 0x755e3058 [0056.140] GetProcAddress (hModule=0x77130000, lpProcName="DispatchMessageA") returned 0x77147bbb [0056.140] GetProcAddress (hModule=0x77130000, lpProcName="FillRect") returned 0x77150eb6 [0056.140] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowPos") returned 0x77148e4e [0056.140] GetProcAddress (hModule=0x770a0000, lpProcName="CreateDIBSection") returned 0x770bac46 [0056.141] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0056.141] GetProcAddress (hModule=0x770a0000, lpProcName="GetObjectA") returned 0x770b85d4 [0056.141] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserGeoID") returned 0x76d6acf0 [0056.141] GetProcAddress (hModule=0x77130000, lpProcName="DestroyWindow") returned 0x77149a55 [0056.141] GetProcAddress (hModule=0x77230000, lpProcName="htonl") returned 0x77232d57 [0056.141] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClassExA") returned 0x7714db98 [0056.141] GetProcAddress (hModule=0x77130000, lpProcName="DefWindowProcA") returned 0x77c824e0 [0056.142] GetProcAddress (hModule=0x77230000, lpProcName="getpeername") returned 0x77237147 [0056.142] GetProcAddress (hModule=0x77130000, lpProcName="GetSystemMetrics") returned 0x77147d2f [0056.142] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0056.142] GetProcAddress (hModule=0x77710000, lpProcName="SetEntriesInAclA") returned 0x777615e9 [0056.142] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingA") returned 0x76d45506 [0056.142] GetProcAddress (hModule=0x77130000, lpProcName="ShowWindow") returned 0x77150dfb [0056.142] GetProcAddress (hModule=0x76d30000, lpProcName="SuspendThread") returned 0x76d67d7e [0056.143] GetProcAddress (hModule=0x77130000, lpProcName="FindWindowExA") returned 0x771500d9 [0056.143] GetProcAddress (hModule=0x77230000, lpProcName="WSAStartup") returned 0x77233ab2 [0056.143] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0056.143] GetProcAddress (hModule=0x770a0000, lpProcName="SetBkColor") returned 0x770b52d8 [0056.143] GetProcAddress (hModule=0x75670000, lpProcName="WTSEnumerateSessionsA") returned 0x75674023 [0056.143] GetProcAddress (hModule=0x755e0000, lpProcName="WNetAddConnection2W") returned 0x755e4744 [0056.193] GetProcAddress (hModule=0x77130000, lpProcName="SetClassLongA") returned 0x7715d5f9 [0056.193] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x220000 [0056.194] VirtualAlloc (lpAddress=0x0, dwSize=0x73b6e, flAllocationType=0x1000, flProtect=0x40) returned 0x230000 [0056.210] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x671730 [0056.210] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x671730, dwRevision=0x1 | out: pSecurityDescriptor=0x671730) returned 1 [0056.210] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x671730, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x671730) returned 1 [0056.210] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x1cf0000 [0056.277] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x2b0000 [0056.277] VirtualAlloc (lpAddress=0x0, dwSize=0x2300000, flAllocationType=0x3000, flProtect=0x40) returned 0x1df0000 [0056.278] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x40f0000 [0056.286] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x41f0000 [0056.293] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x300000 [0056.293] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x300000, nSize=0x200 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24 [0056.297] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e16, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e0a | out: pSid=0x458e0a*=0x673ac0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0056.297] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e28, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e1c | out: pSid=0x458e1c*=0x673ad8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0056.297] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x310000 [0056.313] SetEntriesInAclA () returned 0x0 [0056.371] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x676210 [0056.371] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x676210, dwRevision=0x1 | out: pSecurityDescriptor=0x676210) returned 1 [0056.371] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x676210, bDaclPresent=1, pDacl=0x6769f0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x676210) returned 1 [0056.371] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x320000 [0056.371] SetEntriesInAclA () returned 0x0 [0056.372] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x676fa0 [0056.372] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x676fa0, dwRevision=0x1 | out: pSecurityDescriptor=0x676fa0) returned 1 [0056.372] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x676fa0, bDaclPresent=1, pDacl=0x676f60, bDaclDefaulted=0 | out: pSecurityDescriptor=0x676fa0) returned 1 [0056.372] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x330000 [0056.372] SetEntriesInAclA () returned 0x0 [0056.372] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x676fc0 [0056.372] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x676fc0, dwRevision=0x1 | out: pSecurityDescriptor=0x676fc0) returned 1 [0056.372] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x676fc0, bDaclPresent=1, pDacl=0x676fe8, bDaclDefaulted=0 | out: pSecurityDescriptor=0x676fc0) returned 1 [0056.372] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x403110 | out: lpWSAData=0x403110) returned 0 [0056.387] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="uwkkwwAk") returned 0xf4 [0056.387] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="DakkIgow") returned 0xf8 [0056.387] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x340000 [0056.404] VirtualAlloc (lpAddress=0x0, dwSize=0x402, flAllocationType=0x3000, flProtect=0x40) returned 0x350000 [0056.405] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x360000 [0056.405] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x370000 [0056.405] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x610000 [0056.405] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x620000 [0056.406] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x630000 [0056.406] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x640000 [0056.406] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x360000, nSize=0x1000 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0056.406] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x370000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0056.456] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou"), lpSecurityAttributes=0x458dca) returned 0 [0056.457] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU", dwFileAttributes=0x6) returned 1 [0056.460] GetCurrentThreadId () returned 0xa84 [0056.460] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa2f9ab30, dwHighDateTime=0x1d6076c)) [0056.461] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa2f9ab30, dwHighDateTime=0x1d6076c)) [0056.461] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0056.479] GetCurrentThreadId () returned 0xa84 [0056.479] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou")) returned 0x16 [0056.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0056.479] CreateFileMappingA (hFile=0xfc, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x100 [0056.479] MapViewOfFile (hFileMappingObject=0x100, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x650000 [0056.479] ReleaseMutex (hMutex=0xf4) returned 1 [0056.480] CreateDirectoryW (lpPathName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc"), lpSecurityAttributes=0x458dca) returned 0 [0056.480] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc", dwFileAttributes=0x6) returned 1 [0056.480] GetCurrentThreadId () returned 0xa84 [0056.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa2fc0c90, dwHighDateTime=0x1d6076c)) [0056.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa2fc0c90, dwHighDateTime=0x1d6076c)) [0056.480] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0056.480] GetCurrentThreadId () returned 0xa84 [0056.480] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc")) returned 0x16 [0056.480] CreateFileW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0056.480] CreateFileMappingA (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x108 [0056.480] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x45c0000 [0056.480] ReleaseMutex (hMutex=0xf4) returned 1 [0056.484] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x45d0000 [0056.501] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x45e0000 [0056.502] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x45f0000 [0056.502] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x4600000 [0056.550] GetUserNameA (in: lpBuffer=0x45f001a, pcbBuffer=0x45db86 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45db86) returned 1 [0056.557] GetUserNameA (in: lpBuffer=0x460001a, pcbBuffer=0x45db86 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45db86) returned 1 [0056.558] Sleep (dwMilliseconds=0xc4) [0056.816] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4610000 [0056.837] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4620000 [0056.837] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x4620000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0056.837] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4630000 [0056.837] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x463000d, nSize=0x1000 | out: lpBuffer="") returned 0xe [0056.837] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x4610000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0056.837] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4640000 [0056.840] LookupAccountNameW (in: lpSystemName=0x0, lpAccountName="gjpll9uxb4hpl9ud", Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed | out: Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed) returned 0 [0056.990] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4790000 [0057.005] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0057.005] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x4790000, nSize=0x1000 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag.exe")) returned 0x33 [0057.006] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0057.006] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x4790000, nSize=0x1000 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag.exe")) returned 0x33 [0057.006] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x154) returned 0x0 [0057.006] RegSetValueExW (in: hKey=0x154, lpValueName="BUccwoAg.exe", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe", cbData=0x66 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe") returned 0x0 [0057.006] RegCloseKey (hKey=0x154) returned 0x0 [0057.006] VirtualFree (lpAddress=0x4790000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0057.009] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe\"" [0057.012] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4790000 [0057.029] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4890000 [0057.080] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4990000 [0057.086] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="è0@") returned 0x154 [0057.086] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="ð0@") returned 0x158 [0057.086] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="ø0@") returned 0x15c [0057.087] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="") returned 0x160 [0057.087] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="\x081@") returned 0x164 [0057.087] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x460360, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0xb30) returned 0x168 [0057.247] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x45e72a, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0xb2c) returned 0x16c [0057.248] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x453eac, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x3a4) returned 0x170 [0057.249] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0xa2c) returned 0x174 [0057.249] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40bba7, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x618) returned 0x178 [0057.250] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x410a5d, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0xa00) returned 0x17c [0057.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.263] Sleep (dwMilliseconds=0x12c) [0060.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa3c66170, dwHighDateTime=0x1d6076c)) [0060.022] Sleep (dwMilliseconds=0x12c) [0065.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa4102c10, dwHighDateTime=0x1d6076c)) [0065.136] Sleep (dwMilliseconds=0x12c) [0065.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa4611ad0, dwHighDateTime=0x1d6076c)) [0065.666] Sleep (dwMilliseconds=0x12c) [0069.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa49317b0, dwHighDateTime=0x1d6076c)) [0069.901] Sleep (dwMilliseconds=0x12c) [0070.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa4c775f0, dwHighDateTime=0x1d6076c)) [0070.520] Sleep (dwMilliseconds=0x12c) [0071.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa4f972d0, dwHighDateTime=0x1d6076c)) [0071.636] Sleep (dwMilliseconds=0x12c) [0072.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa5290e50, dwHighDateTime=0x1d6076c)) [0072.134] Sleep (dwMilliseconds=0x12c) [0072.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa558a9d0, dwHighDateTime=0x1d6076c)) [0072.446] Sleep (dwMilliseconds=0x12c) [0072.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa5884550, dwHighDateTime=0x1d6076c)) [0072.761] Sleep (dwMilliseconds=0x12c) [0073.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa5b7e0d0, dwHighDateTime=0x1d6076c)) [0073.070] Sleep (dwMilliseconds=0x12c) [0073.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa5e77c50, dwHighDateTime=0x1d6076c)) [0073.382] Sleep (dwMilliseconds=0x12c) [0073.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa61717d0, dwHighDateTime=0x1d6076c)) [0073.694] Sleep (dwMilliseconds=0x12c) [0074.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa646b350, dwHighDateTime=0x1d6076c)) [0074.021] Sleep (dwMilliseconds=0x12c) [0074.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa6764ed0, dwHighDateTime=0x1d6076c)) [0074.333] Sleep (dwMilliseconds=0x12c) [0074.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa6a5ea50, dwHighDateTime=0x1d6076c)) [0074.646] Sleep (dwMilliseconds=0x12c) [0074.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa6d585d0, dwHighDateTime=0x1d6076c)) [0074.969] Sleep (dwMilliseconds=0x12c) [0075.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa7052150, dwHighDateTime=0x1d6076c)) [0075.269] Sleep (dwMilliseconds=0x12c) [0075.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa734bcd0, dwHighDateTime=0x1d6076c)) [0075.581] Sleep (dwMilliseconds=0x12c) [0075.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa7645850, dwHighDateTime=0x1d6076c)) [0075.893] Sleep (dwMilliseconds=0x12c) [0076.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa7965530, dwHighDateTime=0x1d6076c)) [0076.229] Sleep (dwMilliseconds=0x12c) [0077.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa7c85210, dwHighDateTime=0x1d6076c)) [0077.020] Sleep (dwMilliseconds=0x12c) [0077.347] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa7fa4ef0, dwHighDateTime=0x1d6076c)) [0077.347] Sleep (dwMilliseconds=0x12c) [0077.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa8467af0, dwHighDateTime=0x1d6076c)) [0077.875] Sleep (dwMilliseconds=0x12c) [0078.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa886c010, dwHighDateTime=0x1d6076c)) [0078.312] Sleep (dwMilliseconds=0x12c) [0078.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa8bd7fb0, dwHighDateTime=0x1d6076c)) [0078.705] Sleep (dwMilliseconds=0x12c) [0079.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa8ef7c90, dwHighDateTime=0x1d6076c)) [0079.034] Sleep (dwMilliseconds=0x12c) [0079.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa949f0d0, dwHighDateTime=0x1d6076c)) [0079.723] Sleep (dwMilliseconds=0x12c) [0080.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa9b2ad50, dwHighDateTime=0x1d6076c)) [0080.402] Sleep (dwMilliseconds=0x12c) Thread: id = 5 os_tid = 0xba0 Thread: id = 6 os_tid = 0xb30 [0057.223] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0057.235] ReleaseMutex (hMutex=0x158) returned 1 [0057.235] GetCurrentThreadId () returned 0xb30 [0057.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xa36e4e90, dwHighDateTime=0x1d6076c)) [0057.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xa36e4e90, dwHighDateTime=0x1d6076c)) [0057.235] GetCurrentThreadId () returned 0xb30 [0057.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xa36e4e90, dwHighDateTime=0x1d6076c)) [0057.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xa36e4e90, dwHighDateTime=0x1d6076c)) [0057.235] GetCurrentThreadId () returned 0xb30 [0057.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa36e4e90, dwHighDateTime=0x1d6076c)) [0057.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa36e4e90, dwHighDateTime=0x1d6076c)) [0057.235] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0057.235] GetCurrentThreadId () returned 0xb30 [0057.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xa36e4e90, dwHighDateTime=0x1d6076c)) [0057.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xa36e4e90, dwHighDateTime=0x1d6076c)) [0057.235] GetTickCount () returned 0x1147a4f [0057.235] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0057.235] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4bd0000 [0057.236] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4be0000 [0057.238] VirtualFree (lpAddress=0x4be0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0057.238] VirtualFree (lpAddress=0x4bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0057.238] ReleaseMutex (hMutex=0x154) returned 1 [0057.238] GetCurrentThreadId () returned 0xb30 [0057.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfed4 | out: lpSystemTimeAsFileTime=0x4bcfed4*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.238] GetCurrentThreadId () returned 0xb30 [0057.238] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0057.238] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4bd0000 [0057.239] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4be0000 [0057.240] VirtualFree (lpAddress=0x4be0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0057.241] VirtualFree (lpAddress=0x4bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0057.241] ReleaseMutex (hMutex=0x154) returned 1 [0057.241] ReleaseMutex (hMutex=0xf4) returned 1 [0057.241] GetCurrentThreadId () returned 0xb30 [0057.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.241] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0057.241] GetCurrentThreadId () returned 0xb30 [0057.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.241] GetTickCount () returned 0x1147a5e [0057.241] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0057.241] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4bd0000 [0057.242] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4be0000 [0057.243] VirtualFree (lpAddress=0x4be0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0057.244] VirtualFree (lpAddress=0x4bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0057.244] ReleaseMutex (hMutex=0x154) returned 1 [0057.244] GetCurrentThreadId () returned 0xb30 [0057.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfed4 | out: lpSystemTimeAsFileTime=0x4bcfed4*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.244] GetCurrentThreadId () returned 0xb30 [0057.244] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0057.244] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4bd0000 [0057.245] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4be0000 [0057.246] VirtualFree (lpAddress=0x4be0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0057.246] VirtualFree (lpAddress=0x4bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0057.247] ReleaseMutex (hMutex=0x154) returned 1 [0057.247] ReleaseMutex (hMutex=0xf4) returned 1 [0057.247] GetCurrentThreadId () returned 0xb30 [0057.247] GetCurrentThreadId () returned 0xb30 [0057.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xa370aff0, dwHighDateTime=0x1d6076c)) [0057.247] Sleep (dwMilliseconds=0xe11) [0072.854] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0072.854] ReleaseMutex (hMutex=0x158) returned 1 [0072.854] GetCurrentThreadId () returned 0xb30 [0072.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xa5968d90, dwHighDateTime=0x1d6076c)) [0072.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xa5968d90, dwHighDateTime=0x1d6076c)) [0072.856] GetCurrentThreadId () returned 0xb30 [0072.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xa5968d90, dwHighDateTime=0x1d6076c)) [0072.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xa5968d90, dwHighDateTime=0x1d6076c)) [0072.857] GetCurrentThreadId () returned 0xb30 [0072.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa5968d90, dwHighDateTime=0x1d6076c)) [0072.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa5968d90, dwHighDateTime=0x1d6076c)) [0072.857] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0072.870] GetCurrentThreadId () returned 0xb30 [0072.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xa598eef0, dwHighDateTime=0x1d6076c)) [0072.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xa598eef0, dwHighDateTime=0x1d6076c)) [0072.870] GetTickCount () returned 0x1148881 [0072.878] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0072.891] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0072.892] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0072.894] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0072.894] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0072.894] ReleaseMutex (hMutex=0x154) returned 1 [0072.894] GetCurrentThreadId () returned 0xb30 [0072.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa59b5050, dwHighDateTime=0x1d6076c)) [0072.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa59b5050, dwHighDateTime=0x1d6076c)) [0072.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xa59b5050, dwHighDateTime=0x1d6076c)) [0072.895] GetCurrentThreadId () returned 0xb30 [0072.895] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0072.895] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0072.895] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0072.897] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0072.897] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0072.897] ReleaseMutex (hMutex=0x154) returned 1 [0072.897] ReleaseMutex (hMutex=0xf4) returned 1 [0072.897] GetCurrentThreadId () returned 0xb30 [0072.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa59b5050, dwHighDateTime=0x1d6076c)) [0072.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa59b5050, dwHighDateTime=0x1d6076c)) [0072.897] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0072.897] GetCurrentThreadId () returned 0xb30 [0072.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xa59b5050, dwHighDateTime=0x1d6076c)) [0072.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xa59b5050, dwHighDateTime=0x1d6076c)) [0072.898] GetTickCount () returned 0x1148891 [0072.898] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0072.898] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0072.898] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0072.900] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0072.901] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0072.901] ReleaseMutex (hMutex=0x154) returned 1 [0072.901] GetCurrentThreadId () returned 0xb30 [0072.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa59db1b0, dwHighDateTime=0x1d6076c)) [0072.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa59db1b0, dwHighDateTime=0x1d6076c)) [0072.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xa59db1b0, dwHighDateTime=0x1d6076c)) [0072.901] GetCurrentThreadId () returned 0xb30 [0072.901] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0072.901] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0072.902] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0072.903] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0072.904] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0072.904] ReleaseMutex (hMutex=0x154) returned 1 [0072.904] ReleaseMutex (hMutex=0xf4) returned 1 [0072.904] GetCurrentThreadId () returned 0xb30 [0072.904] GetCurrentThreadId () returned 0xb30 [0072.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xa59db1b0, dwHighDateTime=0x1d6076c)) [0072.904] Sleep (dwMilliseconds=0xe06) [0077.019] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0077.035] ReleaseMutex (hMutex=0x158) returned 1 [0077.035] GetCurrentThreadId () returned 0xb30 [0077.035] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.036] GetCurrentThreadId () returned 0xb30 [0077.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.036] GetCurrentThreadId () returned 0xb30 [0077.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.036] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0077.036] GetCurrentThreadId () returned 0xb30 [0077.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.036] GetTickCount () returned 0x11496e3 [0077.036] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0077.036] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52b0000 [0077.037] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0077.038] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.039] VirtualFree (lpAddress=0x52b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.039] ReleaseMutex (hMutex=0x154) returned 1 [0077.039] GetCurrentThreadId () returned 0xb30 [0077.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.039] GetCurrentThreadId () returned 0xb30 [0077.039] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0077.039] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52b0000 [0077.040] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0077.041] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.042] VirtualFree (lpAddress=0x52b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.042] ReleaseMutex (hMutex=0x154) returned 1 [0077.042] ReleaseMutex (hMutex=0xf4) returned 1 [0077.042] GetCurrentThreadId () returned 0xb30 [0077.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.042] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0077.042] GetCurrentThreadId () returned 0xb30 [0077.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.042] GetTickCount () returned 0x11496e3 [0077.042] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0077.042] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52b0000 [0077.043] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0077.044] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.045] VirtualFree (lpAddress=0x52b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.045] ReleaseMutex (hMutex=0x154) returned 1 [0077.045] GetCurrentThreadId () returned 0xb30 [0077.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xa7cab370, dwHighDateTime=0x1d6076c)) [0077.045] GetCurrentThreadId () returned 0xb30 [0077.045] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0077.045] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52b0000 [0077.046] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0077.048] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.049] VirtualFree (lpAddress=0x52b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.049] ReleaseMutex (hMutex=0x154) returned 1 [0077.049] ReleaseMutex (hMutex=0xf4) returned 1 [0077.049] GetCurrentThreadId () returned 0xb30 [0077.050] GetCurrentThreadId () returned 0xb30 [0077.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xa7cd14d0, dwHighDateTime=0x1d6076c)) [0077.050] Sleep (dwMilliseconds=0xd75) Thread: id = 7 os_tid = 0xb2c [0057.339] GetCurrentProcessId () returned 0xa94 [0057.339] ProcessIdToSessionId (in: dwProcessId=0xa94, pSessionId=0x45e6fe | out: pSessionId=0x45e6fe) returned 1 [0057.342] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="HYMEMkcU1") returned 0x180 [0057.342] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="LcQMUQsg1") returned 0x184 [0057.342] GetCurrentThreadId () returned 0xb2c [0057.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xa37ef830, dwHighDateTime=0x1d6076c)) [0057.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xa37ef830, dwHighDateTime=0x1d6076c)) [0057.342] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0x3e8) returned 0x0 [0057.358] GetCurrentThreadId () returned 0xb2c [0057.358] Sleep (dwMilliseconds=0x5ad) [0065.811] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0065.812] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0065.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xa4768730, dwHighDateTime=0x1d6076c)) [0065.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xa4768730, dwHighDateTime=0x1d6076c)) [0065.814] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0x16 [0065.828] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0x20 [0065.828] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x679750 [0065.833] OpenServiceW (hSCManager=0x679750, lpServiceName="lMMYIkPL", dwDesiredAccess=0xf01ff) returned 0x6796b0 [0065.834] QueryServiceStatus (in: hService=0x6796b0, lpServiceStatus=0x45d6d2 | out: lpServiceStatus=0x45d6d2*(dwServiceType=0x10, dwCurrentState=0x2, dwControlsAccepted=0x0, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x7d0)) returned 1 [0065.834] StartServiceW (hService=0x6796b0, dwNumServiceArgs=0x0, lpServiceArgVectors=0x0) Thread: id = 8 os_tid = 0x3a4 [0057.361] GetCurrentThreadId () returned 0x3a4 [0057.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff34 | out: lpSystemTimeAsFileTime=0x4e4ff34*(dwLowDateTime=0xa383baf0, dwHighDateTime=0x1d6076c)) [0057.386] GetCurrentThreadId () returned 0x3a4 [0057.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff64 | out: lpSystemTimeAsFileTime=0x4e4ff64*(dwLowDateTime=0xa3861c50, dwHighDateTime=0x1d6076c)) [0057.389] Sleep (dwMilliseconds=0x146d) [0075.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff78 | out: lpSystemTimeAsFileTime=0x4e4ff78*(dwLowDateTime=0xa6df0b50, dwHighDateTime=0x1d6076c)) [0075.023] GetCurrentThreadId () returned 0x3a4 [0075.023] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0075.038] ReleaseMutex (hMutex=0x158) returned 1 [0075.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff50 | out: lpSystemTimeAsFileTime=0x4e4ff50*(dwLowDateTime=0xa6e16cb0, dwHighDateTime=0x1d6076c)) [0075.038] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0x32) returned 0x0 [0075.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff50 | out: lpSystemTimeAsFileTime=0x4e4ff50*(dwLowDateTime=0xa6e16cb0, dwHighDateTime=0x1d6076c)) [0075.038] GetCurrentThreadId () returned 0x3a4 [0075.042] CreateFileW (lpFileName="C:\\ProgramData\\vgYI.txt" (normalized: "c:\\programdata\\vgyi.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.059] CreateFileW (lpFileName="C:\\ProgramData\\vgYI.txt" (normalized: "c:\\programdata\\vgyi.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0075.722] WriteFile (in: hFile=0x230, lpBuffer=0x457fdc*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x4e4ff54, lpOverlapped=0x0 | out: lpBuffer=0x457fdc*, lpNumberOfBytesWritten=0x4e4ff54*=0x2, lpOverlapped=0x0) returned 1 [0075.724] WriteFile (in: hFile=0x230, lpBuffer=0x457fde*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x4e4ff54, lpOverlapped=0x0 | out: lpBuffer=0x457fde*, lpNumberOfBytesWritten=0x4e4ff54*=0x1c, lpOverlapped=0x0) returned 1 [0075.724] SetFilePointer (in: hFile=0x230, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1e [0075.724] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0075.725] GetCurrentThreadId () returned 0x3a4 [0075.725] VirtualAlloc (lpAddress=0x0, dwSize=0x1e00000, flAllocationType=0x3000, flProtect=0x40) returned 0x55d0000 [0075.726] GetCurrentThreadId () returned 0x3a4 [0075.726] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0075.727] GetCurrentThreadId () returned 0x3a4 [0075.727] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x5240000 [0075.728] GetCurrentThreadId () returned 0x3a4 [0075.728] GetCurrentThreadId () returned 0x3a4 [0075.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff3c | out: lpSystemTimeAsFileTime=0x4e4ff3c*(dwLowDateTime=0xa74a2930, dwHighDateTime=0x1d6076c)) [0075.728] VirtualAlloc (lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0075.729] GetCurrentThreadId () returned 0x3a4 [0075.729] GetLogicalDriveStringsW (in: nBufferLength=0x800, lpBuffer=0x5210000 | out: lpBuffer="C:\\") returned 0x4 [0075.732] GetCurrentThreadId () returned 0x3a4 [0075.733] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xa74a2930, dwHighDateTime=0x1d6076c)) [0075.733] GetCurrentThreadId () returned 0x3a4 [0075.733] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xa74a2930, dwHighDateTime=0x1d6076c)) [0075.733] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x67b5b0 [0075.749] GetCurrentThreadId () returned 0x3a4 [0075.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.749] GetCurrentThreadId () returned 0x3a4 [0075.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.749] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x685160 [0075.749] GetCurrentThreadId () returned 0x3a4 [0075.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.749] FindNextFileW (in: hFindFile=0x685160, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.749] GetCurrentThreadId () returned 0x3a4 [0075.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.750] FindNextFileW (in: hFindFile=0x685160, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0075.750] GetCurrentThreadId () returned 0x3a4 [0075.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.750] GetCurrentThreadId () returned 0x3a4 [0075.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.750] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6851a0 [0075.751] GetCurrentThreadId () returned 0x3a4 [0075.751] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.751] FindNextFileW (in: hFindFile=0x6851a0, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.751] GetCurrentThreadId () returned 0x3a4 [0075.751] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.751] FindNextFileW (in: hFindFile=0x6851a0, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.751] GetCurrentThreadId () returned 0x3a4 [0075.751] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.751] FindNextFileW (in: hFindFile=0x6851a0, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0075.751] GetCurrentThreadId () returned 0x3a4 [0075.751] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.751] FindNextFileW (in: hFindFile=0x685160, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0075.751] GetCurrentThreadId () returned 0x3a4 [0075.751] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.751] FindNextFileW (in: hFindFile=0x67b5b0, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0075.752] GetCurrentThreadId () returned 0x3a4 [0075.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.752] GetCurrentThreadId () returned 0x3a4 [0075.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.752] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6851e0 [0075.752] GetCurrentThreadId () returned 0x3a4 [0075.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.752] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.752] GetCurrentThreadId () returned 0x3a4 [0075.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.752] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0075.752] GetCurrentThreadId () returned 0x3a4 [0075.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74c8a90, dwHighDateTime=0x1d6076c)) [0075.753] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0075.753] GetCurrentThreadId () returned 0x3a4 [0075.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.753] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0075.753] GetCurrentThreadId () returned 0x3a4 [0075.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.753] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0075.753] GetCurrentThreadId () returned 0x3a4 [0075.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.753] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0075.754] GetCurrentThreadId () returned 0x3a4 [0075.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.754] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0075.754] GetCurrentThreadId () returned 0x3a4 [0075.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.754] GetCurrentThreadId () returned 0x3a4 [0075.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.754] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x689e28 [0075.756] GetCurrentThreadId () returned 0x3a4 [0075.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.756] FindNextFileW (in: hFindFile=0x689e28, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.756] GetCurrentThreadId () returned 0x3a4 [0075.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.756] FindNextFileW (in: hFindFile=0x689e28, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.756] GetCurrentThreadId () returned 0x3a4 [0075.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.756] FindNextFileW (in: hFindFile=0x689e28, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.756] GetCurrentThreadId () returned 0x3a4 [0075.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.756] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0075.756] GetCurrentThreadId () returned 0x3a4 [0075.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.756] GetCurrentThreadId () returned 0x3a4 [0075.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.756] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68ae70 [0075.757] GetCurrentThreadId () returned 0x3a4 [0075.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.757] FindNextFileW (in: hFindFile=0x68ae70, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.757] GetCurrentThreadId () returned 0x3a4 [0075.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.757] FindNextFileW (in: hFindFile=0x68ae70, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.757] GetCurrentThreadId () returned 0x3a4 [0075.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.758] FindNextFileW (in: hFindFile=0x68ae70, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.758] GetCurrentThreadId () returned 0x3a4 [0075.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.758] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0075.758] GetCurrentThreadId () returned 0x3a4 [0075.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.758] GetCurrentThreadId () returned 0x3a4 [0075.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.758] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68beb8 [0075.759] GetCurrentThreadId () returned 0x3a4 [0075.759] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.759] FindNextFileW (in: hFindFile=0x68beb8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.760] GetCurrentThreadId () returned 0x3a4 [0075.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.760] FindNextFileW (in: hFindFile=0x68beb8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.760] GetCurrentThreadId () returned 0x3a4 [0075.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.760] FindNextFileW (in: hFindFile=0x68beb8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.760] GetCurrentThreadId () returned 0x3a4 [0075.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.760] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0075.760] GetCurrentThreadId () returned 0x3a4 [0075.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.760] GetCurrentThreadId () returned 0x3a4 [0075.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.760] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68cf18 [0075.761] GetCurrentThreadId () returned 0x3a4 [0075.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.761] FindNextFileW (in: hFindFile=0x68cf18, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.761] GetCurrentThreadId () returned 0x3a4 [0075.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.762] FindNextFileW (in: hFindFile=0x68cf18, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.762] GetCurrentThreadId () returned 0x3a4 [0075.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.762] FindNextFileW (in: hFindFile=0x68cf18, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.762] GetCurrentThreadId () returned 0x3a4 [0075.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.762] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0075.762] GetCurrentThreadId () returned 0x3a4 [0075.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.762] GetCurrentThreadId () returned 0x3a4 [0075.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.762] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68cf58 [0075.763] GetCurrentThreadId () returned 0x3a4 [0075.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.763] FindNextFileW (in: hFindFile=0x68cf58, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.763] GetCurrentThreadId () returned 0x3a4 [0075.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.763] FindNextFileW (in: hFindFile=0x68cf58, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.763] GetCurrentThreadId () returned 0x3a4 [0075.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.763] FindNextFileW (in: hFindFile=0x68cf58, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0075.764] GetCurrentThreadId () returned 0x3a4 [0075.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.764] FindNextFileW (in: hFindFile=0x68cf58, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0075.764] GetCurrentThreadId () returned 0x3a4 [0075.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.764] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0075.764] GetCurrentThreadId () returned 0x3a4 [0075.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.764] GetCurrentThreadId () returned 0x3a4 [0075.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.764] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68cf98 [0075.766] GetCurrentThreadId () returned 0x3a4 [0075.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.766] FindNextFileW (in: hFindFile=0x68cf98, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.766] GetCurrentThreadId () returned 0x3a4 [0075.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.766] FindNextFileW (in: hFindFile=0x68cf98, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.766] GetCurrentThreadId () returned 0x3a4 [0075.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.766] FindNextFileW (in: hFindFile=0x68cf98, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.766] GetCurrentThreadId () returned 0x3a4 [0075.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.766] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0075.766] GetCurrentThreadId () returned 0x3a4 [0075.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.766] GetCurrentThreadId () returned 0x3a4 [0075.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.766] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68cfd8 [0075.767] GetCurrentThreadId () returned 0x3a4 [0075.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.767] FindNextFileW (in: hFindFile=0x68cfd8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.767] GetCurrentThreadId () returned 0x3a4 [0075.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.767] FindNextFileW (in: hFindFile=0x68cfd8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.767] GetCurrentThreadId () returned 0x3a4 [0075.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.767] FindNextFileW (in: hFindFile=0x68cfd8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.768] GetCurrentThreadId () returned 0x3a4 [0075.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.768] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0075.768] GetCurrentThreadId () returned 0x3a4 [0075.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.768] GetCurrentThreadId () returned 0x3a4 [0075.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa74eebf0, dwHighDateTime=0x1d6076c)) [0075.768] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d018 [0075.772] GetCurrentThreadId () returned 0x3a4 [0075.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.772] FindNextFileW (in: hFindFile=0x68d018, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.772] GetCurrentThreadId () returned 0x3a4 [0075.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.772] FindNextFileW (in: hFindFile=0x68d018, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0075.772] GetCurrentThreadId () returned 0x3a4 [0075.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.772] FindNextFileW (in: hFindFile=0x68d018, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0075.772] GetCurrentThreadId () returned 0x3a4 [0075.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.772] FindNextFileW (in: hFindFile=0x68d018, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0075.772] GetCurrentThreadId () returned 0x3a4 [0075.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.772] FindNextFileW (in: hFindFile=0x68d018, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0075.772] GetCurrentThreadId () returned 0x3a4 [0075.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.772] FindNextFileW (in: hFindFile=0x68d018, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0075.772] GetCurrentThreadId () returned 0x3a4 [0075.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.772] FindNextFileW (in: hFindFile=0x68d018, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0075.773] GetCurrentThreadId () returned 0x3a4 [0075.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.773] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0075.773] GetCurrentThreadId () returned 0x3a4 [0075.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.773] GetCurrentThreadId () returned 0x3a4 [0075.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.773] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d058 [0075.774] GetCurrentThreadId () returned 0x3a4 [0075.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.774] FindNextFileW (in: hFindFile=0x68d058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.775] GetCurrentThreadId () returned 0x3a4 [0075.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.775] FindNextFileW (in: hFindFile=0x68d058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.775] GetCurrentThreadId () returned 0x3a4 [0075.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.775] FindNextFileW (in: hFindFile=0x68d058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.775] GetCurrentThreadId () returned 0x3a4 [0075.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.775] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0075.775] GetCurrentThreadId () returned 0x3a4 [0075.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.775] GetCurrentThreadId () returned 0x3a4 [0075.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.775] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d098 [0075.776] GetCurrentThreadId () returned 0x3a4 [0075.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.776] FindNextFileW (in: hFindFile=0x68d098, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.776] GetCurrentThreadId () returned 0x3a4 [0075.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.776] FindNextFileW (in: hFindFile=0x68d098, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.776] GetCurrentThreadId () returned 0x3a4 [0075.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.776] FindNextFileW (in: hFindFile=0x68d098, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.776] GetCurrentThreadId () returned 0x3a4 [0075.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.776] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0075.776] GetCurrentThreadId () returned 0x3a4 [0075.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.777] GetCurrentThreadId () returned 0x3a4 [0075.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.777] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d0d8 [0075.778] GetCurrentThreadId () returned 0x3a4 [0075.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.779] FindNextFileW (in: hFindFile=0x68d0d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.779] GetCurrentThreadId () returned 0x3a4 [0075.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.779] FindNextFileW (in: hFindFile=0x68d0d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.779] GetCurrentThreadId () returned 0x3a4 [0075.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.779] FindNextFileW (in: hFindFile=0x68d0d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.779] GetCurrentThreadId () returned 0x3a4 [0075.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.779] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0075.779] GetCurrentThreadId () returned 0x3a4 [0075.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.779] GetCurrentThreadId () returned 0x3a4 [0075.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.779] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d118 [0075.780] GetCurrentThreadId () returned 0x3a4 [0075.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.780] FindNextFileW (in: hFindFile=0x68d118, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.780] GetCurrentThreadId () returned 0x3a4 [0075.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.780] FindNextFileW (in: hFindFile=0x68d118, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.780] GetCurrentThreadId () returned 0x3a4 [0075.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.780] FindNextFileW (in: hFindFile=0x68d118, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.780] GetCurrentThreadId () returned 0x3a4 [0075.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.780] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0075.780] GetCurrentThreadId () returned 0x3a4 [0075.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.781] GetCurrentThreadId () returned 0x3a4 [0075.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.781] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d158 [0075.782] GetCurrentThreadId () returned 0x3a4 [0075.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.782] FindNextFileW (in: hFindFile=0x68d158, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.782] GetCurrentThreadId () returned 0x3a4 [0075.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.782] FindNextFileW (in: hFindFile=0x68d158, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.782] GetCurrentThreadId () returned 0x3a4 [0075.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.782] FindNextFileW (in: hFindFile=0x68d158, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.782] GetCurrentThreadId () returned 0x3a4 [0075.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.782] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0075.783] GetCurrentThreadId () returned 0x3a4 [0075.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f73c | out: lpSystemTimeAsFileTime=0x4e4f73c*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.786] GetFileAttributesW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe")) returned 0x20 [0075.806] SetFileAttributesW (lpFileName="C:\\Boot\\memtest.exe", dwFileAttributes=0x80) returned 0 [0075.807] CreateFileW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x278 [0075.807] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x76980 [0076.223] ReadFile (in: hFile=0x278, lpBuffer=0x55d0000, nNumberOfBytesToRead=0x76980, lpNumberOfBytesRead=0x4e4f714, lpOverlapped=0x0 | out: lpBuffer=0x55d0000*, lpNumberOfBytesRead=0x4e4f714*=0x76980, lpOverlapped=0x0) returned 1 [0076.237] GetCurrentThreadId () returned 0x3a4 [0076.237] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f69c | out: lpSystemTimeAsFileTime=0x4e4f69c*(dwLowDateTime=0xa798b690, dwHighDateTime=0x1d6076c)) [0076.237] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f69c | out: lpSystemTimeAsFileTime=0x4e4f69c*(dwLowDateTime=0xa798b690, dwHighDateTime=0x1d6076c)) [0076.240] GetCurrentThreadId () returned 0x3a4 [0076.243] ExtractIconExW (in: lpszFile="C:\\Boot\\memtest.exe", nIconIndex=0, phiconLarge=0x4e4f704, phiconSmall=0x4e4f700, nIcons=0x1 | out: phiconLarge=0x4e4f704, phiconSmall=0x4e4f700) returned 0x0 [0076.770] CloseHandle (hObject=0x278) returned 1 [0076.770] SetFileAttributesW (lpFileName="C:\\Boot\\memtest.exe", dwFileAttributes=0x20) returned 0 [0076.770] CloseHandle (hObject=0x4e4fa3c) returned 0 [0076.770] GetCurrentThreadId () returned 0x3a4 [0076.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f714 | out: lpSystemTimeAsFileTime=0x4e4f714*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.770] GetCurrentThreadId () returned 0x3a4 [0076.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.770] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0076.771] GetCurrentThreadId () returned 0x3a4 [0076.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.771] GetCurrentThreadId () returned 0x3a4 [0076.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.771] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d198 [0076.771] GetCurrentThreadId () returned 0x3a4 [0076.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.771] FindNextFileW (in: hFindFile=0x68d198, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.773] GetCurrentThreadId () returned 0x3a4 [0076.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.773] FindNextFileW (in: hFindFile=0x68d198, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.773] GetCurrentThreadId () returned 0x3a4 [0076.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.773] FindNextFileW (in: hFindFile=0x68d198, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.773] GetCurrentThreadId () returned 0x3a4 [0076.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.773] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0076.773] GetCurrentThreadId () returned 0x3a4 [0076.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.773] GetCurrentThreadId () returned 0x3a4 [0076.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.773] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d1d8 [0076.774] GetCurrentThreadId () returned 0x3a4 [0076.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.774] FindNextFileW (in: hFindFile=0x68d1d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.774] GetCurrentThreadId () returned 0x3a4 [0076.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.774] FindNextFileW (in: hFindFile=0x68d1d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.774] GetCurrentThreadId () returned 0x3a4 [0076.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.775] FindNextFileW (in: hFindFile=0x68d1d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.775] GetCurrentThreadId () returned 0x3a4 [0076.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.775] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0076.775] GetCurrentThreadId () returned 0x3a4 [0076.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.775] GetCurrentThreadId () returned 0x3a4 [0076.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.775] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d218 [0076.775] GetCurrentThreadId () returned 0x3a4 [0076.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.775] FindNextFileW (in: hFindFile=0x68d218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.775] GetCurrentThreadId () returned 0x3a4 [0076.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.775] FindNextFileW (in: hFindFile=0x68d218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.775] GetCurrentThreadId () returned 0x3a4 [0076.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.775] FindNextFileW (in: hFindFile=0x68d218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.775] GetCurrentThreadId () returned 0x3a4 [0076.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.776] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0076.776] GetCurrentThreadId () returned 0x3a4 [0076.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.776] GetCurrentThreadId () returned 0x3a4 [0076.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.776] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d258 [0076.777] GetCurrentThreadId () returned 0x3a4 [0076.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.777] FindNextFileW (in: hFindFile=0x68d258, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.777] GetCurrentThreadId () returned 0x3a4 [0076.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.777] FindNextFileW (in: hFindFile=0x68d258, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.777] GetCurrentThreadId () returned 0x3a4 [0076.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.777] FindNextFileW (in: hFindFile=0x68d258, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.777] GetCurrentThreadId () returned 0x3a4 [0076.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.777] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0076.777] GetCurrentThreadId () returned 0x3a4 [0076.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.777] GetCurrentThreadId () returned 0x3a4 [0076.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.777] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d298 [0076.777] GetCurrentThreadId () returned 0x3a4 [0076.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.777] FindNextFileW (in: hFindFile=0x68d298, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.778] GetCurrentThreadId () returned 0x3a4 [0076.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.778] FindNextFileW (in: hFindFile=0x68d298, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.778] GetCurrentThreadId () returned 0x3a4 [0076.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.778] FindNextFileW (in: hFindFile=0x68d298, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.778] GetCurrentThreadId () returned 0x3a4 [0076.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.778] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0076.778] GetCurrentThreadId () returned 0x3a4 [0076.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.778] GetCurrentThreadId () returned 0x3a4 [0076.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.778] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d2d8 [0076.779] GetCurrentThreadId () returned 0x3a4 [0076.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.779] FindNextFileW (in: hFindFile=0x68d2d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.779] GetCurrentThreadId () returned 0x3a4 [0076.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.779] FindNextFileW (in: hFindFile=0x68d2d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.779] GetCurrentThreadId () returned 0x3a4 [0076.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.779] FindNextFileW (in: hFindFile=0x68d2d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.779] GetCurrentThreadId () returned 0x3a4 [0076.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.779] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0076.779] GetCurrentThreadId () returned 0x3a4 [0076.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.779] GetCurrentThreadId () returned 0x3a4 [0076.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.779] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d318 [0076.780] GetCurrentThreadId () returned 0x3a4 [0076.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.780] FindNextFileW (in: hFindFile=0x68d318, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.780] GetCurrentThreadId () returned 0x3a4 [0076.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.780] FindNextFileW (in: hFindFile=0x68d318, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.780] GetCurrentThreadId () returned 0x3a4 [0076.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.780] FindNextFileW (in: hFindFile=0x68d318, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.780] GetCurrentThreadId () returned 0x3a4 [0076.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.780] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0076.780] GetCurrentThreadId () returned 0x3a4 [0076.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.780] GetCurrentThreadId () returned 0x3a4 [0076.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.780] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d358 [0076.781] GetCurrentThreadId () returned 0x3a4 [0076.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.781] FindNextFileW (in: hFindFile=0x68d358, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.781] GetCurrentThreadId () returned 0x3a4 [0076.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.781] FindNextFileW (in: hFindFile=0x68d358, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.781] GetCurrentThreadId () returned 0x3a4 [0076.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.781] FindNextFileW (in: hFindFile=0x68d358, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.781] GetCurrentThreadId () returned 0x3a4 [0076.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.781] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0076.781] GetCurrentThreadId () returned 0x3a4 [0076.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.782] GetCurrentThreadId () returned 0x3a4 [0076.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.782] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d398 [0076.782] GetCurrentThreadId () returned 0x3a4 [0076.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.782] FindNextFileW (in: hFindFile=0x68d398, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.782] GetCurrentThreadId () returned 0x3a4 [0076.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a23c10, dwHighDateTime=0x1d6076c)) [0076.782] FindNextFileW (in: hFindFile=0x68d398, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.782] GetCurrentThreadId () returned 0x3a4 [0076.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.782] FindNextFileW (in: hFindFile=0x68d398, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.782] GetCurrentThreadId () returned 0x3a4 [0076.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.782] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0076.782] GetCurrentThreadId () returned 0x3a4 [0076.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.783] GetCurrentThreadId () returned 0x3a4 [0076.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.783] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d3d8 [0076.783] GetCurrentThreadId () returned 0x3a4 [0076.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.784] FindNextFileW (in: hFindFile=0x68d3d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.784] GetCurrentThreadId () returned 0x3a4 [0076.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.784] FindNextFileW (in: hFindFile=0x68d3d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.784] GetCurrentThreadId () returned 0x3a4 [0076.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.784] FindNextFileW (in: hFindFile=0x68d3d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.784] GetCurrentThreadId () returned 0x3a4 [0076.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.784] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0076.784] GetCurrentThreadId () returned 0x3a4 [0076.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.784] GetCurrentThreadId () returned 0x3a4 [0076.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.784] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d418 [0076.784] GetCurrentThreadId () returned 0x3a4 [0076.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.784] FindNextFileW (in: hFindFile=0x68d418, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.784] GetCurrentThreadId () returned 0x3a4 [0076.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.784] FindNextFileW (in: hFindFile=0x68d418, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0076.785] GetCurrentThreadId () returned 0x3a4 [0076.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.785] FindNextFileW (in: hFindFile=0x68d418, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0076.785] GetCurrentThreadId () returned 0x3a4 [0076.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.785] FindNextFileW (in: hFindFile=0x6851e0, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0076.785] GetCurrentThreadId () returned 0x3a4 [0076.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.785] FindNextFileW (in: hFindFile=0x67b5b0, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0076.785] GetCurrentThreadId () returned 0x3a4 [0076.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.785] FindNextFileW (in: hFindFile=0x67b5b0, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0076.785] GetCurrentThreadId () returned 0x3a4 [0076.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.785] FindNextFileW (in: hFindFile=0x67b5b0, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0076.785] GetCurrentThreadId () returned 0x3a4 [0076.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.785] GetCurrentThreadId () returned 0x3a4 [0076.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.785] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d458 [0076.786] GetCurrentThreadId () returned 0x3a4 [0076.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.786] FindNextFileW (in: hFindFile=0x68d458, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.786] GetCurrentThreadId () returned 0x3a4 [0076.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.786] FindNextFileW (in: hFindFile=0x68d458, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0076.786] GetCurrentThreadId () returned 0x3a4 [0076.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.786] FindNextFileW (in: hFindFile=0x67b5b0, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0076.786] GetCurrentThreadId () returned 0x3a4 [0076.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.786] GetCurrentThreadId () returned 0x3a4 [0076.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.786] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0076.787] GetCurrentThreadId () returned 0x3a4 [0076.787] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.787] FindNextFileW (in: hFindFile=0x67b5b0, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0076.787] GetCurrentThreadId () returned 0x3a4 [0076.787] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.787] FindNextFileW (in: hFindFile=0x67b5b0, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0076.787] GetCurrentThreadId () returned 0x3a4 [0076.787] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.787] GetCurrentThreadId () returned 0x3a4 [0076.787] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.787] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d498 [0076.787] GetCurrentThreadId () returned 0x3a4 [0076.787] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.788] FindNextFileW (in: hFindFile=0x68d498, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.788] GetCurrentThreadId () returned 0x3a4 [0076.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.788] FindNextFileW (in: hFindFile=0x68d498, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0076.788] GetCurrentThreadId () returned 0x3a4 [0076.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.788] GetCurrentThreadId () returned 0x3a4 [0076.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7a49d70, dwHighDateTime=0x1d6076c)) [0076.788] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d4d8 [0076.854] GetCurrentThreadId () returned 0x3a4 [0076.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.854] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.855] GetCurrentThreadId () returned 0x3a4 [0076.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.855] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0016-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~3")) returned 1 [0076.855] GetCurrentThreadId () returned 0x3a4 [0076.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.855] GetCurrentThreadId () returned 0x3a4 [0076.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.855] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d518 [0076.856] GetCurrentThreadId () returned 0x3a4 [0076.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.856] FindNextFileW (in: hFindFile=0x68d518, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.856] GetCurrentThreadId () returned 0x3a4 [0076.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.856] FindNextFileW (in: hFindFile=0x68d518, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1 [0076.856] GetCurrentThreadId () returned 0x3a4 [0076.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.856] FindNextFileW (in: hFindFile=0x68d518, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xece1ee80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.msi", cAlternateFileName="")) returned 1 [0076.856] GetCurrentThreadId () returned 0x3a4 [0076.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.856] FindNextFileW (in: hFindFile=0x68d518, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.xml", cAlternateFileName="")) returned 1 [0076.857] GetCurrentThreadId () returned 0x3a4 [0076.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.857] FindNextFileW (in: hFindFile=0x68d518, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.857] GetCurrentThreadId () returned 0x3a4 [0076.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.857] FindNextFileW (in: hFindFile=0x68d518, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0076.857] GetCurrentThreadId () returned 0x3a4 [0076.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.857] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0018-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~2")) returned 1 [0076.857] GetCurrentThreadId () returned 0x3a4 [0076.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.857] GetCurrentThreadId () returned 0x3a4 [0076.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.857] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d558 [0076.860] GetCurrentThreadId () returned 0x3a4 [0076.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.860] FindNextFileW (in: hFindFile=0x68d558, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.860] GetCurrentThreadId () returned 0x3a4 [0076.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.860] FindNextFileW (in: hFindFile=0x68d558, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0076.860] GetCurrentThreadId () returned 0x3a4 [0076.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.860] FindNextFileW (in: hFindFile=0x68d558, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0076.860] GetCurrentThreadId () returned 0x3a4 [0076.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.860] FindNextFileW (in: hFindFile=0x68d558, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0x0, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0076.860] GetCurrentThreadId () returned 0x3a4 [0076.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7ae22f0, dwHighDateTime=0x1d6076c)) [0076.860] FindNextFileW (in: hFindFile=0x68d558, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.860] GetCurrentThreadId () returned 0x3a4 [0076.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.860] FindNextFileW (in: hFindFile=0x68d558, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0076.860] GetCurrentThreadId () returned 0x3a4 [0076.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.860] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0019-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9877A~1")) returned 1 [0076.860] GetCurrentThreadId () returned 0x3a4 [0076.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.861] GetCurrentThreadId () returned 0x3a4 [0076.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.861] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d598 [0076.863] GetCurrentThreadId () returned 0x3a4 [0076.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.863] FindNextFileW (in: hFindFile=0x68d598, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.864] GetCurrentThreadId () returned 0x3a4 [0076.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.864] FindNextFileW (in: hFindFile=0x68d598, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0076.864] GetCurrentThreadId () returned 0x3a4 [0076.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.864] FindNextFileW (in: hFindFile=0x68d598, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.xml", cAlternateFileName="PUBLIS~1.XML")) returned 1 [0076.864] GetCurrentThreadId () returned 0x3a4 [0076.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.864] FindNextFileW (in: hFindFile=0x68d598, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PubLR.cab", cAlternateFileName="")) returned 1 [0076.864] GetCurrentThreadId () returned 0x3a4 [0076.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.864] FindNextFileW (in: hFindFile=0x68d598, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.864] GetCurrentThreadId () returned 0x3a4 [0076.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.864] FindNextFileW (in: hFindFile=0x68d598, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0076.864] GetCurrentThreadId () returned 0x3a4 [0076.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.864] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001A-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9765F~1")) returned 1 [0076.864] GetCurrentThreadId () returned 0x3a4 [0076.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.864] GetCurrentThreadId () returned 0x3a4 [0076.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.864] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d5d8 [0076.867] GetCurrentThreadId () returned 0x3a4 [0076.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.867] FindNextFileW (in: hFindFile=0x68d5d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.867] GetCurrentThreadId () returned 0x3a4 [0076.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.867] FindNextFileW (in: hFindFile=0x68d5d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0076.867] GetCurrentThreadId () returned 0x3a4 [0076.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.867] FindNextFileW (in: hFindFile=0x68d5d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.msi", cAlternateFileName="OUTLOO~1.MSI")) returned 1 [0076.867] GetCurrentThreadId () returned 0x3a4 [0076.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.867] FindNextFileW (in: hFindFile=0x68d5d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.xml", cAlternateFileName="OUTLOO~1.XML")) returned 1 [0076.867] GetCurrentThreadId () returned 0x3a4 [0076.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.867] FindNextFileW (in: hFindFile=0x68d5d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.867] GetCurrentThreadId () returned 0x3a4 [0076.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.868] FindNextFileW (in: hFindFile=0x68d5d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0076.868] GetCurrentThreadId () returned 0x3a4 [0076.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.868] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001B-0409-1000-0000000FF1CE}-C", cAlternateFileName="{94E50~1")) returned 1 [0076.868] GetCurrentThreadId () returned 0x3a4 [0076.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.868] GetCurrentThreadId () returned 0x3a4 [0076.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.868] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d618 [0076.869] GetCurrentThreadId () returned 0x3a4 [0076.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.869] FindNextFileW (in: hFindFile=0x68d618, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.869] GetCurrentThreadId () returned 0x3a4 [0076.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.869] FindNextFileW (in: hFindFile=0x68d618, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.869] GetCurrentThreadId () returned 0x3a4 [0076.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.869] FindNextFileW (in: hFindFile=0x68d618, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordLR.cab", cAlternateFileName="")) returned 1 [0076.869] GetCurrentThreadId () returned 0x3a4 [0076.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.869] FindNextFileW (in: hFindFile=0x68d618, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x267e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.msi", cAlternateFileName="")) returned 1 [0076.869] GetCurrentThreadId () returned 0x3a4 [0076.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.869] FindNextFileW (in: hFindFile=0x68d618, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 1 [0076.869] GetCurrentThreadId () returned 0x3a4 [0076.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.869] FindNextFileW (in: hFindFile=0x68d618, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 0 [0076.869] GetCurrentThreadId () returned 0x3a4 [0076.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.869] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-002C-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92787~1")) returned 1 [0076.870] GetCurrentThreadId () returned 0x3a4 [0076.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.870] GetCurrentThreadId () returned 0x3a4 [0076.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.870] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d658 [0076.872] GetCurrentThreadId () returned 0x3a4 [0076.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.872] FindNextFileW (in: hFindFile=0x68d658, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.872] GetCurrentThreadId () returned 0x3a4 [0076.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.872] FindNextFileW (in: hFindFile=0x68d658, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.en", cAlternateFileName="")) returned 1 [0076.872] GetCurrentThreadId () returned 0x3a4 [0076.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.873] GetCurrentThreadId () returned 0x3a4 [0076.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.873] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d698 [0076.873] GetCurrentThreadId () returned 0x3a4 [0076.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.873] FindNextFileW (in: hFindFile=0x68d698, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.873] GetCurrentThreadId () returned 0x3a4 [0076.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.873] FindNextFileW (in: hFindFile=0x68d698, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf07b1ad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xaf35ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0076.873] GetCurrentThreadId () returned 0x3a4 [0076.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.873] FindNextFileW (in: hFindFile=0x68d698, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4db6cb00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x4db6cb00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf020c5d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0076.873] GetCurrentThreadId () returned 0x3a4 [0076.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.873] FindNextFileW (in: hFindFile=0x68d698, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0076.873] GetCurrentThreadId () returned 0x3a4 [0076.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.873] FindNextFileW (in: hFindFile=0x68d698, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0076.873] GetCurrentThreadId () returned 0x3a4 [0076.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.874] FindNextFileW (in: hFindFile=0x68d658, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.es", cAlternateFileName="")) returned 1 [0076.874] GetCurrentThreadId () returned 0x3a4 [0076.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.874] GetCurrentThreadId () returned 0x3a4 [0076.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b08450, dwHighDateTime=0x1d6076c)) [0076.874] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d6d8 [0076.878] GetCurrentThreadId () returned 0x3a4 [0076.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.878] FindNextFileW (in: hFindFile=0x68d6d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.878] GetCurrentThreadId () returned 0x3a4 [0076.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.878] FindNextFileW (in: hFindFile=0x68d6d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd02aea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0076.878] GetCurrentThreadId () returned 0x3a4 [0076.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.878] FindNextFileW (in: hFindFile=0x68d6d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e5c7f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0076.878] GetCurrentThreadId () returned 0x3a4 [0076.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.878] FindNextFileW (in: hFindFile=0x68d6d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0076.878] GetCurrentThreadId () returned 0x3a4 [0076.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.878] FindNextFileW (in: hFindFile=0x68d6d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0076.878] GetCurrentThreadId () returned 0x3a4 [0076.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.878] FindNextFileW (in: hFindFile=0x68d658, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.fr", cAlternateFileName="")) returned 1 [0076.878] GetCurrentThreadId () returned 0x3a4 [0076.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.878] GetCurrentThreadId () returned 0x3a4 [0076.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.878] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d718 [0076.879] GetCurrentThreadId () returned 0x3a4 [0076.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.879] FindNextFileW (in: hFindFile=0x68d718, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.879] GetCurrentThreadId () returned 0x3a4 [0076.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.879] FindNextFileW (in: hFindFile=0x68d718, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf3076b00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1416b54, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0076.879] GetCurrentThreadId () returned 0x3a4 [0076.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.879] FindNextFileW (in: hFindFile=0x68d718, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2e3b660, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd8400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0076.879] GetCurrentThreadId () returned 0x3a4 [0076.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.879] FindNextFileW (in: hFindFile=0x68d718, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0076.879] GetCurrentThreadId () returned 0x3a4 [0076.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.879] FindNextFileW (in: hFindFile=0x68d718, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0076.879] GetCurrentThreadId () returned 0x3a4 [0076.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.879] FindNextFileW (in: hFindFile=0x68d658, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40650500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x40650500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf0126df0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proofing.msi", cAlternateFileName="")) returned 1 [0076.879] GetCurrentThreadId () returned 0x3a4 [0076.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.879] FindNextFileW (in: hFindFile=0x68d658, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x32b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proofing.xml", cAlternateFileName="")) returned 1 [0076.879] GetCurrentThreadId () returned 0x3a4 [0076.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.879] FindNextFileW (in: hFindFile=0x68d658, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.880] GetCurrentThreadId () returned 0x3a4 [0076.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.880] FindNextFileW (in: hFindFile=0x68d658, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0076.880] GetCurrentThreadId () returned 0x3a4 [0076.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.880] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0043-0409-1000-0000000FF1CE}-C", cAlternateFileName="{95310~1")) returned 1 [0076.880] GetCurrentThreadId () returned 0x3a4 [0076.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.880] GetCurrentThreadId () returned 0x3a4 [0076.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.880] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d758 [0076.883] GetCurrentThreadId () returned 0x3a4 [0076.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.883] FindNextFileW (in: hFindFile=0x68d758, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.883] GetCurrentThreadId () returned 0x3a4 [0076.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.883] FindNextFileW (in: hFindFile=0x68d758, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0076.883] GetCurrentThreadId () returned 0x3a4 [0076.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.883] FindNextFileW (in: hFindFile=0x68d758, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x567, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0076.883] GetCurrentThreadId () returned 0x3a4 [0076.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.883] FindNextFileW (in: hFindFile=0x68d758, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc301560, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2cb13b, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32LR.cab", cAlternateFileName="")) returned 1 [0076.883] GetCurrentThreadId () returned 0x3a4 [0076.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.883] FindNextFileW (in: hFindFile=0x68d758, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.883] GetCurrentThreadId () returned 0x3a4 [0076.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.883] FindNextFileW (in: hFindFile=0x68d758, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0076.883] GetCurrentThreadId () returned 0x3a4 [0076.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.883] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0044-0409-1000-0000000FF1CE}-C", cAlternateFileName="{91454~1")) returned 1 [0076.883] GetCurrentThreadId () returned 0x3a4 [0076.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.883] GetCurrentThreadId () returned 0x3a4 [0076.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.884] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d798 [0076.885] GetCurrentThreadId () returned 0x3a4 [0076.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.885] FindNextFileW (in: hFindFile=0x68d798, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.885] GetCurrentThreadId () returned 0x3a4 [0076.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.885] FindNextFileW (in: hFindFile=0x68d798, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf79111d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1200204, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfLR.cab", cAlternateFileName="")) returned 1 [0076.885] GetCurrentThreadId () returned 0x3a4 [0076.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.886] FindNextFileW (in: hFindFile=0x68d798, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e58f90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2fac00, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.msi", cAlternateFileName="INFOPA~1.MSI")) returned 1 [0076.886] GetCurrentThreadId () returned 0x3a4 [0076.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.886] FindNextFileW (in: hFindFile=0x68d798, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e345a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x4cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.xml", cAlternateFileName="INFOPA~1.XML")) returned 1 [0076.886] GetCurrentThreadId () returned 0x3a4 [0076.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.886] FindNextFileW (in: hFindFile=0x68d798, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.886] GetCurrentThreadId () returned 0x3a4 [0076.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.886] FindNextFileW (in: hFindFile=0x68d798, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0076.886] GetCurrentThreadId () returned 0x3a4 [0076.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.886] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0054-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9EA85~1")) returned 1 [0076.886] GetCurrentThreadId () returned 0x3a4 [0076.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.886] GetCurrentThreadId () returned 0x3a4 [0076.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.886] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d7d8 [0076.887] GetCurrentThreadId () returned 0x3a4 [0076.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.887] FindNextFileW (in: hFindFile=0x68d7d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.887] GetCurrentThreadId () returned 0x3a4 [0076.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.887] FindNextFileW (in: hFindFile=0x68d7d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1861, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.887] GetCurrentThreadId () returned 0x3a4 [0076.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.887] FindNextFileW (in: hFindFile=0x68d7d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7fb9f9e0, ftCreationTime.dwHighDateTime=0x1cbe575, ftLastAccessTime.dwLowDateTime=0x7fb9f9e0, ftLastAccessTime.dwHighDateTime=0x1cbe575, ftLastWriteTime.dwLowDateTime=0x437179c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x30780dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioLR.cab", cAlternateFileName="")) returned 1 [0076.887] GetCurrentThreadId () returned 0x3a4 [0076.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.887] FindNextFileW (in: hFindFile=0x68d7d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x272b1e70, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x272b1e70, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x435c1d00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2ab000, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.msi", cAlternateFileName="")) returned 1 [0076.887] GetCurrentThreadId () returned 0x3a4 [0076.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.887] FindNextFileW (in: hFindFile=0x68d7d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 1 [0076.887] GetCurrentThreadId () returned 0x3a4 [0076.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.887] FindNextFileW (in: hFindFile=0x68d7d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 0 [0076.887] GetCurrentThreadId () returned 0x3a4 [0076.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.887] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00A1-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92572~1")) returned 1 [0076.887] GetCurrentThreadId () returned 0x3a4 [0076.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.888] GetCurrentThreadId () returned 0x3a4 [0076.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.888] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d818 [0076.890] GetCurrentThreadId () returned 0x3a4 [0076.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.890] FindNextFileW (in: hFindFile=0x68d818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.890] GetCurrentThreadId () returned 0x3a4 [0076.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.890] FindNextFileW (in: hFindFile=0x68d818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5914a30, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.msi", cAlternateFileName="ONENOT~1.MSI")) returned 1 [0076.890] GetCurrentThreadId () returned 0x3a4 [0076.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.890] FindNextFileW (in: hFindFile=0x68d818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58ed930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x646, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.xml", cAlternateFileName="ONENOT~1.XML")) returned 1 [0076.890] GetCurrentThreadId () returned 0x3a4 [0076.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.891] FindNextFileW (in: hFindFile=0x68d818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x36db9d00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x36db9d00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5e95540, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10a5df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnoteLR.cab", cAlternateFileName="")) returned 1 [0076.891] GetCurrentThreadId () returned 0x3a4 [0076.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.891] FindNextFileW (in: hFindFile=0x68d818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.891] GetCurrentThreadId () returned 0x3a4 [0076.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.891] FindNextFileW (in: hFindFile=0x68d818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0076.891] GetCurrentThreadId () returned 0x3a4 [0076.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.891] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00B4-0409-1000-0000000FF1CE}-C", cAlternateFileName="{912E0~1")) returned 1 [0076.891] GetCurrentThreadId () returned 0x3a4 [0076.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.891] GetCurrentThreadId () returned 0x3a4 [0076.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.891] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d858 [0076.894] GetCurrentThreadId () returned 0x3a4 [0076.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.894] FindNextFileW (in: hFindFile=0x68d858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.894] GetCurrentThreadId () returned 0x3a4 [0076.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.894] FindNextFileW (in: hFindFile=0x68d858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x308ae9f0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x308ae9f0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b55ce0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x265400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.msi", cAlternateFileName="PROJEC~1.MSI")) returned 1 [0076.894] GetCurrentThreadId () returned 0x3a4 [0076.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.895] FindNextFileW (in: hFindFile=0x68d858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30a2b7b0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30a2b7b0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b2ebe0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.xml", cAlternateFileName="PROJEC~1.XML")) returned 1 [0076.895] GetCurrentThreadId () returned 0x3a4 [0076.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.895] FindNextFileW (in: hFindFile=0x68d858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30306de0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30306de0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b7cde0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x7e1dcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjLR.cab", cAlternateFileName="")) returned 1 [0076.895] GetCurrentThreadId () returned 0x3a4 [0076.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.895] FindNextFileW (in: hFindFile=0x68d858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.895] GetCurrentThreadId () returned 0x3a4 [0076.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.895] FindNextFileW (in: hFindFile=0x68d858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0076.895] GetCurrentThreadId () returned 0x3a4 [0076.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.895] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00BA-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~4")) returned 1 [0076.895] GetCurrentThreadId () returned 0x3a4 [0076.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.895] GetCurrentThreadId () returned 0x3a4 [0076.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.895] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d898 [0076.898] GetCurrentThreadId () returned 0x3a4 [0076.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.898] FindNextFileW (in: hFindFile=0x68d898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.898] GetCurrentThreadId () returned 0x3a4 [0076.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.898] FindNextFileW (in: hFindFile=0x68d898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee4bb7b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveLR.cab", cAlternateFileName="")) returned 1 [0076.898] GetCurrentThreadId () returned 0x3a4 [0076.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.898] FindNextFileW (in: hFindFile=0x68d898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee3b15e0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x264400, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.msi", cAlternateFileName="GROOVE~1.MSI")) returned 1 [0076.898] GetCurrentThreadId () returned 0x3a4 [0076.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.898] FindNextFileW (in: hFindFile=0x68d898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x391, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.xml", cAlternateFileName="GROOVE~1.XML")) returned 1 [0076.898] GetCurrentThreadId () returned 0x3a4 [0076.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.898] FindNextFileW (in: hFindFile=0x68d898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0076.898] GetCurrentThreadId () returned 0x3a4 [0076.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.898] FindNextFileW (in: hFindFile=0x68d898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0076.898] GetCurrentThreadId () returned 0x3a4 [0076.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.898] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0115-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~1")) returned 1 [0076.898] GetCurrentThreadId () returned 0x3a4 [0076.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.899] GetCurrentThreadId () returned 0x3a4 [0076.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.899] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d8d8 [0076.901] GetCurrentThreadId () returned 0x3a4 [0076.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.901] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.901] GetCurrentThreadId () returned 0x3a4 [0076.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.901] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0076.901] GetCurrentThreadId () returned 0x3a4 [0076.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.901] GetCurrentThreadId () returned 0x3a4 [0076.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.901] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d918 [0076.902] GetCurrentThreadId () returned 0x3a4 [0076.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.902] FindNextFileW (in: hFindFile=0x68d918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.902] GetCurrentThreadId () returned 0x3a4 [0076.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.902] FindNextFileW (in: hFindFile=0x68d918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 1 [0076.903] GetCurrentThreadId () returned 0x3a4 [0076.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.903] FindNextFileW (in: hFindFile=0x68d918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 0 [0076.903] GetCurrentThreadId () returned 0x3a4 [0076.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.903] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0076.903] GetCurrentThreadId () returned 0x3a4 [0076.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.903] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa26c9d00, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xa26c9d00, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85142d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xccb88, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0076.903] GetCurrentThreadId () returned 0x3a4 [0076.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa7b54710, dwHighDateTime=0x1d6076c)) [0076.903] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe")) returned 0x2020 [0076.904] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE", dwFileAttributes=0x80) returned 1 [0076.904] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0076.904] GetFileSize (in: hFile=0x308, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xccb88 [0076.909] ReadFile (in: hFile=0x308, lpBuffer=0x55d0000, nNumberOfBytesToRead=0xccb88, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x55d0000*, lpNumberOfBytesRead=0x4e4f22c*=0xccb88, lpOverlapped=0x0) returned 1 [0076.919] GetCurrentThreadId () returned 0x3a4 [0076.919] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa7b7a870, dwHighDateTime=0x1d6076c)) [0076.919] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa7b7a870, dwHighDateTime=0x1d6076c)) [0076.920] GetCurrentThreadId () returned 0x3a4 [0076.923] ExtractIconExW (in: lpszFile="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE", nIconIndex=0, phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218, nIcons=0x1 | out: phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218) returned 0x2 [0076.948] DestroyCursor (hCursor=0x4023b) returned 1 [0076.948] DestroyCursor (hCursor=0xb00ad) returned 1 [0076.948] CloseHandle (hObject=0x308) returned 1 [0076.948] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE", dwFileAttributes=0x2020) returned 1 [0076.948] GetCurrentThreadId () returned 0x3a4 [0076.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa7bc6b30, dwHighDateTime=0x1d6076c)) [0076.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa7bc6b30, dwHighDateTime=0x1d6076c)) [0076.949] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE", piIcon=0x4e4f238 | out: pszIconPath="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE", piIcon=0x4e4f238) returned 0xc00ad [0076.950] GetIconInfo (in: hIcon=0xc00ad, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0076.950] CreateFileW (lpFileName="iCIo.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\icio.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0076.953] GetObjectA (in: h=0x50509b9, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0076.953] GetObjectA (in: h=0xf0501d6, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0076.953] CreateCompatibleDC (hdc=0x0) returned 0x50109b8 [0076.953] GetDIBits (in: hdc=0x50109b8, hbm=0x50509b9, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0076.953] GetDIBits (in: hdc=0x50109b8, hbm=0x50509b9, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0076.953] GetDIBits (in: hdc=0x50109b8, hbm=0x50509b9, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0076.954] GetDIBits (in: hdc=0x50109b8, hbm=0xf0501d6, start=0x0, cLines=0x20, lpvBits=0x5240000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5240000, lpbmi=0x4e4e970) returned 32 [0076.954] WriteFile (in: hFile=0x308, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0076.955] WriteFile (in: hFile=0x308, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0076.955] WriteFile (in: hFile=0x308, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0076.956] WriteFile (in: hFile=0x308, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0076.956] WriteFile (in: hFile=0x308, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0076.956] DeleteDC (hdc=0x50109b8) returned 1 [0076.956] CloseHandle (hObject=0x308) returned 1 [0076.960] DeleteObject (ho=0x50509b9) returned 1 [0076.960] DeleteObject (ho=0xf0501d6) returned 1 [0076.960] DestroyCursor (hCursor=0xc00ad) returned 1 [0076.963] GetCurrentThreadId () returned 0x3a4 [0076.963] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0076.976] GetFileSize (in: hFile=0x308, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xccb88 [0076.980] ReadFile (in: hFile=0x308, lpBuffer=0x55d0000, nNumberOfBytesToRead=0xccb88, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x55d0000*, lpNumberOfBytesRead=0x4e4f524*=0xccb88, lpOverlapped=0x0) returned 1 [0076.986] CloseHandle (hObject=0x308) returned 1 [0076.988] GetCurrentThreadId () returned 0x3a4 [0076.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa7c38f50, dwHighDateTime=0x1d6076c)) [0076.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa7c38f50, dwHighDateTime=0x1d6076c)) [0076.990] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xa7c38f50, dwHighDateTime=0x1d6076c)) [0077.561] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x52b0000 [0077.581] VirtualAlloc (lpAddress=0x0, dwSize=0x600, flAllocationType=0x1000, flProtect=0x40) returned 0x52d0000 [0077.585] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76e40000 [0077.587] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77c40000 [0077.616] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76d30000 [0077.622] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77130000 [0078.608] GetCurrentThreadId () returned 0x3a4 [0078.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa8af3770, dwHighDateTime=0x1d6076c)) [0078.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa8af3770, dwHighDateTime=0x1d6076c)) [0078.609] GetCurrentThreadId () returned 0x3a4 [0078.609] CreateFileW (lpFileName="ccgE.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ccge.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0078.609] SetFilePointer (in: hFile=0x308, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.609] WriteFile (in: hFile=0x308, lpBuffer=0x52d0000*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x52d0000*, lpNumberOfBytesWritten=0x468d2f*=0x600, lpOverlapped=0x0) returned 1 [0078.610] WriteFile (in: hFile=0x308, lpBuffer=0x1e3a600*, nNumberOfBytesToWrite=0x143600, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e3a600*, lpNumberOfBytesWritten=0x468d2f*=0x143600, lpOverlapped=0x0) returned 1 [0078.638] WriteFile (in: hFile=0x308, lpBuffer=0x1e10e00*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e10e00*, lpNumberOfBytesWritten=0x468d2f*=0x200, lpOverlapped=0x0) returned 1 [0078.638] WriteFile (in: hFile=0x308, lpBuffer=0x1e10600*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x468d2f, lpOverlapped=0x0 | out: lpBuffer=0x1e10600*, lpNumberOfBytesWritten=0x468d2f*=0x200, lpOverlapped=0x0) returned 1 [0078.638] CloseHandle (hObject=0x308) returned 1 [0078.660] GetCurrentThreadId () returned 0x3a4 [0078.660] GetCurrentThreadId () returned 0x3a4 [0078.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa8b65b90, dwHighDateTime=0x1d6076c)) [0078.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa8b65b90, dwHighDateTime=0x1d6076c)) [0078.660] CreateFileW (lpFileName="ccgE.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ccge.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0078.660] GetFileSize (in: hFile=0x308, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x144000 [0078.660] CreateFileMappingA (hFile=0x308, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x144200, lpName=0x0) returned 0x310 [0078.660] MapViewOfFile (hFileMappingObject=0x310, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x73d0000 [0078.661] UnmapViewOfFile (lpBaseAddress=0x73d0000) returned 1 [0078.661] CloseHandle (hObject=0x310) returned 1 [0078.661] CloseHandle (hObject=0x308) returned 1 [0078.670] GetCurrentThreadId () returned 0x3a4 [0078.705] BeginUpdateResourceW (pFileName="ccgE.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ccge.exe"), bDeleteExistingResources=0) returned 0x52e0004 [0078.713] CreateFileW (lpFileName="iCIo.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\icio.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0078.714] GetFileSize (in: hFile=0x310, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0078.730] ReadFile (in: hFile=0x310, lpBuffer=0x1cf0000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x1cf0000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0078.731] CloseHandle (hObject=0x310) returned 1 [0078.731] UpdateResourceA (in: hUpdate=0x52e0004, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x1cf0016*, cb=0x10a8 | out: lpData=0x1cf0016*) returned 1 [0078.732] UpdateResourceA (in: hUpdate=0x52e0004, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224*, cb=0x14 | out: lpData=0x4e4f224*) returned 1 [0078.732] EndUpdateResourceA (hUpdate=0x52e0004, fDiscard=0) returned 1 [0078.886] CopyFileW (lpExistingFileName="ccgE.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ccge.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe.exe"), bFailIfExists=0) returned 1 [0078.952] SetNamedSecurityInfoW () returned 0x0 [0078.953] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe")) returned 1 [0078.954] WriteFile (in: hFile=0x230, lpBuffer=0x5260000*, nNumberOfBytesToWrite=0x8e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5260000*, lpNumberOfBytesWritten=0x4e4f27c*=0x8e, lpOverlapped=0x0) returned 1 [0078.954] WriteFile (in: hFile=0x230, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0078.954] DeleteFileW (lpFileName="iCIo.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\icio.ico")) returned 1 [0078.955] DeleteFileW (lpFileName="ccgE.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ccge.exe")) returned 1 [0078.981] GetCurrentThreadId () returned 0x3a4 [0078.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xa8e5f710, dwHighDateTime=0x1d6076c)) [0078.981] GetCurrentThreadId () returned 0x3a4 [0078.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8e5f710, dwHighDateTime=0x1d6076c)) [0078.981] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85ab8b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x80760, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwdcw20.dll", cAlternateFileName="")) returned 1 [0078.981] GetCurrentThreadId () returned 0x3a4 [0078.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8e5f710, dwHighDateTime=0x1d6076c)) [0078.982] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85f73a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7eda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwtrig20.exe", cAlternateFileName="")) returned 1 [0078.982] GetCurrentThreadId () returned 0x3a4 [0078.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa8e5f710, dwHighDateTime=0x1d6076c)) [0078.982] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe")) returned 0x2020 [0078.982] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe", dwFileAttributes=0x80) returned 1 [0078.983] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0078.983] GetFileSize (in: hFile=0x308, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7eda0 [0078.988] ReadFile (in: hFile=0x308, lpBuffer=0x55d0000, nNumberOfBytesToRead=0x7eda0, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x55d0000*, lpNumberOfBytesRead=0x4e4f22c*=0x7eda0, lpOverlapped=0x0) returned 1 [0078.993] GetCurrentThreadId () returned 0x3a4 [0078.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa8e85870, dwHighDateTime=0x1d6076c)) [0078.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa8e85870, dwHighDateTime=0x1d6076c)) [0078.993] GetCurrentThreadId () returned 0x3a4 [0078.995] ExtractIconExW (in: lpszFile="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe", nIconIndex=0, phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218, nIcons=0x1 | out: phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218) returned 0x0 [0079.005] CloseHandle (hObject=0x308) returned 1 [0079.005] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe", dwFileAttributes=0x2020) returned 1 [0079.005] CloseHandle (hObject=0x4e4f554) returned 0 [0079.005] GetCurrentThreadId () returned 0x3a4 [0079.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.005] GetCurrentThreadId () returned 0x3a4 [0079.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.005] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8d646800, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8d646800, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x741, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VC90.CRT.manifest", cAlternateFileName="MICROS~1.MAN")) returned 1 [0079.005] GetCurrentThreadId () returned 0x3a4 [0079.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.005] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c333b00, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8c333b00, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe86b5a80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa0200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msvcr90.dll", cAlternateFileName="")) returned 1 [0079.005] GetCurrentThreadId () returned 0x3a4 [0079.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.005] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7e3b3f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd79282, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeLR.cab", cAlternateFileName="")) returned 1 [0079.005] GetCurrentThreadId () returned 0x3a4 [0079.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.006] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c4ba40, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x387e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.msi", cAlternateFileName="OFFICE~2.MSI")) returned 1 [0079.006] GetCurrentThreadId () returned 0x3a4 [0079.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.006] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c27050, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.xml", cAlternateFileName="OFFICE~2.XML")) returned 1 [0079.006] GetCurrentThreadId () returned 0x3a4 [0079.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.006] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0079.006] GetCurrentThreadId () returned 0x3a4 [0079.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.006] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0079.006] GetCurrentThreadId () returned 0x3a4 [0079.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.006] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8b16200, ftCreationTime.dwHighDateTime=0x1cac190, ftLastAccessTime.dwLowDateTime=0xc8b16200, ftLastAccessTime.dwHighDateTime=0x1cac190, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2ed80, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetupui.dll", cAlternateFileName="")) returned 1 [0079.006] GetCurrentThreadId () returned 0x3a4 [0079.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.006] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77cbb000, ftCreationTime.dwHighDateTime=0x1cac57a, ftLastAccessTime.dwLowDateTime=0x77cbb000, ftLastAccessTime.dwHighDateTime=0x1cac57a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x6a3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="pss10r.chm", cAlternateFileName="")) returned 1 [0079.006] GetCurrentThreadId () returned 0x3a4 [0079.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.006] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cab9f00, ftCreationTime.dwHighDateTime=0x1cac8ad, ftLastAccessTime.dwLowDateTime=0x7cab9f00, ftLastAccessTime.dwHighDateTime=0x1cac8ad, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10676, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.chm", cAlternateFileName="")) returned 1 [0079.006] GetCurrentThreadId () returned 0x3a4 [0079.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.006] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2488, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0079.007] GetCurrentThreadId () returned 0x3a4 [0079.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.007] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 1 [0079.007] GetCurrentThreadId () returned 0x3a4 [0079.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.007] FindNextFileW (in: hFindFile=0x68d8d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 0 [0079.007] GetCurrentThreadId () returned 0x3a4 [0079.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.007] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0117-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9AFC7~1")) returned 1 [0079.007] GetCurrentThreadId () returned 0x3a4 [0079.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.007] GetCurrentThreadId () returned 0x3a4 [0079.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.007] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d958 [0079.009] GetCurrentThreadId () returned 0x3a4 [0079.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.009] FindNextFileW (in: hFindFile=0x68d958, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.010] GetCurrentThreadId () returned 0x3a4 [0079.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.010] FindNextFileW (in: hFindFile=0x68d958, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Access.en-us", cAlternateFileName="ACCESS~1.EN-")) returned 1 [0079.010] GetCurrentThreadId () returned 0x3a4 [0079.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.010] GetCurrentThreadId () returned 0x3a4 [0079.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa8eab9d0, dwHighDateTime=0x1d6076c)) [0079.010] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d998 [0079.056] GetCurrentThreadId () returned 0x3a4 [0079.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.056] FindNextFileW (in: hFindFile=0x68d998, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.056] GetCurrentThreadId () returned 0x3a4 [0079.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.056] FindNextFileW (in: hFindFile=0x68d998, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa623330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x266a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0079.056] GetCurrentThreadId () returned 0x3a4 [0079.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.056] FindNextFileW (in: hFindFile=0x68d998, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa5fe940, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x545, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0079.056] GetCurrentThreadId () returned 0x3a4 [0079.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.056] FindNextFileW (in: hFindFile=0x68d998, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3216e900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3216e900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa64a430, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7e94, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccLR.cab", cAlternateFileName="")) returned 1 [0079.056] GetCurrentThreadId () returned 0x3a4 [0079.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.056] FindNextFileW (in: hFindFile=0x68d998, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0079.056] GetCurrentThreadId () returned 0x3a4 [0079.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.056] FindNextFileW (in: hFindFile=0x68d998, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 0 [0079.056] GetCurrentThreadId () returned 0x3a4 [0079.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.056] FindNextFileW (in: hFindFile=0x68d958, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa160f00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0079.056] GetCurrentThreadId () returned 0x3a4 [0079.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.056] FindNextFileW (in: hFindFile=0x68d958, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0079.057] GetCurrentThreadId () returned 0x3a4 [0079.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.057] FindNextFileW (in: hFindFile=0x68d958, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0079.057] GetCurrentThreadId () returned 0x3a4 [0079.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.057] FindNextFileW (in: hFindFile=0x68d958, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0079.057] GetCurrentThreadId () returned 0x3a4 [0079.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.057] FindNextFileW (in: hFindFile=0x68d4d8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0011-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~1")) returned 1 [0079.057] GetCurrentThreadId () returned 0x3a4 [0079.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.057] GetCurrentThreadId () returned 0x3a4 [0079.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8f1ddf0, dwHighDateTime=0x1d6076c)) [0079.057] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68d9d8 [0079.721] GetCurrentThreadId () returned 0x3a4 [0079.721] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa949f0d0, dwHighDateTime=0x1d6076c)) [0079.722] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.722] GetCurrentThreadId () returned 0x3a4 [0079.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa949f0d0, dwHighDateTime=0x1d6076c)) [0079.722] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ae1a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x34ae1a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe0c2860, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0079.722] GetCurrentThreadId () returned 0x3a4 [0079.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa949f0d0, dwHighDateTime=0x1d6076c)) [0079.722] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x940c2a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x940c2a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe09b760, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0079.722] GetCurrentThreadId () returned 0x3a4 [0079.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa949f0d0, dwHighDateTime=0x1d6076c)) [0079.722] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf885a000, ftCreationTime.dwHighDateTime=0x1cac4d7, ftLastAccessTime.dwLowDateTime=0xf885a000, ftLastAccessTime.dwHighDateTime=0x1cac4d7, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0079.722] GetCurrentThreadId () returned 0x3a4 [0079.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa949f0d0, dwHighDateTime=0x1d6076c)) [0079.722] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 0x2020 [0079.726] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe", dwFileAttributes=0x80) returned 1 [0079.726] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0079.726] GetFileSize (in: hFile=0x318, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2a968 [0079.731] ReadFile (in: hFile=0x318, lpBuffer=0x55d0000, nNumberOfBytesToRead=0x2a968, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x55d0000*, lpNumberOfBytesRead=0x4e4f22c*=0x2a968, lpOverlapped=0x0) returned 1 [0079.740] GetCurrentThreadId () returned 0x3a4 [0079.740] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa94c5230, dwHighDateTime=0x1d6076c)) [0079.740] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa94c5230, dwHighDateTime=0x1d6076c)) [0079.740] GetCurrentThreadId () returned 0x3a4 [0079.741] ExtractIconExW (in: lpszFile="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe", nIconIndex=0, phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218, nIcons=0x1 | out: phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218) returned 0x0 [0079.745] CloseHandle (hObject=0x318) returned 1 [0079.745] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe", dwFileAttributes=0x2020) returned 1 [0079.746] CloseHandle (hObject=0x4e4f554) returned 0 [0079.746] GetCurrentThreadId () returned 0x3a4 [0079.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xa94c5230, dwHighDateTime=0x1d6076c)) [0079.746] GetCurrentThreadId () returned 0x3a4 [0079.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa94c5230, dwHighDateTime=0x1d6076c)) [0079.746] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd900f00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbd900f00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x16854390, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0079.746] GetCurrentThreadId () returned 0x3a4 [0079.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa94c5230, dwHighDateTime=0x1d6076c)) [0079.746] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x147e5b00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x147e5b00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xff654fc0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0079.746] GetCurrentThreadId () returned 0x3a4 [0079.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa94eb390, dwHighDateTime=0x1d6076c)) [0079.746] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3a02e00, ftCreationTime.dwHighDateTime=0x1cac5f7, ftLastAccessTime.dwLowDateTime=0xe3a02e00, ftLastAccessTime.dwHighDateTime=0x1cac5f7, ftLastWriteTime.dwLowDateTime=0x17e0dbf0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0079.746] GetCurrentThreadId () returned 0x3a4 [0079.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa94eb390, dwHighDateTime=0x1d6076c)) [0079.746] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe06a9500, ftCreationTime.dwHighDateTime=0x1cac7e5, ftLastAccessTime.dwLowDateTime=0xe06a9500, ftLastAccessTime.dwHighDateTime=0x1cac7e5, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0079.746] GetCurrentThreadId () returned 0x3a4 [0079.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa94eb390, dwHighDateTime=0x1d6076c)) [0079.746] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb2e2000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbb2e2000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x1a41c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.msi", cAlternateFileName="PROPLU~1.MSI")) returned 1 [0079.747] GetCurrentThreadId () returned 0x3a4 [0079.747] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa94eb390, dwHighDateTime=0x1d6076c)) [0079.747] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x41d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.xml", cAlternateFileName="PROPLU~1.XML")) returned 1 [0079.747] GetCurrentThreadId () returned 0x3a4 [0079.747] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa94eb390, dwHighDateTime=0x1d6076c)) [0079.747] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x262b2700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x262b2700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1ffd0c0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xa97cbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW.cab", cAlternateFileName="")) returned 1 [0079.747] GetCurrentThreadId () returned 0x3a4 [0079.747] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa94eb390, dwHighDateTime=0x1d6076c)) [0079.747] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf14900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbf14900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xc96ff40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xd49ee31, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW2.cab", cAlternateFileName="")) returned 1 [0079.747] GetCurrentThreadId () returned 0x3a4 [0079.747] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa94eb390, dwHighDateTime=0x1d6076c)) [0079.747] FindNextFileW (in: hFindFile=0x68d9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec13c00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbec13c00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x1682d290, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0079.747] GetCurrentThreadId () returned 0x3a4 [0079.747] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa94eb390, dwHighDateTime=0x1d6076c)) [0079.747] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 0x2020 [0079.747] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe", dwFileAttributes=0x80) returned 1 [0079.748] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0079.748] GetFileSize (in: hFile=0x318, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x150578 [0079.752] ReadFile (in: hFile=0x318, lpBuffer=0x55d0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x55d0000*, lpNumberOfBytesRead=0x4e4f22c*=0x100000, lpOverlapped=0x0) returned 1 [0079.843] ReadFile (in: hFile=0x318, lpBuffer=0x56d0000, nNumberOfBytesToRead=0x50578, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56d0000*, lpNumberOfBytesRead=0x4e4f22c*=0x50578, lpOverlapped=0x0) returned 1 [0079.855] GetCurrentThreadId () returned 0x3a4 [0079.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa95cfbd0, dwHighDateTime=0x1d6076c)) [0079.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa95cfbd0, dwHighDateTime=0x1d6076c)) [0079.855] GetCurrentThreadId () returned 0x3a4 [0079.880] ExtractIconExW (in: lpszFile="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe", nIconIndex=0, phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218, nIcons=0x1 | out: phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218) returned 0x2 [0079.901] DestroyCursor (hCursor=0x1000e7) returned 1 [0079.901] DestroyCursor (hCursor=0x60165) returned 1 [0079.901] CloseHandle (hObject=0x318) returned 1 [0079.901] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe", dwFileAttributes=0x2020) returned 1 [0079.902] GetCurrentThreadId () returned 0x3a4 [0079.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa9641ff0, dwHighDateTime=0x1d6076c)) [0079.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa9641ff0, dwHighDateTime=0x1d6076c)) [0079.902] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe", piIcon=0x4e4f238 | out: pszIconPath="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe", piIcon=0x4e4f238) returned 0xf00e3 [0080.288] GetIconInfo (in: hIcon=0xf00e3, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0080.288] CreateFileW (lpFileName="iaks.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iaks.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0080.290] GetObjectA (in: h=0x1050a51, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0080.290] GetObjectA (in: h=0x4050a4d, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0080.290] CreateCompatibleDC (hdc=0x0) returned 0x1010a52 [0080.290] GetDIBits (in: hdc=0x1010a52, hbm=0x1050a51, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0080.290] GetDIBits (in: hdc=0x1010a52, hbm=0x1050a51, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0080.290] GetDIBits (in: hdc=0x1010a52, hbm=0x1050a51, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0080.290] GetDIBits (in: hdc=0x1010a52, hbm=0x4050a4d, start=0x0, cLines=0x20, lpvBits=0x5240000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5240000, lpbmi=0x4e4e970) returned 32 [0080.290] WriteFile (in: hFile=0x318, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0080.291] WriteFile (in: hFile=0x318, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0080.291] WriteFile (in: hFile=0x318, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0080.294] WriteFile (in: hFile=0x318, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0080.295] WriteFile (in: hFile=0x318, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0080.295] DeleteDC (hdc=0x1010a52) returned 1 [0080.295] CloseHandle (hObject=0x318) returned 1 [0080.297] DeleteObject (ho=0x1050a51) returned 1 [0080.297] DeleteObject (ho=0x4050a4d) returned 1 [0080.297] DestroyCursor (hCursor=0xf00e3) returned 1 [0080.297] GetCurrentThreadId () returned 0x3a4 [0080.297] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0080.297] GetFileSize (in: hFile=0x318, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x150578 [0080.303] ReadFile (in: hFile=0x318, lpBuffer=0x55d0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x55d0000*, lpNumberOfBytesRead=0x4e4f524*=0x100000, lpOverlapped=0x0) returned 1 [0080.378] ReadFile (in: hFile=0x318, lpBuffer=0x56d0000, nNumberOfBytesToRead=0x50578, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56d0000*, lpNumberOfBytesRead=0x4e4f524*=0x50578, lpOverlapped=0x0) returned 1 [0080.389] CloseHandle (hObject=0x318) returned 1 [0080.389] GetCurrentThreadId () returned 0x3a4 [0080.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa9b04bf0, dwHighDateTime=0x1d6076c)) [0080.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa9b04bf0, dwHighDateTime=0x1d6076c)) [0080.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xa9b04bf0, dwHighDateTime=0x1d6076c)) Thread: id = 9 os_tid = 0xa2c [0057.477] GetCurrentThreadId () returned 0xa2c [0057.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f8ff28 | out: lpSystemTimeAsFileTime=0x4f8ff28*(dwLowDateTime=0xa3946490, dwHighDateTime=0x1d6076c)) [0057.477] GetCurrentThreadId () returned 0xa2c [0057.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f8ff58 | out: lpSystemTimeAsFileTime=0x4f8ff58*(dwLowDateTime=0xa3946490, dwHighDateTime=0x1d6076c)) [0057.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f8ff6c | out: lpSystemTimeAsFileTime=0x4f8ff6c*(dwLowDateTime=0xa3946490, dwHighDateTime=0x1d6076c)) [0057.481] GetCurrentThreadId () returned 0xa2c [0057.481] gethostbyname (name="google.com") Thread: id = 10 os_tid = 0x618 [0065.020] GetCurrentThreadId () returned 0x618 [0065.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe78 | out: lpSystemTimeAsFileTime=0x50cfe78*(dwLowDateTime=0xa3ff8270, dwHighDateTime=0x1d6076c)) [0065.021] GetCurrentThreadId () returned 0x618 [0065.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0xa3ff8270, dwHighDateTime=0x1d6076c)) [0065.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0xa3ff8270, dwHighDateTime=0x1d6076c)) [0065.025] GetCurrentThreadId () returned 0x618 [0065.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0xa3ff8270, dwHighDateTime=0x1d6076c)) [0065.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0xa3ff8270, dwHighDateTime=0x1d6076c)) [0065.025] GetCurrentThreadId () returned 0x618 [0065.025] GetCurrentThreadId () returned 0x618 [0065.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0xa3ff8270, dwHighDateTime=0x1d6076c)) [0065.025] Sleep (dwMilliseconds=0xc8ee8) Thread: id = 11 os_tid = 0xa00 [0064.979] GetCurrentThreadId () returned 0xa00 [0064.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fea8 | out: lpSystemTimeAsFileTime=0x520fea8*(dwLowDateTime=0xa3f85e50, dwHighDateTime=0x1d6076c)) [0064.996] GetCurrentThreadId () returned 0xa00 [0064.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xa3fabfb0, dwHighDateTime=0x1d6076c)) [0064.996] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0064.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xa3fabfb0, dwHighDateTime=0x1d6076c)) [0064.996] ReleaseMutex (hMutex=0x158) returned 1 [0065.000] Sleep (dwMilliseconds=0x770) [0072.090] GetCurrentThreadId () returned 0xa00 [0072.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xa521ea30, dwHighDateTime=0x1d6076c)) [0072.090] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0072.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xa521ea30, dwHighDateTime=0x1d6076c)) [0072.091] ReleaseMutex (hMutex=0x158) returned 1 [0072.094] Sleep (dwMilliseconds=0x5dc) [0073.616] GetCurrentThreadId () returned 0xa00 [0073.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xa60b30f0, dwHighDateTime=0x1d6076c)) [0073.616] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0073.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xa60b30f0, dwHighDateTime=0x1d6076c)) [0073.616] ReleaseMutex (hMutex=0x158) returned 1 [0073.616] Sleep (dwMilliseconds=0x6d9) [0075.394] GetCurrentThreadId () returned 0xa00 [0075.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xa7182c50, dwHighDateTime=0x1d6076c)) [0075.394] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0075.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xa7182c50, dwHighDateTime=0x1d6076c)) [0075.394] ReleaseMutex (hMutex=0x158) returned 1 [0075.394] Sleep (dwMilliseconds=0x79e) [0077.878] GetCurrentThreadId () returned 0xa00 [0077.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xa8467af0, dwHighDateTime=0x1d6076c)) [0077.878] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0077.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xa8467af0, dwHighDateTime=0x1d6076c)) [0077.878] ReleaseMutex (hMutex=0x158) returned 1 [0077.878] Sleep (dwMilliseconds=0x60f) [0079.723] GetCurrentThreadId () returned 0xa00 [0079.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xa949f0d0, dwHighDateTime=0x1d6076c)) [0079.723] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0079.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xa949f0d0, dwHighDateTime=0x1d6076c)) [0079.723] ReleaseMutex (hMutex=0x158) returned 1 [0079.723] Sleep (dwMilliseconds=0x69c) Process: id = "3" image_name = "ymiisqma.exe" filename = "c:\\programdata\\gsogosqc\\ymiisqma.exe" page_root = "0x2dd6d000" os_pid = "0xa80" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xb24" cmd_line = "\"C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 4 os_tid = 0xb9c [0056.658] GetProcessHeap () returned 0x500000 [0056.658] GetProcessHeap () returned 0x500000 [0056.658] GetProcessHeap () returned 0x500000 [0056.658] GetProcessHeap () returned 0x500000 [0056.659] GetSystemDefaultLCID () returned 0x409 [0056.688] GetSystemDefaultLCID () returned 0x409 [0056.689] GetSystemDefaultLCID () returned 0x409 [0056.689] GetSystemDefaultLCID () returned 0x409 [0056.689] GetSystemDefaultLCID () returned 0x409 [0056.689] GetSystemDefaultLCID () returned 0x409 [0056.689] GetSystemDefaultLCID () returned 0x409 [0056.689] GetSystemDefaultLCID () returned 0x409 [0056.689] GetSystemDefaultLCID () returned 0x409 [0056.689] GetSystemDefaultLCID () returned 0x409 [0056.689] GetSystemDefaultLCID () returned 0x409 [0056.689] GetSystemDefaultLCID () returned 0x409 [0056.737] GetSystemDefaultLCID () returned 0x409 [0056.737] VirtualProtect (in: lpAddress=0x401400, dwSize=0x73ec8, flNewProtect=0x40, lpflOldProtect=0x18ff88 | out: lpflOldProtect=0x18ff88*=0x20) returned 1 [0056.740] GetSystemDefaultLCID () returned 0x409 [0056.740] GetSystemDefaultLCID () returned 0x409 [0056.740] GetSystemDefaultLCID () returned 0x409 [0056.740] GetSystemDefaultLCID () returned 0x409 [0056.740] GetSystemDefaultLCID () returned 0x409 [0056.758] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18ff80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18ff80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0056.852] GetVersionExA (in: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0056.859] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0056.859] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameA") returned 0x76d414b1 [0056.859] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileA") returned 0x76d658e5 [0056.859] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0056.859] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalAlloc") returned 0x76d4588e [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalLock") returned 0x76d5d0a7 [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="ProcessIdToSessionId") returned 0x76d41275 [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="OpenThread") returned 0x76d51248 [0056.860] GetProcAddress (hModule=0x76d30000, lpProcName="ReleaseMutex") returned 0x76d4111e [0056.861] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0056.861] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0056.861] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0056.861] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableA") returned 0x76d433a0 [0056.861] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0056.861] GetProcAddress (hModule=0x76d30000, lpProcName="ResumeThread") returned 0x76d443ef [0056.861] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingA") returned 0x76d45506 [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="SuspendThread") returned 0x76d67d7e [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserGeoID") returned 0x76d6acf0 [0056.862] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="Process32Next") returned 0x76d688a4 [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="EndUpdateResourceA") returned 0x76dd3d34 [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="UpdateResourceA") returned 0x76dd363d [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesA") returned 0x76d5ecd3 [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryA") returned 0x76d6d526 [0056.863] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0056.864] LoadLibraryA (lpLibFileName="wtsapi32.dll") returned 0x75670000 [0056.877] GetProcAddress (hModule=0x75670000, lpProcName="WTSFreeMemory") returned 0x75671b65 [0056.877] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x75650000 [0056.883] GetProcAddress (hModule=0x75650000, lpProcName="NetUserSetInfo") returned 0x75605d16 [0056.885] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0056.885] GetProcAddress (hModule=0x76d30000, lpProcName="Process32First") returned 0x76d68ae7 [0056.885] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x770a0000 [0057.128] GetProcAddress (hModule=0x770a0000, lpProcName="CreateSolidBrush") returned 0x770b4f17 [0057.128] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77130000 [0057.128] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowPos") returned 0x77148e4e [0057.128] GetProcAddress (hModule=0x770a0000, lpProcName="CreateCompatibleDC") returned 0x770b54f4 [0057.128] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77710000 [0057.128] GetProcAddress (hModule=0x77710000, lpProcName="CheckTokenMembership") returned 0x7771df04 [0057.128] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0057.128] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineA") returned 0x76d451a1 [0057.128] GetProcAddress (hModule=0x77710000, lpProcName="SetSecurityDescriptorDacl") returned 0x7772415e [0057.129] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0057.129] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0057.129] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77230000 [0057.129] GetProcAddress (hModule=0x77230000, lpProcName="socket") returned 0x77233eb8 [0057.129] GetProcAddress (hModule=0x77130000, lpProcName="GetMessageA") returned 0x77147bd3 [0057.129] GetProcAddress (hModule=0x77230000, lpProcName="shutdown") returned 0x7723449d [0057.129] GetProcAddress (hModule=0x75670000, lpProcName="WTSEnumerateSessionsA") returned 0x75674023 [0057.129] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0057.129] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0057.129] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClassExA") returned 0x7714db98 [0057.130] GetProcAddress (hModule=0x77130000, lpProcName="FillRect") returned 0x77150eb6 [0057.130] GetProcAddress (hModule=0x77130000, lpProcName="DestroyWindow") returned 0x77149a55 [0057.130] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0057.130] GetProcAddress (hModule=0x77130000, lpProcName="CreateWindowExA") returned 0x7714d22e [0057.130] GetProcAddress (hModule=0x77230000, lpProcName="gethostbyname") returned 0x77247673 [0057.130] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupDelMembers") returned 0x75609322 [0057.130] GetProcAddress (hModule=0x77710000, lpProcName="ConvertSidToStringSidA") returned 0x7774192a [0057.130] GetProcAddress (hModule=0x770a0000, lpProcName="BitBlt") returned 0x770b5ea6 [0057.130] GetProcAddress (hModule=0x77130000, lpProcName="PostQuitMessage") returned 0x77149abb [0057.131] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountNameW") returned 0x7771e276 [0057.131] GetProcAddress (hModule=0x77130000, lpProcName="BeginPaint") returned 0x77151361 [0057.131] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0057.131] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0057.131] GetProcAddress (hModule=0x770a0000, lpProcName="SetBkColor") returned 0x770b52d8 [0057.131] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0057.131] GetProcAddress (hModule=0x76d30000, lpProcName="BeginUpdateResourceA") returned 0x76dd3f39 [0057.131] GetProcAddress (hModule=0x77130000, lpProcName="UpdateWindow") returned 0x77153559 [0057.131] GetProcAddress (hModule=0x770a0000, lpProcName="SetTextColor") returned 0x770b522d [0057.131] GetProcAddress (hModule=0x77710000, lpProcName="SetEntriesInAclW") returned 0x77722a66 [0057.132] GetProcAddress (hModule=0x77130000, lpProcName="EndPaint") returned 0x77151341 [0057.132] GetProcAddress (hModule=0x75670000, lpProcName="WTSLogoffSession") returned 0x75673d77 [0057.132] GetProcAddress (hModule=0x77130000, lpProcName="GetDC") returned 0x771472c4 [0057.132] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0057.132] GetProcAddress (hModule=0x77230000, lpProcName="connect") returned 0x77236bdd [0057.132] GetProcAddress (hModule=0x77130000, lpProcName="InSendMessage") returned 0x77153e46 [0057.132] GetProcAddress (hModule=0x77710000, lpProcName="LsaOpenPolicy") returned 0x7773077c [0057.132] GetProcAddress (hModule=0x77230000, lpProcName="getsockname") returned 0x772330af [0057.132] GetProcAddress (hModule=0x77130000, lpProcName="EmptyClipboard") returned 0x771a7cb9 [0057.133] GetProcAddress (hModule=0x77130000, lpProcName="DestroyIcon") returned 0x771549b2 [0057.133] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x755e0000 [0057.134] GetProcAddress (hModule=0x755e0000, lpProcName="WNetOpenEnumW") returned 0x755e2f06 [0057.135] GetProcAddress (hModule=0x77710000, lpProcName="ConvertStringSidToSidA") returned 0x77730f23 [0057.135] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableW") returned 0x76d41b48 [0057.135] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0057.135] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0057.135] GetProcAddress (hModule=0x76d30000, lpProcName="BeginUpdateResourceW") returned 0x76dd3d6c [0057.135] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0057.135] GetProcAddress (hModule=0x77230000, lpProcName="ioctlsocket") returned 0x77233084 [0057.135] GetProcAddress (hModule=0x77710000, lpProcName="CreateProcessWithLogonW") returned 0x777552e9 [0057.135] GetProcAddress (hModule=0x77230000, lpProcName="WSAStartup") returned 0x77233ab2 [0057.135] GetProcAddress (hModule=0x77710000, lpProcName="InitializeSecurityDescriptor") returned 0x77724620 [0057.136] GetProcAddress (hModule=0x770a0000, lpProcName="GetDIBits") returned 0x770b6001 [0057.136] GetProcAddress (hModule=0x77230000, lpProcName="accept") returned 0x772368b6 [0057.136] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0057.136] GetProcAddress (hModule=0x77230000, lpProcName="getpeername") returned 0x77237147 [0057.136] GetProcAddress (hModule=0x77230000, lpProcName="closesocket") returned 0x77233918 [0057.136] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0057.136] GetProcAddress (hModule=0x77130000, lpProcName="DrawIcon") returned 0x77158deb [0057.136] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0057.136] GetProcAddress (hModule=0x77130000, lpProcName="FindWindowExA") returned 0x771500d9 [0057.136] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0057.137] GetProcAddress (hModule=0x77130000, lpProcName="GetSystemMetrics") returned 0x77147d2f [0057.137] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsA") returned 0x76d4e4dc [0057.137] GetProcAddress (hModule=0x77130000, lpProcName="DrawTextA") returned 0x7715aea1 [0057.137] GetProcAddress (hModule=0x77130000, lpProcName="ShowWindow") returned 0x77150dfb [0057.137] GetProcAddress (hModule=0x770a0000, lpProcName="TextOutA") returned 0x770beda3 [0057.137] GetProcAddress (hModule=0x77130000, lpProcName="DispatchMessageA") returned 0x77147bbb [0057.137] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageA") returned 0x7715612e [0057.137] GetProcAddress (hModule=0x75650000, lpProcName="NetUserAdd") returned 0x75605648 [0057.137] GetProcAddress (hModule=0x76d30000, lpProcName="WinExec") returned 0x76dc2c21 [0057.138] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0057.138] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorA") returned 0x7714dad5 [0057.138] GetProcAddress (hModule=0x77710000, lpProcName="SetNamedSecurityInfoW") returned 0x77719fe2 [0057.138] GetProcAddress (hModule=0x77130000, lpProcName="LoadIconA") returned 0x7714dafb [0057.138] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0057.138] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyState") returned 0x7715291f [0057.138] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyboardState") returned 0x7716ec68 [0057.138] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x759d0000 [0057.146] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractAssociatedIconW") returned 0x75bd4e1e [0057.146] GetProcAddress (hModule=0x77230000, lpProcName="listen") returned 0x7723b001 [0057.146] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0057.146] GetProcAddress (hModule=0x77130000, lpProcName="SetClassLongA") returned 0x7715d5f9 [0057.146] GetProcAddress (hModule=0x76d30000, lpProcName="CreateMutexA") returned 0x76d44c6b [0057.146] GetProcAddress (hModule=0x77230000, lpProcName="htonl") returned 0x77232d57 [0057.146] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0057.146] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0057.146] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessA") returned 0x76d41072 [0057.147] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupAdd") returned 0x75608c32 [0057.147] GetProcAddress (hModule=0x77130000, lpProcName="UnregisterClassA") returned 0x7714dced [0057.147] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupAddMembers") returned 0x756092fe [0057.147] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x76620000 [0057.150] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0057.150] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalFree") returned 0x76d45558 [0057.151] GetProcAddress (hModule=0x77130000, lpProcName="GetForegroundWindow") returned 0x77152320 [0057.151] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalUnlock") returned 0x76d5cfdf [0057.151] GetProcAddress (hModule=0x76d30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76d6735f [0057.151] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0057.151] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractIconExW") returned 0x75aef0bd [0057.151] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0057.152] GetProcAddress (hModule=0x77130000, lpProcName="CloseClipboard") returned 0x77158e8d [0057.152] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0057.152] GetProcAddress (hModule=0x77130000, lpProcName="OpenClipboard") returned 0x77158ecb [0057.152] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76e40000 [0057.154] GetProcAddress (hModule=0x76e40000, lpProcName="OleLoadPicture") returned 0x76ea7c49 [0057.154] GetProcAddress (hModule=0x77130000, lpProcName="SetClipboardData") returned 0x77188e57 [0057.155] GetProcAddress (hModule=0x770a0000, lpProcName="SelectObject") returned 0x770b4f70 [0057.155] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0057.155] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount") returned 0x76d4110c [0057.155] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupDel") returned 0x75608d7c [0057.155] GetProcAddress (hModule=0x77130000, lpProcName="TranslateMessage") returned 0x77147809 [0057.155] GetProcAddress (hModule=0x770a0000, lpProcName="GetObjectA") returned 0x770b85d4 [0057.156] GetProcAddress (hModule=0x77230000, lpProcName="htons") returned 0x77232d8b [0057.156] GetProcAddress (hModule=0x77230000, lpProcName="select") returned 0x77236989 [0057.156] GetProcAddress (hModule=0x770a0000, lpProcName="CreateCompatibleBitmap") returned 0x770b5f49 [0057.156] GetProcAddress (hModule=0x77130000, lpProcName="FindWindowA") returned 0x7714ffe6 [0057.156] GetProcAddress (hModule=0x770a0000, lpProcName="TextOutW") returned 0x770bd41c [0057.156] GetProcAddress (hModule=0x75650000, lpProcName="NetLocalGroupGetMembers") returned 0x756021be [0057.157] GetProcAddress (hModule=0x77130000, lpProcName="DrawTextW") returned 0x771525cf [0057.157] GetProcAddress (hModule=0x77230000, lpProcName="recv") returned 0x77236b0e [0057.157] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractAssociatedIconA") returned 0x75bd4efe [0057.157] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0057.157] GetProcAddress (hModule=0x770a0000, lpProcName="CreateFontIndirectA") returned 0x770bcffd [0057.157] GetProcAddress (hModule=0x755e0000, lpProcName="WNetEnumResourceW") returned 0x755e3058 [0057.158] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileA") returned 0x76d45444 [0057.158] GetProcAddress (hModule=0x770a0000, lpProcName="CreateDIBSection") returned 0x770bac46 [0057.158] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameW") returned 0x7772157a [0057.158] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0057.159] GetProcAddress (hModule=0x77710000, lpProcName="LsaAddAccountRights") returned 0x77758819 [0057.159] GetProcAddress (hModule=0x755e0000, lpProcName="WNetAddConnection2W") returned 0x755e4744 [0057.159] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatus") returned 0x77722a86 [0057.159] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteDC") returned 0x770b58b3 [0057.159] GetProcAddress (hModule=0x76d30000, lpProcName="RtlZeroMemory") returned 0x77ca3c10 [0057.159] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExA") returned 0x77724907 [0057.160] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameA") returned 0x7773a4b4 [0057.160] GetProcAddress (hModule=0x77130000, lpProcName="GetIconInfo") returned 0x771549ea [0057.160] GetProcAddress (hModule=0x77230000, lpProcName="send") returned 0x77236f01 [0057.160] GetProcAddress (hModule=0x77710000, lpProcName="OpenServiceW") returned 0x7771ca4c [0057.160] GetProcAddress (hModule=0x77230000, lpProcName="bind") returned 0x77234582 [0057.160] GetProcAddress (hModule=0x75650000, lpProcName="NetApiBufferFree") returned 0x756413d2 [0057.161] GetProcAddress (hModule=0x77130000, lpProcName="DefWindowProcA") returned 0x77c824e0 [0057.161] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0057.161] GetProcAddress (hModule=0x755e0000, lpProcName="WNetCancelConnection2W") returned 0x755e8cd1 [0057.161] GetProcAddress (hModule=0x77130000, lpProcName="InvalidateRect") returned 0x77151381 [0057.161] GetProcAddress (hModule=0x77710000, lpProcName="SetEntriesInAclA") returned 0x777615e9 [0057.161] GetProcAddress (hModule=0x77710000, lpProcName="LogonUserW") returned 0x7771c1a9 [0057.162] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0057.162] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteObject") returned 0x770b5689 [0057.162] GetProcAddress (hModule=0x77130000, lpProcName="SetTimer") returned 0x771479fb [0057.162] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x2a0000 [0057.163] VirtualAlloc (lpAddress=0x0, dwSize=0x73b6e, flAllocationType=0x1000, flProtect=0x40) returned 0x2b0000 [0057.269] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x510638 [0057.269] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x510638, dwRevision=0x1 | out: pSecurityDescriptor=0x510638) returned 1 [0057.269] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x510638, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x510638) returned 1 [0057.269] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x1d20000 [0057.288] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x330000 [0057.288] VirtualAlloc (lpAddress=0x0, dwSize=0x2300000, flAllocationType=0x3000, flProtect=0x40) returned 0x1e20000 [0057.289] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4120000 [0057.296] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4220000 [0057.392] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x340000 [0057.393] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x340000, nSize=0x200 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24 [0057.396] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e16, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e0a | out: pSid=0x458e0a*=0x513390*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0057.396] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e28, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e1c | out: pSid=0x458e1c*=0x5133a8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0057.396] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x350000 [0057.411] SetEntriesInAclA () returned 0x0 [0057.415] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5161d8 [0057.415] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5161d8, dwRevision=0x1 | out: pSecurityDescriptor=0x5161d8) returned 1 [0057.415] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5161d8, bDaclPresent=1, pDacl=0x5169a0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5161d8) returned 1 [0057.415] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x360000 [0057.415] SetEntriesInAclA () returned 0x0 [0057.415] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x516ee0 [0057.415] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x516ee0, dwRevision=0x1 | out: pSecurityDescriptor=0x516ee0) returned 1 [0057.415] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x516ee0, bDaclPresent=1, pDacl=0x516f38, bDaclDefaulted=0 | out: pSecurityDescriptor=0x516ee0) returned 1 [0057.415] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x370000 [0057.416] SetEntriesInAclA () returned 0x0 [0057.416] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x516f00 [0057.416] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x516f00, dwRevision=0x1 | out: pSecurityDescriptor=0x516f00) returned 1 [0057.416] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x516f00, bDaclPresent=1, pDacl=0x516fb0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x516f00) returned 1 [0057.416] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x403110 | out: lpWSAData=0x403110) returned 0 [0057.430] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="uwkkwwAk") returned 0xf4 [0057.430] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="DakkIgow") returned 0xf8 [0057.430] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x380000 [0059.978] VirtualAlloc (lpAddress=0x0, dwSize=0x402, flAllocationType=0x3000, flProtect=0x40) returned 0x390000 [0059.979] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3a0000 [0059.979] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3b0000 [0059.979] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3c0000 [0059.979] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d0000 [0059.979] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3e0000 [0059.980] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3f0000 [0059.980] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x3a0000, nSize=0x1000 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0059.980] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x3b0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0059.985] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou"), lpSecurityAttributes=0x458dca) returned 0 [0060.000] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU", dwFileAttributes=0x6) returned 1 [0060.002] GetCurrentThreadId () returned 0xb9c [0060.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa3c40010, dwHighDateTime=0x1d6076c)) [0060.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa3c40010, dwHighDateTime=0x1d6076c)) [0060.003] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0060.003] GetCurrentThreadId () returned 0xb9c [0060.003] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou")) returned 0x16 [0060.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0060.003] CreateFileMappingA (hFile=0xfc, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x100 [0060.003] MapViewOfFile (hFileMappingObject=0x100, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x480000 [0060.004] ReleaseMutex (hMutex=0xf4) returned 1 [0060.004] CreateDirectoryW (lpPathName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc"), lpSecurityAttributes=0x458dca) returned 0 [0060.004] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc", dwFileAttributes=0x6) returned 1 [0060.004] GetCurrentThreadId () returned 0xb9c [0060.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa3c40010, dwHighDateTime=0x1d6076c)) [0060.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xa3c40010, dwHighDateTime=0x1d6076c)) [0060.004] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0060.004] GetCurrentThreadId () returned 0xb9c [0060.004] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc")) returned 0x16 [0060.004] CreateFileW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0060.004] CreateFileMappingA (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x108 [0060.005] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x490000 [0060.005] ReleaseMutex (hMutex=0xf4) returned 1 [0060.007] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x4a0000 [0063.956] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x4b0000 [0063.957] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x4c0000 [0063.957] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x4d0000 [0063.958] GetUserNameA (in: lpBuffer=0x4c001a, pcbBuffer=0x45db86 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45db86) returned 1 [0064.939] GetUserNameA (in: lpBuffer=0x4d001a, pcbBuffer=0x45db86 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45db86) returned 1 [0064.948] Sleep (dwMilliseconds=0xc2) [0065.229] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4e0000 [0065.230] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4f0000 [0065.230] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x4f0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0065.230] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x45f0000 [0065.230] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x45f000d, nSize=0x1000 | out: lpBuffer="") returned 0xe [0065.231] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x4e0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0065.231] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4600000 [0065.235] LookupAccountNameW (in: lpSystemName=0x0, lpAccountName="gjpll9uxb4hpl9ud", Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed | out: Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed) returned 0 [0065.355] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4750000 [0065.372] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0065.372] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x4750000, nSize=0x1000 | out: lpFilename="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x24 [0065.373] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0065.373] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x4750000, nSize=0x1000 | out: lpFilename="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x24 [0065.373] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x150) returned 0x0 [0065.373] RegSetValueExW (in: hKey=0x150, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0065.374] RegCloseKey (hKey=0x150) returned 0x0 [0065.374] VirtualFree (lpAddress=0x4750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0065.378] GetCommandLineW () returned="\"C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe\"" [0065.523] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4750000 [0065.531] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4850000 [0065.538] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4950000 [0065.545] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="è0@") returned 0x150 [0065.546] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="ð0@") returned 0x154 [0065.546] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="ø0@") returned 0x158 [0065.546] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="") returned 0x15c [0065.546] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="\x081@") returned 0x160 [0065.546] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x460360, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x670) returned 0x164 [0065.777] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x45e72a, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x6a4) returned 0x168 [0065.778] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x453eac, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x730) returned 0x16c [0065.779] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x78c) returned 0x170 [0065.780] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40bba7, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x60c) returned 0x174 [0065.780] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x410a5d, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x20c) returned 0x178 [0065.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa471c470, dwHighDateTime=0x1d6076c)) [0065.794] Sleep (dwMilliseconds=0x12c) [0070.163] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa4a622b0, dwHighDateTime=0x1d6076c)) [0070.163] Sleep (dwMilliseconds=0x12c) [0070.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa4d81f90, dwHighDateTime=0x1d6076c)) [0070.909] Sleep (dwMilliseconds=0x12c) [0071.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa50a1c70, dwHighDateTime=0x1d6076c)) [0071.923] Sleep (dwMilliseconds=0x12c) [0072.243] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa539b7f0, dwHighDateTime=0x1d6076c)) [0072.243] Sleep (dwMilliseconds=0x12c) [0072.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa572d8f0, dwHighDateTime=0x1d6076c)) [0072.619] Sleep (dwMilliseconds=0x12c) [0072.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa5a27470, dwHighDateTime=0x1d6076c)) [0072.930] Sleep (dwMilliseconds=0x12c) [0073.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa5d20ff0, dwHighDateTime=0x1d6076c)) [0073.241] Sleep (dwMilliseconds=0x12c) [0073.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa601ab70, dwHighDateTime=0x1d6076c)) [0073.553] Sleep (dwMilliseconds=0x12c) [0073.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa63146f0, dwHighDateTime=0x1d6076c)) [0073.866] Sleep (dwMilliseconds=0x12c) [0074.212] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa66343d0, dwHighDateTime=0x1d6076c)) [0074.212] Sleep (dwMilliseconds=0x12c) [0074.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa692df50, dwHighDateTime=0x1d6076c)) [0074.521] Sleep (dwMilliseconds=0x12c) [0074.832] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa6c27ad0, dwHighDateTime=0x1d6076c)) [0074.833] Sleep (dwMilliseconds=0x12c) [0075.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa6f21650, dwHighDateTime=0x1d6076c)) [0075.145] Sleep (dwMilliseconds=0x12c) [0075.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa721b1d0, dwHighDateTime=0x1d6076c)) [0075.457] Sleep (dwMilliseconds=0x12c) [0075.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa7514d50, dwHighDateTime=0x1d6076c)) [0075.771] Sleep (dwMilliseconds=0x12c) [0076.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa7834a30, dwHighDateTime=0x1d6076c)) [0076.099] Sleep (dwMilliseconds=0x12c) [0076.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa7b2e5b0, dwHighDateTime=0x1d6076c)) [0076.881] Sleep (dwMilliseconds=0x12c) [0077.220] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa7e743f0, dwHighDateTime=0x1d6076c)) [0077.220] Sleep (dwMilliseconds=0x12c) [0077.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa81ba230, dwHighDateTime=0x1d6076c)) [0077.563] Sleep (dwMilliseconds=0x12c) [0078.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa873b510, dwHighDateTime=0x1d6076c)) [0078.189] Sleep (dwMilliseconds=0x12c) [0078.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa8aa74b0, dwHighDateTime=0x1d6076c)) [0078.585] Sleep (dwMilliseconds=0x12c) [0078.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa8ded2f0, dwHighDateTime=0x1d6076c)) [0078.927] Sleep (dwMilliseconds=0x12c) [0079.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa949f0d0, dwHighDateTime=0x1d6076c)) [0079.723] Sleep (dwMilliseconds=0x12c) [0080.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa9b2ad50, dwHighDateTime=0x1d6076c)) [0080.402] Sleep (dwMilliseconds=0x12c) Thread: id = 295 os_tid = 0x9f0 Thread: id = 301 os_tid = 0x670 [0065.702] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0065.765] ReleaseMutex (hMutex=0x154) returned 1 [0065.765] GetCurrentThreadId () returned 0x670 [0065.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.765] GetCurrentThreadId () returned 0x670 [0065.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.765] GetCurrentThreadId () returned 0x670 [0065.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.765] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0065.765] GetCurrentThreadId () returned 0x670 [0065.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.765] GetTickCount () returned 0x11480e3 [0065.765] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0065.765] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4b90000 [0065.766] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ba0000 [0065.768] VirtualFree (lpAddress=0x4ba0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0065.768] VirtualFree (lpAddress=0x4b90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0065.768] ReleaseMutex (hMutex=0x150) returned 1 [0065.768] GetCurrentThreadId () returned 0x670 [0065.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xa46f6310, dwHighDateTime=0x1d6076c)) [0065.768] GetCurrentThreadId () returned 0x670 [0065.768] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0065.768] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4b90000 [0065.769] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ba0000 [0065.770] VirtualFree (lpAddress=0x4ba0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0065.771] VirtualFree (lpAddress=0x4b90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0065.771] ReleaseMutex (hMutex=0x150) returned 1 [0065.771] ReleaseMutex (hMutex=0xf4) returned 1 [0065.771] GetCurrentThreadId () returned 0x670 [0065.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa471c470, dwHighDateTime=0x1d6076c)) [0065.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa471c470, dwHighDateTime=0x1d6076c)) [0065.771] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0065.771] GetCurrentThreadId () returned 0x670 [0065.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xa471c470, dwHighDateTime=0x1d6076c)) [0065.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xa471c470, dwHighDateTime=0x1d6076c)) [0065.772] GetTickCount () returned 0x11480f3 [0065.772] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0065.772] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4b90000 [0065.772] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ba0000 [0065.774] VirtualFree (lpAddress=0x4ba0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0065.774] VirtualFree (lpAddress=0x4b90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0065.774] ReleaseMutex (hMutex=0x150) returned 1 [0065.774] GetCurrentThreadId () returned 0x670 [0065.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa471c470, dwHighDateTime=0x1d6076c)) [0065.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa471c470, dwHighDateTime=0x1d6076c)) [0065.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xa471c470, dwHighDateTime=0x1d6076c)) [0065.774] GetCurrentThreadId () returned 0x670 [0065.774] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0065.774] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4b90000 [0065.775] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ba0000 [0065.776] VirtualFree (lpAddress=0x4ba0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0065.777] VirtualFree (lpAddress=0x4b90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0065.777] ReleaseMutex (hMutex=0x150) returned 1 [0065.777] ReleaseMutex (hMutex=0xf4) returned 1 [0065.777] GetCurrentThreadId () returned 0x670 [0065.777] GetCurrentThreadId () returned 0x670 [0065.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xa471c470, dwHighDateTime=0x1d6076c)) [0065.777] Sleep (dwMilliseconds=0xc74) [0074.149] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0074.149] ReleaseMutex (hMutex=0x154) returned 1 [0074.149] GetCurrentThreadId () returned 0x670 [0074.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xa659be50, dwHighDateTime=0x1d6076c)) [0074.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xa659be50, dwHighDateTime=0x1d6076c)) [0074.153] GetCurrentThreadId () returned 0x670 [0074.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xa659be50, dwHighDateTime=0x1d6076c)) [0074.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xa659be50, dwHighDateTime=0x1d6076c)) [0074.153] GetCurrentThreadId () returned 0x670 [0074.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa659be50, dwHighDateTime=0x1d6076c)) [0074.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa659be50, dwHighDateTime=0x1d6076c)) [0074.153] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0074.171] GetCurrentThreadId () returned 0x670 [0074.171] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xa65c1fb0, dwHighDateTime=0x1d6076c)) [0074.171] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xa65c1fb0, dwHighDateTime=0x1d6076c)) [0074.171] GetTickCount () returned 0x1148d81 [0074.178] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0074.195] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0074.196] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52e0000 [0074.198] VirtualFree (lpAddress=0x52e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.198] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.199] ReleaseMutex (hMutex=0x150) returned 1 [0074.199] GetCurrentThreadId () returned 0x670 [0074.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa660e270, dwHighDateTime=0x1d6076c)) [0074.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa660e270, dwHighDateTime=0x1d6076c)) [0074.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xa660e270, dwHighDateTime=0x1d6076c)) [0074.199] GetCurrentThreadId () returned 0x670 [0074.199] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0074.199] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0074.200] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52e0000 [0074.202] VirtualFree (lpAddress=0x52e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.203] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.203] ReleaseMutex (hMutex=0x150) returned 1 [0074.204] ReleaseMutex (hMutex=0xf4) returned 1 [0074.204] GetCurrentThreadId () returned 0x670 [0074.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa660e270, dwHighDateTime=0x1d6076c)) [0074.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa660e270, dwHighDateTime=0x1d6076c)) [0074.204] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0074.204] GetCurrentThreadId () returned 0x670 [0074.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xa660e270, dwHighDateTime=0x1d6076c)) [0074.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xa660e270, dwHighDateTime=0x1d6076c)) [0074.204] GetTickCount () returned 0x1148da0 [0074.204] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0074.204] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0074.205] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52e0000 [0074.207] VirtualFree (lpAddress=0x52e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.207] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.208] ReleaseMutex (hMutex=0x150) returned 1 [0074.208] GetCurrentThreadId () returned 0x670 [0074.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa660e270, dwHighDateTime=0x1d6076c)) [0074.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa660e270, dwHighDateTime=0x1d6076c)) [0074.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xa660e270, dwHighDateTime=0x1d6076c)) [0074.208] GetCurrentThreadId () returned 0x670 [0074.208] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0074.208] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0074.209] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52e0000 [0074.211] VirtualFree (lpAddress=0x52e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.211] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.212] ReleaseMutex (hMutex=0x150) returned 1 [0074.212] ReleaseMutex (hMutex=0xf4) returned 1 [0074.212] GetCurrentThreadId () returned 0x670 [0074.212] GetCurrentThreadId () returned 0x670 [0074.212] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xa66343d0, dwHighDateTime=0x1d6076c)) [0074.212] Sleep (dwMilliseconds=0xd67) [0078.243] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0078.243] ReleaseMutex (hMutex=0x154) returned 1 [0078.244] GetCurrentThreadId () returned 0x670 [0078.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.244] GetCurrentThreadId () returned 0x670 [0078.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.244] GetCurrentThreadId () returned 0x670 [0078.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.244] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0078.244] GetCurrentThreadId () returned 0x670 [0078.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.244] GetTickCount () returned 0x1149b66 [0078.244] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0078.244] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0078.245] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52e0000 [0078.247] VirtualFree (lpAddress=0x52e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.247] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.248] ReleaseMutex (hMutex=0x150) returned 1 [0078.248] GetCurrentThreadId () returned 0x670 [0078.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xa87ad930, dwHighDateTime=0x1d6076c)) [0078.248] GetCurrentThreadId () returned 0x670 [0078.248] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0078.248] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0078.248] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52e0000 [0078.252] VirtualFree (lpAddress=0x52e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.252] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.252] ReleaseMutex (hMutex=0x150) returned 1 [0078.253] ReleaseMutex (hMutex=0xf4) returned 1 [0078.253] GetCurrentThreadId () returned 0x670 [0078.253] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa87d3a90, dwHighDateTime=0x1d6076c)) [0078.253] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xa87d3a90, dwHighDateTime=0x1d6076c)) [0078.253] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0078.253] GetCurrentThreadId () returned 0x670 [0078.253] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xa87d3a90, dwHighDateTime=0x1d6076c)) [0078.253] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xa87d3a90, dwHighDateTime=0x1d6076c)) [0078.253] GetTickCount () returned 0x1149b75 [0078.253] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0078.253] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0078.253] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52e0000 [0078.256] VirtualFree (lpAddress=0x52e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.256] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.256] ReleaseMutex (hMutex=0x150) returned 1 [0078.256] GetCurrentThreadId () returned 0x670 [0078.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa87d3a90, dwHighDateTime=0x1d6076c)) [0078.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xa87d3a90, dwHighDateTime=0x1d6076c)) [0078.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xa87d3a90, dwHighDateTime=0x1d6076c)) [0078.256] GetCurrentThreadId () returned 0x670 [0078.256] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0078.257] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52d0000 [0078.257] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x52e0000 [0078.259] VirtualFree (lpAddress=0x52e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.260] VirtualFree (lpAddress=0x52d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.260] ReleaseMutex (hMutex=0x150) returned 1 [0078.260] ReleaseMutex (hMutex=0xf4) returned 1 [0078.260] GetCurrentThreadId () returned 0x670 [0078.260] GetCurrentThreadId () returned 0x670 [0078.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xa87d3a90, dwHighDateTime=0x1d6076c)) [0078.260] Sleep (dwMilliseconds=0xc0e) Thread: id = 303 os_tid = 0x6a4 [0069.836] GetCurrentProcessId () returned 0xa80 [0069.836] ProcessIdToSessionId (in: dwProcessId=0xa80, pSessionId=0x45e6fe | out: pSessionId=0x45e6fe) returned 1 [0069.838] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="HYMEMkcU1") returned 0x17c [0069.838] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="LcQMUQsg1") returned 0x180 [0069.838] GetCurrentThreadId () returned 0x6a4 [0069.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xa4899230, dwHighDateTime=0x1d6076c)) [0069.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xa4899230, dwHighDateTime=0x1d6076c)) [0069.838] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0x3e8) returned 0x0 [0069.850] GetCurrentThreadId () returned 0x6a4 [0069.850] Sleep (dwMilliseconds=0x421) [0072.167] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0072.168] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0072.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xa52dd110, dwHighDateTime=0x1d6076c)) [0072.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xa52dd110, dwHighDateTime=0x1d6076c)) [0072.171] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0x16 [0072.184] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0x20 [0072.184] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x5265c0 [0072.189] OpenServiceW (hSCManager=0x5265c0, lpServiceName="lMMYIkPL", dwDesiredAccess=0xf01ff) returned 0x526520 [0072.190] QueryServiceStatus (in: hService=0x526520, lpServiceStatus=0x45d6d2 | out: lpServiceStatus=0x45d6d2*(dwServiceType=0x10, dwCurrentState=0x2, dwControlsAccepted=0x0, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x7d0)) returned 1 [0072.190] StartServiceW (hService=0x526520, dwNumServiceArgs=0x0, lpServiceArgVectors=0x0) Thread: id = 304 os_tid = 0x730 [0069.850] GetCurrentThreadId () returned 0x730 [0069.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff34 | out: lpSystemTimeAsFileTime=0x4e0ff34*(dwLowDateTime=0xa48bf390, dwHighDateTime=0x1d6076c)) [0069.877] GetCurrentThreadId () returned 0x730 [0069.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0xa490b650, dwHighDateTime=0x1d6076c)) [0069.881] Sleep (dwMilliseconds=0x222b) Thread: id = 305 os_tid = 0x78c [0069.907] GetCurrentThreadId () returned 0x78c [0069.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff28 | out: lpSystemTimeAsFileTime=0x4f4ff28*(dwLowDateTime=0xa4957910, dwHighDateTime=0x1d6076c)) [0069.907] GetCurrentThreadId () returned 0x78c [0069.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0xa4957910, dwHighDateTime=0x1d6076c)) [0069.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0xa4957910, dwHighDateTime=0x1d6076c)) [0069.911] GetCurrentThreadId () returned 0x78c [0069.911] gethostbyname (name="google.com") Thread: id = 306 os_tid = 0x60c [0070.124] GetCurrentThreadId () returned 0x60c [0070.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe78 | out: lpSystemTimeAsFileTime=0x508fe78*(dwLowDateTime=0xa4a15ff0, dwHighDateTime=0x1d6076c)) [0070.124] GetCurrentThreadId () returned 0x60c [0070.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0xa4a15ff0, dwHighDateTime=0x1d6076c)) [0070.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508febc | out: lpSystemTimeAsFileTime=0x508febc*(dwLowDateTime=0xa4a15ff0, dwHighDateTime=0x1d6076c)) [0070.128] GetCurrentThreadId () returned 0x60c [0070.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0xa4a15ff0, dwHighDateTime=0x1d6076c)) [0070.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0xa4a15ff0, dwHighDateTime=0x1d6076c)) [0070.128] GetCurrentThreadId () returned 0x60c [0070.128] GetCurrentThreadId () returned 0x60c [0070.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0xa4a15ff0, dwHighDateTime=0x1d6076c)) [0070.128] Sleep (dwMilliseconds=0x7bef5) Thread: id = 307 os_tid = 0x20c [0070.105] GetCurrentThreadId () returned 0x20c [0070.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfea8 | out: lpSystemTimeAsFileTime=0x51cfea8*(dwLowDateTime=0xa49c9d30, dwHighDateTime=0x1d6076c)) [0070.105] GetCurrentThreadId () returned 0x20c [0070.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xa49efe90, dwHighDateTime=0x1d6076c)) [0070.105] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0070.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xa4a15ff0, dwHighDateTime=0x1d6076c)) [0070.123] ReleaseMutex (hMutex=0x154) returned 1 [0070.123] Sleep (dwMilliseconds=0x517) [0072.557] GetCurrentThreadId () returned 0x20c [0072.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xa5695370, dwHighDateTime=0x1d6076c)) [0072.557] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0072.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xa5695370, dwHighDateTime=0x1d6076c)) [0072.603] ReleaseMutex (hMutex=0x154) returned 1 [0072.605] Sleep (dwMilliseconds=0x7be) [0074.630] GetCurrentThreadId () returned 0x20c [0074.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xa6a388f0, dwHighDateTime=0x1d6076c)) [0074.630] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0074.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xa6a388f0, dwHighDateTime=0x1d6076c)) [0074.630] ReleaseMutex (hMutex=0x154) returned 1 [0074.630] Sleep (dwMilliseconds=0x667) [0076.756] GetCurrentThreadId () returned 0x20c [0076.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xa79fdab0, dwHighDateTime=0x1d6076c)) [0076.756] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0076.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xa79fdab0, dwHighDateTime=0x1d6076c)) [0076.756] ReleaseMutex (hMutex=0x154) returned 1 [0076.756] Sleep (dwMilliseconds=0x589) [0078.313] GetCurrentThreadId () returned 0x20c [0078.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xa886c010, dwHighDateTime=0x1d6076c)) [0078.313] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0078.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xa886c010, dwHighDateTime=0x1d6076c)) [0078.313] ReleaseMutex (hMutex=0x154) returned 1 [0078.313] Sleep (dwMilliseconds=0x69c) [0080.402] GetCurrentThreadId () returned 0x20c [0080.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xa9b2ad50, dwHighDateTime=0x1d6076c)) [0080.402] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0080.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xa9b2ad50, dwHighDateTime=0x1d6076c)) [0080.402] ReleaseMutex (hMutex=0x154) returned 1 [0080.402] Sleep (dwMilliseconds=0x4ad) Process: id = "4" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "1" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 12 os_tid = 0x580 Thread: id = 13 os_tid = 0x344 Thread: id = 14 os_tid = 0x440 Thread: id = 15 os_tid = 0xd0 Thread: id = 16 os_tid = 0x1c Thread: id = 17 os_tid = 0x35c Thread: id = 18 os_tid = 0x18 Thread: id = 19 os_tid = 0x50 Thread: id = 20 os_tid = 0x7c Thread: id = 21 os_tid = 0x60 Thread: id = 22 os_tid = 0xd4 Thread: id = 23 os_tid = 0x328 Thread: id = 24 os_tid = 0x340 Thread: id = 25 os_tid = 0xa0 Thread: id = 26 os_tid = 0x650 Thread: id = 27 os_tid = 0x468 Thread: id = 28 os_tid = 0x584 Thread: id = 29 os_tid = 0x0 Thread: id = 30 os_tid = 0x648 Thread: id = 31 os_tid = 0x54c Thread: id = 32 os_tid = 0x570 Thread: id = 33 os_tid = 0x20 Thread: id = 34 os_tid = 0x474 Thread: id = 35 os_tid = 0x7f8 Thread: id = 36 os_tid = 0xf8 Thread: id = 37 os_tid = 0x24 Thread: id = 38 os_tid = 0x6f8 Thread: id = 39 os_tid = 0x6e4 Thread: id = 40 os_tid = 0x6d4 Thread: id = 41 os_tid = 0x6c4 Thread: id = 42 os_tid = 0x6b4 Thread: id = 43 os_tid = 0x6ac Thread: id = 44 os_tid = 0x84 Thread: id = 45 os_tid = 0x650 Thread: id = 46 os_tid = 0x590 Thread: id = 47 os_tid = 0x94 Thread: id = 48 os_tid = 0x488 Thread: id = 49 os_tid = 0x470 Thread: id = 50 os_tid = 0x68 Thread: id = 51 os_tid = 0x138 Thread: id = 52 os_tid = 0x3d8 Thread: id = 53 os_tid = 0x9c Thread: id = 54 os_tid = 0x88 Thread: id = 55 os_tid = 0x8c Thread: id = 56 os_tid = 0x5c Thread: id = 57 os_tid = 0x78 Thread: id = 58 os_tid = 0x308 Thread: id = 59 os_tid = 0x28c Thread: id = 60 os_tid = 0x74 Thread: id = 61 os_tid = 0x98 Thread: id = 62 os_tid = 0x34 Thread: id = 63 os_tid = 0x100 Thread: id = 64 os_tid = 0x198 Thread: id = 65 os_tid = 0x80 Thread: id = 66 os_tid = 0x158 Thread: id = 67 os_tid = 0x154 Thread: id = 68 os_tid = 0x150 Thread: id = 69 os_tid = 0x120 Thread: id = 70 os_tid = 0x90 Thread: id = 71 os_tid = 0x4c Thread: id = 72 os_tid = 0x130 Thread: id = 73 os_tid = 0x128 Thread: id = 74 os_tid = 0x124 Thread: id = 75 os_tid = 0x11c Thread: id = 76 os_tid = 0x118 Thread: id = 77 os_tid = 0xc4 Thread: id = 78 os_tid = 0x44 Thread: id = 79 os_tid = 0x28 Thread: id = 80 os_tid = 0x40 Thread: id = 81 os_tid = 0x2c Thread: id = 82 os_tid = 0x48 Thread: id = 83 os_tid = 0x38 Thread: id = 84 os_tid = 0xb8 Thread: id = 85 os_tid = 0x3c Thread: id = 86 os_tid = 0xc0 Thread: id = 87 os_tid = 0xb0 Thread: id = 88 os_tid = 0x30 Thread: id = 89 os_tid = 0x8 Thread: id = 313 os_tid = 0xbc Thread: id = 323 os_tid = 0x2a8 Thread: id = 335 os_tid = 0x944 Thread: id = 353 os_tid = 0x478 Process: id = "5" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x1bb25000" os_pid = "0x1d8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "1" os_parent_pid = "0x178" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 90 os_tid = 0xb1c Thread: id = 91 os_tid = 0xb18 Thread: id = 92 os_tid = 0xb0c Thread: id = 93 os_tid = 0xb08 Thread: id = 94 os_tid = 0x4e8 Thread: id = 95 os_tid = 0x4dc Thread: id = 96 os_tid = 0x4d0 Thread: id = 97 os_tid = 0x378 Thread: id = 98 os_tid = 0x288 Thread: id = 99 os_tid = 0x238 Thread: id = 100 os_tid = 0x234 Thread: id = 101 os_tid = 0x228 Thread: id = 102 os_tid = 0x224 Thread: id = 103 os_tid = 0x220 Thread: id = 104 os_tid = 0x21c Thread: id = 311 os_tid = 0x410 Thread: id = 312 os_tid = 0x7f4 Thread: id = 314 os_tid = 0x7e0 Thread: id = 315 os_tid = 0x7a0 Thread: id = 338 os_tid = 0xabc Thread: id = 339 os_tid = 0x314 Thread: id = 340 os_tid = 0x348 Thread: id = 350 os_tid = 0x524 Thread: id = 352 os_tid = 0xaec Thread: id = 368 os_tid = 0xa8c Thread: id = 369 os_tid = 0xb54 Thread: id = 377 os_tid = 0xb3c Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xccc3000" os_pid = "0x250" os_integrity_level = "0x4000" os_privileges = "0x60b00080" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006e7a" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 105 os_tid = 0xa60 Thread: id = 106 os_tid = 0x708 Thread: id = 107 os_tid = 0x690 Thread: id = 108 os_tid = 0x2a0 Thread: id = 109 os_tid = 0x29c Thread: id = 110 os_tid = 0x284 Thread: id = 111 os_tid = 0x280 Thread: id = 112 os_tid = 0x27c Thread: id = 113 os_tid = 0x278 Thread: id = 114 os_tid = 0x274 Thread: id = 115 os_tid = 0x268 Thread: id = 116 os_tid = 0x260 Thread: id = 117 os_tid = 0x254 Thread: id = 359 os_tid = 0xab4 Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1a2ff000" os_pid = "0x294" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b49c" [0xc000000f], "LOCAL" [0x7] Thread: id = 118 os_tid = 0x728 Thread: id = 119 os_tid = 0x3f8 Thread: id = 120 os_tid = 0x2c0 Thread: id = 121 os_tid = 0x2bc Thread: id = 122 os_tid = 0x2b8 Thread: id = 123 os_tid = 0x2b4 Thread: id = 124 os_tid = 0x2ac Thread: id = 125 os_tid = 0x298 Thread: id = 360 os_tid = 0x344 Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x24f0e000" os_pid = "0x2c8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7a5" [0xc000000f], "LOCAL" [0x7] Thread: id = 126 os_tid = 0xa74 Thread: id = 127 os_tid = 0xa6c Thread: id = 128 os_tid = 0x36c Thread: id = 129 os_tid = 0x408 Thread: id = 130 os_tid = 0x5f8 Thread: id = 131 os_tid = 0x5f0 Thread: id = 132 os_tid = 0x5ec Thread: id = 133 os_tid = 0x5d0 Thread: id = 134 os_tid = 0x5cc Thread: id = 135 os_tid = 0x12c Thread: id = 136 os_tid = 0x170 Thread: id = 137 os_tid = 0x3c0 Thread: id = 138 os_tid = 0x3b8 Thread: id = 139 os_tid = 0x3a8 Thread: id = 140 os_tid = 0x2fc Thread: id = 141 os_tid = 0x2f8 Thread: id = 142 os_tid = 0x2e4 Thread: id = 143 os_tid = 0x2dc Thread: id = 144 os_tid = 0x2d4 Thread: id = 145 os_tid = 0x2cc Thread: id = 361 os_tid = 0xafc Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xad16000" os_pid = "0x338" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bc99" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 146 os_tid = 0x5d8 Thread: id = 147 os_tid = 0x330 Thread: id = 148 os_tid = 0x638 Thread: id = 149 os_tid = 0x554 Thread: id = 150 os_tid = 0x748 Thread: id = 151 os_tid = 0x72c Thread: id = 152 os_tid = 0x720 Thread: id = 153 os_tid = 0x668 Thread: id = 154 os_tid = 0x65c Thread: id = 155 os_tid = 0x144 Thread: id = 156 os_tid = 0x110 Thread: id = 157 os_tid = 0x3f0 Thread: id = 158 os_tid = 0x3ec Thread: id = 159 os_tid = 0x3e4 Thread: id = 160 os_tid = 0x3e0 Thread: id = 161 os_tid = 0x3d0 Thread: id = 162 os_tid = 0x3cc Thread: id = 163 os_tid = 0x398 Thread: id = 164 os_tid = 0x394 Thread: id = 165 os_tid = 0x384 Thread: id = 166 os_tid = 0x380 Thread: id = 167 os_tid = 0x368 Thread: id = 168 os_tid = 0x350 Thread: id = 169 os_tid = 0x33c Thread: id = 362 os_tid = 0xae0 Process: id = "10" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 170 os_tid = 0x644 Thread: id = 171 os_tid = 0x320 Thread: id = 172 os_tid = 0x6cc Thread: id = 173 os_tid = 0x42c Thread: id = 174 os_tid = 0x1e4 Thread: id = 175 os_tid = 0x760 Thread: id = 176 os_tid = 0x75c Thread: id = 177 os_tid = 0x74c Thread: id = 178 os_tid = 0x710 Thread: id = 179 os_tid = 0x6e8 Thread: id = 180 os_tid = 0x6e0 Thread: id = 181 os_tid = 0x6d0 Thread: id = 182 os_tid = 0x6bc Thread: id = 183 os_tid = 0x6b8 Thread: id = 184 os_tid = 0x6b0 Thread: id = 185 os_tid = 0x6a8 Thread: id = 186 os_tid = 0x69c Thread: id = 187 os_tid = 0x698 Thread: id = 188 os_tid = 0x684 Thread: id = 189 os_tid = 0x678 Thread: id = 190 os_tid = 0x4a8 Thread: id = 191 os_tid = 0x46c Thread: id = 192 os_tid = 0x44c Thread: id = 193 os_tid = 0x424 Thread: id = 194 os_tid = 0x420 Thread: id = 195 os_tid = 0x41c Thread: id = 196 os_tid = 0x404 Thread: id = 197 os_tid = 0x14c Thread: id = 198 os_tid = 0x158 Thread: id = 199 os_tid = 0x3fc Thread: id = 200 os_tid = 0x3f4 Thread: id = 201 os_tid = 0x3e8 Thread: id = 202 os_tid = 0x39c Thread: id = 203 os_tid = 0x390 Thread: id = 204 os_tid = 0x38c Thread: id = 205 os_tid = 0x388 Thread: id = 206 os_tid = 0x37c Thread: id = 207 os_tid = 0x374 Thread: id = 292 os_tid = 0x5f4 Thread: id = 293 os_tid = 0x5e4 Thread: id = 294 os_tid = 0xacc Thread: id = 296 os_tid = 0xbb4 Thread: id = 297 os_tid = 0x570 Thread: id = 298 os_tid = 0x4e4 Thread: id = 299 os_tid = 0x54c Thread: id = 300 os_tid = 0x43c Thread: id = 302 os_tid = 0x32c Thread: id = 308 os_tid = 0x244 Thread: id = 309 os_tid = 0x798 Thread: id = 310 os_tid = 0x484 Thread: id = 351 os_tid = 0xaac Thread: id = 358 os_tid = 0x34c Thread: id = 376 os_tid = 0xb40 Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x972d000" os_pid = "0xc8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dde1" [0xc000000f], "LOCAL" [0x7] Thread: id = 208 os_tid = 0xa68 Thread: id = 209 os_tid = 0x208 Thread: id = 210 os_tid = 0x768 Thread: id = 211 os_tid = 0x764 Thread: id = 212 os_tid = 0x758 Thread: id = 213 os_tid = 0x724 Thread: id = 214 os_tid = 0x718 Thread: id = 215 os_tid = 0x714 Thread: id = 216 os_tid = 0x630 Thread: id = 217 os_tid = 0x154 Thread: id = 218 os_tid = 0x150 Thread: id = 219 os_tid = 0x120 Thread: id = 220 os_tid = 0x118 Thread: id = 221 os_tid = 0xf0 Thread: id = 337 os_tid = 0x9b4 Thread: id = 363 os_tid = 0x270 Thread: id = 373 os_tid = 0xa90 Thread: id = 374 os_tid = 0xb34 Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x9236000" os_pid = "0x11c" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e33a" [0xc000000f], "LOCAL" [0x7] Thread: id = 222 os_tid = 0x674 Thread: id = 223 os_tid = 0xaa0 Thread: id = 224 os_tid = 0x418 Thread: id = 225 os_tid = 0x548 Thread: id = 226 os_tid = 0x750 Thread: id = 227 os_tid = 0x6a0 Thread: id = 228 os_tid = 0x68c Thread: id = 229 os_tid = 0x680 Thread: id = 230 os_tid = 0x66c Thread: id = 231 os_tid = 0x614 Thread: id = 232 os_tid = 0x5fc Thread: id = 233 os_tid = 0x188 Thread: id = 234 os_tid = 0x140 Thread: id = 235 os_tid = 0x128 Thread: id = 236 os_tid = 0x2b0 Thread: id = 237 os_tid = 0x214 Thread: id = 238 os_tid = 0x130 Thread: id = 239 os_tid = 0x218 Thread: id = 240 os_tid = 0x1cc Thread: id = 364 os_tid = 0xb8c Thread: id = 370 os_tid = 0xb38 Process: id = "13" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0x7c150000" os_pid = "0x47c" os_integrity_level = "0x4000" os_privileges = "0x20a00080" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\spoolsv.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:00010a1b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 241 os_tid = 0x4b8 Thread: id = 242 os_tid = 0x4b4 Thread: id = 243 os_tid = 0x498 Thread: id = 244 os_tid = 0x494 Thread: id = 245 os_tid = 0x480 Thread: id = 334 os_tid = 0x8e4 Thread: id = 365 os_tid = 0xac8 Process: id = "14" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x35aa000" os_pid = "0x4bc" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0001106d" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Thread: id = 246 os_tid = 0x7fc Thread: id = 247 os_tid = 0x7d8 Thread: id = 248 os_tid = 0x744 Thread: id = 249 os_tid = 0x740 Thread: id = 250 os_tid = 0x73c Thread: id = 251 os_tid = 0x6d8 Thread: id = 252 os_tid = 0x63c Thread: id = 253 os_tid = 0x62c Thread: id = 254 os_tid = 0x628 Thread: id = 255 os_tid = 0x624 Thread: id = 256 os_tid = 0x61c Thread: id = 257 os_tid = 0x610 Thread: id = 258 os_tid = 0x5e8 Thread: id = 259 os_tid = 0x5c8 Thread: id = 260 os_tid = 0x5c0 Thread: id = 261 os_tid = 0x5a0 Thread: id = 262 os_tid = 0x4f8 Thread: id = 263 os_tid = 0x4ec Thread: id = 264 os_tid = 0x4e0 Thread: id = 265 os_tid = 0x4d4 Thread: id = 266 os_tid = 0x4c4 Thread: id = 267 os_tid = 0x4c0 Thread: id = 366 os_tid = 0xac4 Process: id = "15" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0xded000" os_pid = "0x4c8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "\"taskhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 268 os_tid = 0xa88 Thread: id = 269 os_tid = 0x7f0 Thread: id = 270 os_tid = 0x794 Thread: id = 271 os_tid = 0x784 Thread: id = 272 os_tid = 0x77c Thread: id = 273 os_tid = 0x778 Thread: id = 274 os_tid = 0x770 Thread: id = 275 os_tid = 0x500 Thread: id = 276 os_tid = 0x4f4 Thread: id = 277 os_tid = 0x4d8 Thread: id = 278 os_tid = 0x4cc Thread: id = 336 os_tid = 0x974 Process: id = "16" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x5ed0f000" os_pid = "0xb60" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "taskhost.exe $(Arg0)" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT TASK\\Microsoft-Windows-SideShow-AutoWake" [0xe], "NT TASK\\Microsoft-Windows-SideShow-SystemDataProviders" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-UsbCeip" [0xe], "NT TASK\\Microsoft-Windows-Ras-MobilityManager" [0xe], "NT TASK\\Microsoft-Windows-PerfTrack-BackgroundConfigSurveyor" [0xe], "NT TASK\\Microsoft-Windows-RAC-RacTask" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-KernelCeipTask" [0xe], "NT AUTHORITY\\Logon Session 00000000:00055659" [0xc0000007], "LOCAL" [0x7] Thread: id = 279 os_tid = 0xbac Thread: id = 280 os_tid = 0xb98 Thread: id = 281 os_tid = 0xb94 Thread: id = 282 os_tid = 0xb90 Thread: id = 283 os_tid = 0xb88 Thread: id = 284 os_tid = 0xb84 Thread: id = 285 os_tid = 0xb80 Thread: id = 286 os_tid = 0xb78 Thread: id = 287 os_tid = 0xb70 Thread: id = 288 os_tid = 0xb6c Thread: id = 289 os_tid = 0xb68 Thread: id = 290 os_tid = 0xb64 Process: id = "17" image_name = "ssyiykgc.exe" filename = "c:\\programdata\\vwcueoyi\\ssyiykgc.exe" page_root = "0x2e820000" os_pid = "0xb0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 291 os_tid = 0x1c4 [0065.143] GetInputState () returned 0 [0065.144] GetInputState () returned 0 [0065.144] GetInputState () returned 0 [0065.144] GetInputState () returned 0 [0065.144] GetInputState () returned 0 [0065.144] GetUserDefaultLCID () returned 0x409 [0065.283] GetUserDefaultLCID () returned 0x409 [0065.283] GetUserDefaultLCID () returned 0x409 [0065.283] GetUserDefaultLCID () returned 0x409 [0065.283] GetUserDefaultLCID () returned 0x409 [0065.283] GetUserDefaultLCID () returned 0x409 [0065.284] GetUserDefaultLCID () returned 0x409 [0065.284] GetUserDefaultLCID () returned 0x409 [0065.284] VirtualProtect (in: lpAddress=0x401400, dwSize=0x7449e, flNewProtect=0x40, lpflOldProtect=0x18ff88 | out: lpflOldProtect=0x18ff88*=0x20) returned 1 [0065.290] GetUserDefaultLCID () returned 0x409 [0065.290] GetUserDefaultLCID () returned 0x409 [0065.290] GetUserDefaultLCID () returned 0x409 [0065.291] GetUserDefaultLCID () returned 0x409 [0065.291] GetUserDefaultLCID () returned 0x409 [0065.291] GetUserDefaultLCID () returned 0x409 [0065.291] GetUserDefaultLCID () returned 0x409 [0065.291] GetUserDefaultLCID () returned 0x409 [0065.468] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18ff80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18ff80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0065.680] GetVersionExA (in: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 Process: id = "18" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x205b9000" os_pid = "0x544" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 316 os_tid = 0x648 Thread: id = 317 os_tid = 0x7b8 Thread: id = 318 os_tid = 0x534 Thread: id = 319 os_tid = 0x700 Thread: id = 320 os_tid = 0x70c Thread: id = 321 os_tid = 0x664 Thread: id = 322 os_tid = 0x620 Process: id = "19" image_name = "logonui.exe" filename = "c:\\windows\\system32\\logonui.exe" page_root = "0x76e0c000" os_pid = "0x7c4" os_integrity_level = "0x4000" os_privileges = "0x60b16000" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x1ac" cmd_line = "\"LogonUI.exe\" /flags:0x0" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 324 os_tid = 0x854 Thread: id = 325 os_tid = 0x844 Thread: id = 326 os_tid = 0x834 Thread: id = 327 os_tid = 0x824 Thread: id = 328 os_tid = 0x814 Thread: id = 329 os_tid = 0x804 Thread: id = 330 os_tid = 0x290 Thread: id = 331 os_tid = 0x5bc Thread: id = 332 os_tid = 0x874 Process: id = "20" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x24ce4000" os_pid = "0x894" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 333 os_tid = 0x8a4 Process: id = "21" image_name = "logonui.exe" filename = "c:\\windows\\system32\\logonui.exe" page_root = "0x233ef000" os_pid = "0x9e8" os_integrity_level = "0x4000" os_privileges = "0x860b14080" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x178" cmd_line = "\"LogonUI.exe\" /flags:0x1" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 341 os_tid = 0xb44 Thread: id = 342 os_tid = 0x310 Thread: id = 343 os_tid = 0x5b8 Thread: id = 344 os_tid = 0x640 Thread: id = 345 os_tid = 0x358 Thread: id = 346 os_tid = 0x600 Thread: id = 347 os_tid = 0xa70 Thread: id = 348 os_tid = 0x9ec Thread: id = 349 os_tid = 0xb48 Process: id = "22" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x6d550000" os_pid = "0xaa4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0xb0" cmd_line = "C:\\Windows\\SysWOW64\\WerFault.exe -u -p 176 -s 124" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 354 os_tid = 0xaa8 Thread: id = 355 os_tid = 0xab0 Thread: id = 356 os_tid = 0xad0 Process: id = "23" image_name = "ssyiykgc.exe" filename = "c:\\programdata\\vwcueoyi\\ssyiykgc.exe" page_root = "0x6cc57000" os_pid = "0xaf4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 357 os_tid = 0xadc [0088.524] GetInputState () returned 0 [0088.524] GetInputState () returned 0 [0088.524] GetInputState () returned 0 [0088.524] GetInputState () returned 0 [0088.524] GetInputState () returned 0 [0088.525] GetUserDefaultLCID () returned 0x409 [0088.526] GetUserDefaultLCID () returned 0x409 [0088.526] GetUserDefaultLCID () returned 0x409 [0088.526] GetUserDefaultLCID () returned 0x409 [0088.526] GetUserDefaultLCID () returned 0x409 [0088.527] GetUserDefaultLCID () returned 0x409 [0088.527] GetUserDefaultLCID () returned 0x409 [0088.527] GetUserDefaultLCID () returned 0x409 [0088.527] VirtualProtect (in: lpAddress=0x401400, dwSize=0x7449e, flNewProtect=0x40, lpflOldProtect=0x18ff88 | out: lpflOldProtect=0x18ff88*=0x20) returned 1 [0088.529] GetUserDefaultLCID () returned 0x409 [0088.529] GetUserDefaultLCID () returned 0x409 [0088.529] GetUserDefaultLCID () returned 0x409 [0088.529] GetUserDefaultLCID () returned 0x409 [0088.529] GetUserDefaultLCID () returned 0x409 [0088.530] GetUserDefaultLCID () returned 0x409 [0088.530] GetUserDefaultLCID () returned 0x409 [0088.530] GetUserDefaultLCID () returned 0x409 [0088.558] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18ff80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18ff80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0088.558] GetVersionExA (in: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.560] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessA") returned 0x76d41072 [0088.560] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0088.560] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0088.560] GetProcAddress (hModule=0x76d30000, lpProcName="ProcessIdToSessionId") returned 0x76d41275 [0088.561] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0088.561] GetProcAddress (hModule=0x76d30000, lpProcName="EndUpdateResourceA") returned 0x76dd3d34 [0088.561] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0088.561] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0088.561] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0088.561] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0088.561] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0088.561] GetProcAddress (hModule=0x76d30000, lpProcName="Process32Next") returned 0x76d688a4 [0088.562] GetProcAddress (hModule=0x76d30000, lpProcName="SuspendThread") returned 0x76d67d7e [0088.562] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0088.562] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0088.562] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0088.562] GetProcAddress (hModule=0x76d30000, lpProcName="WinExec") returned 0x76dc2c21 [0088.562] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameA") returned 0x76d414b1 [0088.562] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0088.562] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0088.563] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalFree") returned 0x76d45558 [0088.563] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0088.563] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0088.563] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsA") returned 0x76d4e4dc [0088.563] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0088.563] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0088.563] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77710000 [0088.563] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0088.564] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x770a0000 [0088.564] GetProcAddress (hModule=0x770a0000, lpProcName="SetBkColor") returned 0x770b52d8 [0088.564] GetProcAddress (hModule=0x77710000, lpProcName="CheckTokenMembership") returned 0x7771df04 [0088.564] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0088.564] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x756a0000 [0088.567] GetProcAddress (hModule=0x756a0000, lpProcName="WNetAddConnection2W") returned 0x756a4744 [0088.568] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77130000 [0088.568] GetProcAddress (hModule=0x77130000, lpProcName="InvalidateRect") returned 0x77151381 [0088.568] GetProcAddress (hModule=0x77130000, lpProcName="LoadIconA") returned 0x7714dafb [0088.568] GetProcAddress (hModule=0x77130000, lpProcName="TranslateMessage") returned 0x77147809 [0088.568] GetProcAddress (hModule=0x76d30000, lpProcName="ReleaseMutex") returned 0x76d4111e [0088.568] GetProcAddress (hModule=0x76d30000, lpProcName="OpenThread") returned 0x76d51248 [0088.568] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0088.568] GetProcAddress (hModule=0x77130000, lpProcName="GetForegroundWindow") returned 0x77152320 [0088.569] GetProcAddress (hModule=0x77130000, lpProcName="PostQuitMessage") returned 0x77149abb [0088.569] GetProcAddress (hModule=0x77130000, lpProcName="DrawTextW") returned 0x771525cf [0088.569] GetProcAddress (hModule=0x770a0000, lpProcName="CreateDIBSection") returned 0x770bac46 [0088.569] GetProcAddress (hModule=0x77130000, lpProcName="GetMessageA") returned 0x77147bd3 [0088.569] GetProcAddress (hModule=0x77130000, lpProcName="EndPaint") returned 0x77151341 [0088.569] GetProcAddress (hModule=0x756a0000, lpProcName="WNetCancelConnection2W") returned 0x756a8cd1 [0088.569] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0088.569] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0088.570] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0088.570] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0088.570] GetProcAddress (hModule=0x770a0000, lpProcName="CreateCompatibleDC") returned 0x770b54f4 [0088.570] GetProcAddress (hModule=0x77130000, lpProcName="FindWindowExA") returned 0x771500d9 [0088.570] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77230000 [0088.575] GetProcAddress (hModule=0x77230000, lpProcName="ioctlsocket") returned 0x77233084 [0088.575] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0088.575] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x759d0000 [0088.576] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractAssociatedIconW") returned 0x75bd4e1e [0088.576] GetProcAddress (hModule=0x77130000, lpProcName="CloseClipboard") returned 0x77158e8d [0088.576] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractAssociatedIconA") returned 0x75bd4efe [0088.576] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyState") returned 0x7715291f [0088.576] GetProcAddress (hModule=0x77710000, lpProcName="SetEntriesInAclA") returned 0x777615e9 [0088.576] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x75680000 [0088.586] GetProcAddress (hModule=0x75680000, lpProcName="NetLocalGroupAdd") returned 0x75638c32 [0088.588] GetProcAddress (hModule=0x77130000, lpProcName="UnregisterClassA") returned 0x7714dced [0088.588] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingA") returned 0x76d45506 [0088.589] GetProcAddress (hModule=0x76d30000, lpProcName="RtlZeroMemory") returned 0x77ca3c10 [0088.589] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalUnlock") returned 0x76d5cfdf [0088.590] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineA") returned 0x76d451a1 [0088.590] GetProcAddress (hModule=0x770a0000, lpProcName="TextOutA") returned 0x770beda3 [0088.590] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0088.590] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorA") returned 0x7714dad5 [0088.590] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteObject") returned 0x770b5689 [0088.590] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0088.590] GetProcAddress (hModule=0x770a0000, lpProcName="GetObjectA") returned 0x770b85d4 [0088.590] GetProcAddress (hModule=0x77130000, lpProcName="UpdateWindow") returned 0x77153559 [0088.591] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0088.591] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0088.591] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowPos") returned 0x77148e4e [0088.591] GetProcAddress (hModule=0x770a0000, lpProcName="SelectObject") returned 0x770b4f70 [0088.591] GetProcAddress (hModule=0x77230000, lpProcName="htonl") returned 0x77232d57 [0088.591] GetProcAddress (hModule=0x770a0000, lpProcName="BitBlt") returned 0x770b5ea6 [0088.591] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0088.592] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0088.592] GetProcAddress (hModule=0x76d30000, lpProcName="UpdateResourceA") returned 0x76dd363d [0088.592] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameA") returned 0x7773a4b4 [0088.592] GetProcAddress (hModule=0x75680000, lpProcName="NetLocalGroupDel") returned 0x75638d7c [0088.592] GetProcAddress (hModule=0x77230000, lpProcName="select") returned 0x77236989 [0088.592] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0088.592] GetProcAddress (hModule=0x770a0000, lpProcName="GetDIBits") returned 0x770b6001 [0088.593] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractIconExW") returned 0x75aef0bd [0088.593] GetProcAddress (hModule=0x77230000, lpProcName="listen") returned 0x7723b001 [0088.593] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount") returned 0x76d4110c [0088.593] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0088.593] LoadLibraryA (lpLibFileName="wtsapi32.dll") returned 0x75620000 [0088.595] GetProcAddress (hModule=0x75620000, lpProcName="WTSLogoffSession") returned 0x75623d77 [0088.596] GetProcAddress (hModule=0x756a0000, lpProcName="WNetOpenEnumW") returned 0x756a2f06 [0088.596] GetProcAddress (hModule=0x77130000, lpProcName="OpenClipboard") returned 0x77158ecb [0088.596] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryA") returned 0x76d6d526 [0088.596] GetProcAddress (hModule=0x77130000, lpProcName="DefWindowProcA") returned 0x77c824e0 [0088.596] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameW") returned 0x7772157a [0088.596] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0088.596] GetProcAddress (hModule=0x77710000, lpProcName="LsaAddAccountRights") returned 0x77758819 [0088.597] GetProcAddress (hModule=0x75620000, lpProcName="WTSFreeMemory") returned 0x75621b65 [0088.597] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0088.597] GetProcAddress (hModule=0x77710000, lpProcName="SetEntriesInAclW") returned 0x77722a66 [0088.597] GetProcAddress (hModule=0x77710000, lpProcName="LsaOpenPolicy") returned 0x7773077c [0088.597] GetProcAddress (hModule=0x77130000, lpProcName="CreateWindowExA") returned 0x7714d22e [0088.597] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClassExA") returned 0x7714db98 [0088.597] GetProcAddress (hModule=0x77130000, lpProcName="InSendMessage") returned 0x77153e46 [0088.598] GetProcAddress (hModule=0x77710000, lpProcName="OpenServiceW") returned 0x7771ca4c [0088.598] GetProcAddress (hModule=0x77230000, lpProcName="recv") returned 0x77236b0e [0088.598] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0088.598] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0088.598] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalAlloc") returned 0x76d4588e [0088.598] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0088.598] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0088.598] GetProcAddress (hModule=0x770a0000, lpProcName="CreateFontIndirectA") returned 0x770bcffd [0088.599] GetProcAddress (hModule=0x76d30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76d6735f [0088.599] GetProcAddress (hModule=0x77710000, lpProcName="SetNamedSecurityInfoW") returned 0x77719fe2 [0088.599] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0088.599] GetProcAddress (hModule=0x77130000, lpProcName="EmptyClipboard") returned 0x771a7cb9 [0088.599] GetProcAddress (hModule=0x770a0000, lpProcName="CreateSolidBrush") returned 0x770b4f17 [0088.599] GetProcAddress (hModule=0x77230000, lpProcName="gethostbyname") returned 0x77247673 [0088.599] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableW") returned 0x76d41b48 [0088.600] GetProcAddress (hModule=0x77230000, lpProcName="accept") returned 0x772368b6 [0088.600] GetProcAddress (hModule=0x76d30000, lpProcName="CreateMutexA") returned 0x76d44c6b [0088.600] GetProcAddress (hModule=0x77130000, lpProcName="ShowWindow") returned 0x77150dfb [0088.600] GetProcAddress (hModule=0x770a0000, lpProcName="CreateCompatibleBitmap") returned 0x770b5f49 [0088.600] GetProcAddress (hModule=0x77130000, lpProcName="DestroyWindow") returned 0x77149a55 [0088.600] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x76620000 [0088.650] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0088.651] GetProcAddress (hModule=0x770a0000, lpProcName="TextOutW") returned 0x770bd41c [0088.651] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0088.651] GetProcAddress (hModule=0x77130000, lpProcName="DrawIcon") returned 0x77158deb [0088.651] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0088.652] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0088.652] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0088.652] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0088.652] GetProcAddress (hModule=0x77230000, lpProcName="WSAStartup") returned 0x77233ab2 [0088.652] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0088.652] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileA") returned 0x76d658e5 [0088.652] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileA") returned 0x76d45444 [0088.652] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0088.652] GetProcAddress (hModule=0x77130000, lpProcName="FillRect") returned 0x77150eb6 [0088.652] GetProcAddress (hModule=0x77130000, lpProcName="SetClipboardData") returned 0x77188e57 [0088.653] GetProcAddress (hModule=0x77710000, lpProcName="ConvertSidToStringSidA") returned 0x7774192a [0088.653] GetProcAddress (hModule=0x76d30000, lpProcName="Process32First") returned 0x76d68ae7 [0088.653] GetProcAddress (hModule=0x76d30000, lpProcName="ResumeThread") returned 0x76d443ef [0088.653] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0088.653] GetProcAddress (hModule=0x75680000, lpProcName="NetUserSetInfo") returned 0x75635d16 [0088.653] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0088.653] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0088.653] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatus") returned 0x77722a86 [0088.653] GetProcAddress (hModule=0x77710000, lpProcName="LogonUserW") returned 0x7771c1a9 [0088.654] GetProcAddress (hModule=0x77230000, lpProcName="shutdown") returned 0x7723449d [0088.654] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0088.654] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesA") returned 0x76d5ecd3 [0088.654] GetProcAddress (hModule=0x77230000, lpProcName="bind") returned 0x77234582 [0088.654] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableA") returned 0x76d433a0 [0088.654] GetProcAddress (hModule=0x77230000, lpProcName="getsockname") returned 0x772330af [0088.654] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExA") returned 0x77724907 [0088.654] GetProcAddress (hModule=0x77130000, lpProcName="DispatchMessageA") returned 0x77147bbb [0088.654] GetProcAddress (hModule=0x76d30000, lpProcName="BeginUpdateResourceA") returned 0x76dd3f39 [0088.654] GetProcAddress (hModule=0x77130000, lpProcName="DrawTextA") returned 0x7715aea1 [0088.655] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0088.655] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0088.655] GetProcAddress (hModule=0x77130000, lpProcName="SetClassLongA") returned 0x7715d5f9 [0088.655] GetProcAddress (hModule=0x75680000, lpProcName="NetLocalGroupAddMembers") returned 0x756392fe [0088.655] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalLock") returned 0x76d5d0a7 [0088.655] GetProcAddress (hModule=0x77710000, lpProcName="SetSecurityDescriptorDacl") returned 0x7772415e [0088.655] GetProcAddress (hModule=0x77130000, lpProcName="GetDC") returned 0x771472c4 [0088.655] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteDC") returned 0x770b58b3 [0088.655] GetProcAddress (hModule=0x77710000, lpProcName="CreateProcessWithLogonW") returned 0x777552e9 [0088.656] GetProcAddress (hModule=0x77130000, lpProcName="FindWindowA") returned 0x7714ffe6 [0088.656] GetProcAddress (hModule=0x77230000, lpProcName="getpeername") returned 0x77237147 [0088.656] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserGeoID") returned 0x76d6acf0 [0088.656] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76e40000 [0088.657] GetProcAddress (hModule=0x76e40000, lpProcName="OleLoadPicture") returned 0x76ea7c49 [0088.657] GetProcAddress (hModule=0x770a0000, lpProcName="SetTextColor") returned 0x770b522d [0088.657] GetProcAddress (hModule=0x76d30000, lpProcName="BeginUpdateResourceW") returned 0x76dd3d6c [0088.658] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0088.658] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0088.658] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0088.658] GetProcAddress (hModule=0x77230000, lpProcName="htons") returned 0x77232d8b [0088.658] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyboardState") returned 0x7716ec68 [0088.658] GetProcAddress (hModule=0x77130000, lpProcName="DestroyIcon") returned 0x771549b2 [0088.658] GetProcAddress (hModule=0x75680000, lpProcName="NetLocalGroupGetMembers") returned 0x756321be [0088.658] GetProcAddress (hModule=0x75620000, lpProcName="WTSEnumerateSessionsA") returned 0x75624023 [0088.658] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0088.659] GetProcAddress (hModule=0x77710000, lpProcName="ConvertStringSidToSidA") returned 0x77730f23 [0088.659] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0088.659] GetProcAddress (hModule=0x77230000, lpProcName="send") returned 0x77236f01 [0088.659] GetProcAddress (hModule=0x77230000, lpProcName="closesocket") returned 0x77233918 [0088.659] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountNameW") returned 0x7771e276 [0088.659] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageA") returned 0x7715612e [0088.659] GetProcAddress (hModule=0x77230000, lpProcName="socket") returned 0x77233eb8 [0088.659] GetProcAddress (hModule=0x75680000, lpProcName="NetApiBufferFree") returned 0x756713d2 [0088.659] GetProcAddress (hModule=0x77130000, lpProcName="GetSystemMetrics") returned 0x77147d2f [0088.660] GetProcAddress (hModule=0x77130000, lpProcName="GetIconInfo") returned 0x771549ea [0088.660] GetProcAddress (hModule=0x77130000, lpProcName="SetTimer") returned 0x771479fb [0088.660] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0088.660] GetProcAddress (hModule=0x75680000, lpProcName="NetLocalGroupDelMembers") returned 0x75639322 [0088.660] GetProcAddress (hModule=0x756a0000, lpProcName="WNetEnumResourceW") returned 0x756a3058 [0088.660] GetProcAddress (hModule=0x77710000, lpProcName="InitializeSecurityDescriptor") returned 0x77724620 [0088.660] GetProcAddress (hModule=0x77130000, lpProcName="BeginPaint") returned 0x77151361 [0088.660] GetProcAddress (hModule=0x77230000, lpProcName="connect") returned 0x77236bdd [0088.660] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0088.661] GetProcAddress (hModule=0x75680000, lpProcName="NetUserAdd") returned 0x75635648 [0088.661] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x350000 [0088.661] VirtualAlloc (lpAddress=0x0, dwSize=0x73b6e, flAllocationType=0x1000, flProtect=0x40) returned 0x360000 [0088.668] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5c4418 [0088.668] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5c4418, dwRevision=0x1 | out: pSecurityDescriptor=0x5c4418) returned 1 [0088.668] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5c4418, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5c4418) returned 1 [0088.668] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x480000 [0088.668] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x3e0000 [0088.668] VirtualAlloc (lpAddress=0x0, dwSize=0x2300000, flAllocationType=0x3000, flProtect=0x40) returned 0xc20000 [0088.669] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0xa30000 [0088.669] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x2f20000 [0088.669] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x3f0000 [0088.669] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x3f0000, nSize=0x200 | out: lpBuffer="C:\\Windows\\TEMP") returned 0xf [0088.669] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e16, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e0a | out: pSid=0x458e0a*=0x5c4a68*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0088.670] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e28, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e1c | out: pSid=0x458e1c*=0x5c4a80*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0088.670] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x580000 [0088.670] SetEntriesInAclA () returned 0x0 [0088.674] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5c45b0 [0088.674] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5c45b0, dwRevision=0x1 | out: pSecurityDescriptor=0x5c45b0) returned 1 [0088.674] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5c45b0, bDaclPresent=1, pDacl=0x5c67e0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5c45b0) returned 1 [0088.674] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x590000 [0088.675] SetEntriesInAclA () returned 0x0 [0088.675] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5c6cf8 [0088.675] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5c6cf8, dwRevision=0x1 | out: pSecurityDescriptor=0x5c6cf8) returned 1 [0088.675] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5c6cf8, bDaclPresent=1, pDacl=0x5c6d50, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5c6cf8) returned 1 [0088.675] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x5a0000 [0088.675] SetEntriesInAclA () returned 0x0 [0088.675] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5c6d18 [0088.675] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5c6d18, dwRevision=0x1 | out: pSecurityDescriptor=0x5c6d18) returned 1 [0088.675] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5c6d18, bDaclPresent=1, pDacl=0x5c6dc8, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5c6d18) returned 1 [0088.675] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x403110 | out: lpWSAData=0x403110) returned 0 [0088.685] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="uwkkwwAk") returned 0x100 [0088.685] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="DakkIgow") returned 0x104 [0088.685] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x840000 [0088.685] VirtualAlloc (lpAddress=0x0, dwSize=0x402, flAllocationType=0x3000, flProtect=0x40) returned 0x850000 [0088.685] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x860000 [0088.686] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x870000 [0088.687] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x880000 [0088.688] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0xb30000 [0088.688] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0xb40000 [0088.688] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0xb50000 [0088.688] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x860000, nSize=0x1000 | out: lpBuffer="C:\\Windows\\system32\\config\\systemprofile") returned 0x28 [0088.688] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x870000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0088.688] CreateDirectoryW (lpPathName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou"), lpSecurityAttributes=0x458dca) returned 1 [0088.704] CreateDirectoryW (lpPathName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou"), lpSecurityAttributes=0x458a18) returned 0 [0088.704] SetFileAttributesW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU", dwFileAttributes=0x6) returned 1 [0088.704] GetCurrentThreadId () returned 0xadc [0088.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xae045430, dwHighDateTime=0x1d6076c)) [0088.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xae045430, dwHighDateTime=0x1d6076c)) [0088.705] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0x3e7) returned 0x0 [0088.705] GetCurrentThreadId () returned 0xadc [0088.705] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou")) returned 0x16 [0088.705] CreateFileW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU\\BUccwoAg" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou\\buccwoag"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0088.705] CreateFileW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU\\BUccwoAg" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou\\buccwoag"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458dfa, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0088.705] SetFileAttributesW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU\\BUccwoAg", dwFileAttributes=0x6) returned 1 [0088.705] CreateFileMappingA (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x10c [0088.706] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xb60000 [0088.706] ReleaseMutex (hMutex=0x100) returned 1 [0088.706] WaitForSingleObject (hHandle=0x402973, dwMilliseconds=0x1b58) returned 0xffffffff [0088.706] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0xb70000 [0088.709] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0xb80000 [0088.710] VirtualFree (lpAddress=0xb80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.710] VirtualFree (lpAddress=0xb70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.711] ReleaseMutex (hMutex=0x402973) returned 0 [0088.711] CreateDirectoryW (lpPathName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc"), lpSecurityAttributes=0x458dca) returned 0 [0088.711] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc", dwFileAttributes=0x6) returned 1 [0088.711] GetCurrentThreadId () returned 0xadc [0088.711] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xae045430, dwHighDateTime=0x1d6076c)) [0088.711] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xae045430, dwHighDateTime=0x1d6076c)) [0088.711] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0x3e7) returned 0x0 [0088.711] GetCurrentThreadId () returned 0xadc [0088.711] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc")) returned 0x16 [0088.711] CreateFileW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0088.711] CreateFileMappingA (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x114 [0088.712] MapViewOfFile (hFileMappingObject=0x114, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xb70000 [0088.712] ReleaseMutex (hMutex=0x100) returned 1 [0088.712] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xb80000 [0088.712] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xb90000 [0088.713] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0xba0000 [0088.713] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0xbb0000 [0088.713] GetUserNameA (in: lpBuffer=0xba001a, pcbBuffer=0x45db86 | out: lpBuffer="SYSTEM", pcbBuffer=0x45db86) returned 1 [0088.716] GetUserNameA (in: lpBuffer=0xbb001a, pcbBuffer=0x45db86 | out: lpBuffer="SYSTEM", pcbBuffer=0x45db86) returned 1 [0088.716] Sleep (dwMilliseconds=0xbe) [0088.924] LookupAccountNameW (in: lpSystemName=0x0, lpAccountName="gjpll9uxb4hpl9ud", Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed | out: Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed) returned 0 [0088.929] StartServiceCtrlDispatcherW (lpServiceTable=0x40ad47*(lpServiceName="", lpServiceProc=0x40b097)) returned 1 [0088.933] ExitProcess (uExitCode=0x0) Thread: id = 367 os_tid = 0xba4 Thread: id = 371 os_tid = 0xb50 Process: id = "24" image_name = "ssyiykgc.exe" filename = "c:\\programdata\\vwcueoyi\\ssyiykgc.exe" page_root = "0x6d468000" os_pid = "0xb5c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 372 os_tid = 0xb20 [0089.028] GetInputState () returned 0 [0089.028] GetInputState () returned 0 [0089.028] GetInputState () returned 0 [0089.028] GetInputState () returned 0 [0089.028] GetInputState () returned 0 [0089.028] GetUserDefaultLCID () returned 0x409 [0089.029] GetUserDefaultLCID () returned 0x409 [0089.029] GetUserDefaultLCID () returned 0x409 [0089.029] GetUserDefaultLCID () returned 0x409 [0089.029] GetUserDefaultLCID () returned 0x409 [0089.029] GetUserDefaultLCID () returned 0x409 [0089.030] GetUserDefaultLCID () returned 0x409 [0089.030] GetUserDefaultLCID () returned 0x409 [0089.030] VirtualProtect (in: lpAddress=0x401400, dwSize=0x7449e, flNewProtect=0x40, lpflOldProtect=0x18ff88 | out: lpflOldProtect=0x18ff88*=0x20) returned 1 [0089.031] GetUserDefaultLCID () returned 0x409 [0089.031] GetUserDefaultLCID () returned 0x409 [0089.031] GetUserDefaultLCID () returned 0x409 [0089.032] GetUserDefaultLCID () returned 0x409 [0089.032] GetUserDefaultLCID () returned 0x409 [0089.032] GetUserDefaultLCID () returned 0x409 [0089.032] GetUserDefaultLCID () returned 0x409 [0089.032] GetUserDefaultLCID () returned 0x409 [0089.053] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18ff80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18ff80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0089.054] GetVersionExA (in: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.055] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0089.055] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessA") returned 0x76d41072 [0089.056] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0089.056] GetProcAddress (hModule=0x76d30000, lpProcName="ReleaseMutex") returned 0x76d4111e [0089.056] GetProcAddress (hModule=0x76d30000, lpProcName="CreateMutexA") returned 0x76d44c6b [0089.056] GetProcAddress (hModule=0x76d30000, lpProcName="BeginUpdateResourceW") returned 0x76dd3d6c [0089.056] GetProcAddress (hModule=0x76d30000, lpProcName="EndUpdateResourceA") returned 0x76dd3d34 [0089.056] GetProcAddress (hModule=0x76d30000, lpProcName="SuspendThread") returned 0x76d67d7e [0089.056] GetProcAddress (hModule=0x76d30000, lpProcName="Process32Next") returned 0x76d688a4 [0089.058] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingA") returned 0x76d45506 [0089.058] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0089.058] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameA") returned 0x76d414b1 [0089.058] GetProcAddress (hModule=0x76d30000, lpProcName="UpdateResourceA") returned 0x76dd363d [0089.058] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0089.058] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryA") returned 0x76d6d526 [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalFree") returned 0x76d45558 [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileA") returned 0x76d45444 [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0089.059] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalLock") returned 0x76d5d0a7 [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineA") returned 0x76d451a1 [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalAlloc") returned 0x76d4588e [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserGeoID") returned 0x76d6acf0 [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableW") returned 0x76d41b48 [0089.060] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsA") returned 0x76d4e4dc [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="RtlZeroMemory") returned 0x77ca3c10 [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="BeginUpdateResourceA") returned 0x76dd3f39 [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="OpenThread") returned 0x76d51248 [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="WinExec") returned 0x76dc2c21 [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0089.061] GetProcAddress (hModule=0x76d30000, lpProcName="ResumeThread") returned 0x76d443ef [0089.062] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0089.062] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0089.062] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0089.062] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0089.062] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0089.062] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0089.062] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesA") returned 0x76d5ecd3 [0089.062] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0089.062] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0089.062] GetProcAddress (hModule=0x76d30000, lpProcName="Process32First") returned 0x76d68ae7 [0089.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0089.063] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0089.063] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77130000 [0089.063] GetProcAddress (hModule=0x77130000, lpProcName="EndPaint") returned 0x77151341 [0089.063] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77230000 [0089.067] GetProcAddress (hModule=0x77230000, lpProcName="ioctlsocket") returned 0x77233084 [0089.067] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x770a0000 [0089.067] GetProcAddress (hModule=0x770a0000, lpProcName="CreateSolidBrush") returned 0x770b4f17 [0089.067] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77710000 [0089.067] GetProcAddress (hModule=0x77710000, lpProcName="SetEntriesInAclA") returned 0x777615e9 [0089.067] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0089.067] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x75740000 [0089.075] GetProcAddress (hModule=0x75740000, lpProcName="NetLocalGroupDel") returned 0x75658d7c [0089.076] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyboardState") returned 0x7716ec68 [0089.076] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClassExA") returned 0x7714db98 [0089.076] GetProcAddress (hModule=0x77230000, lpProcName="connect") returned 0x77236bdd [0089.076] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0089.077] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0089.077] GetProcAddress (hModule=0x75740000, lpProcName="NetLocalGroupGetMembers") returned 0x756521be [0089.077] GetProcAddress (hModule=0x77130000, lpProcName="GetIconInfo") returned 0x771549ea [0089.077] GetProcAddress (hModule=0x77710000, lpProcName="CreateProcessWithLogonW") returned 0x777552e9 [0089.077] GetProcAddress (hModule=0x77130000, lpProcName="UnregisterClassA") returned 0x7714dced [0089.077] GetProcAddress (hModule=0x77230000, lpProcName="getsockname") returned 0x772330af [0089.077] GetProcAddress (hModule=0x770a0000, lpProcName="CreateCompatibleDC") returned 0x770b54f4 [0089.077] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0089.077] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameW") returned 0x7772157a [0089.078] GetProcAddress (hModule=0x77130000, lpProcName="DestroyWindow") returned 0x77149a55 [0089.078] GetProcAddress (hModule=0x76d30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76d6735f [0089.078] GetProcAddress (hModule=0x77230000, lpProcName="getpeername") returned 0x77237147 [0089.078] GetProcAddress (hModule=0x77130000, lpProcName="FindWindowExA") returned 0x771500d9 [0089.078] GetProcAddress (hModule=0x77130000, lpProcName="DefWindowProcA") returned 0x77c824e0 [0089.078] LoadLibraryA (lpLibFileName="wtsapi32.dll") returned 0x75640000 [0089.080] GetProcAddress (hModule=0x75640000, lpProcName="WTSFreeMemory") returned 0x75641b65 [0089.080] GetProcAddress (hModule=0x77130000, lpProcName="OpenClipboard") returned 0x77158ecb [0089.080] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0089.080] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0089.080] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameA") returned 0x7773a4b4 [0089.080] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteObject") returned 0x770b5689 [0089.080] GetProcAddress (hModule=0x770a0000, lpProcName="TextOutW") returned 0x770bd41c [0089.080] GetProcAddress (hModule=0x76d30000, lpProcName="ProcessIdToSessionId") returned 0x76d41275 [0089.080] GetProcAddress (hModule=0x77130000, lpProcName="ShowWindow") returned 0x77150dfb [0089.081] GetProcAddress (hModule=0x77130000, lpProcName="FillRect") returned 0x77150eb6 [0089.081] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x759d0000 [0089.081] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractIconExW") returned 0x75aef0bd [0089.081] GetProcAddress (hModule=0x77710000, lpProcName="LogonUserW") returned 0x7771c1a9 [0089.081] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0089.081] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x75620000 [0089.083] GetProcAddress (hModule=0x75620000, lpProcName="WNetOpenEnumW") returned 0x75622f06 [0089.083] GetProcAddress (hModule=0x77230000, lpProcName="accept") returned 0x772368b6 [0089.083] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x76620000 [0089.086] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0089.086] GetProcAddress (hModule=0x770a0000, lpProcName="CreateFontIndirectA") returned 0x770bcffd [0089.086] GetProcAddress (hModule=0x77130000, lpProcName="SetTimer") returned 0x771479fb [0089.086] GetProcAddress (hModule=0x77230000, lpProcName="send") returned 0x77236f01 [0089.086] GetProcAddress (hModule=0x75740000, lpProcName="NetUserSetInfo") returned 0x75655d16 [0089.086] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExA") returned 0x77724907 [0089.086] GetProcAddress (hModule=0x770a0000, lpProcName="GetObjectA") returned 0x770b85d4 [0089.086] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76e40000 [0089.088] GetProcAddress (hModule=0x76e40000, lpProcName="OleLoadPicture") returned 0x76ea7c49 [0089.088] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0089.088] GetProcAddress (hModule=0x77710000, lpProcName="ConvertStringSidToSidA") returned 0x77730f23 [0089.088] GetProcAddress (hModule=0x77710000, lpProcName="SetSecurityDescriptorDacl") returned 0x7772415e [0089.088] GetProcAddress (hModule=0x77710000, lpProcName="SetEntriesInAclW") returned 0x77722a66 [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0089.089] GetProcAddress (hModule=0x77710000, lpProcName="LsaAddAccountRights") returned 0x77758819 [0089.089] GetProcAddress (hModule=0x77130000, lpProcName="LoadIconA") returned 0x7714dafb [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0089.089] GetProcAddress (hModule=0x77230000, lpProcName="WSAStartup") returned 0x77233ab2 [0089.089] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0089.089] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0089.089] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0089.089] GetProcAddress (hModule=0x77130000, lpProcName="BeginPaint") returned 0x77151361 [0089.090] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountNameW") returned 0x7771e276 [0089.090] GetProcAddress (hModule=0x77130000, lpProcName="PostQuitMessage") returned 0x77149abb [0089.090] GetProcAddress (hModule=0x770a0000, lpProcName="CreateDIBSection") returned 0x770bac46 [0089.090] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowPos") returned 0x77148e4e [0089.090] GetProcAddress (hModule=0x77130000, lpProcName="FindWindowA") returned 0x7714ffe6 [0089.090] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractAssociatedIconA") returned 0x75bd4efe [0089.090] GetProcAddress (hModule=0x770a0000, lpProcName="GetDIBits") returned 0x770b6001 [0089.090] GetProcAddress (hModule=0x77130000, lpProcName="TranslateMessage") returned 0x77147809 [0089.090] GetProcAddress (hModule=0x77230000, lpProcName="listen") returned 0x7723b001 [0089.090] GetProcAddress (hModule=0x75640000, lpProcName="WTSLogoffSession") returned 0x75643d77 [0089.091] GetProcAddress (hModule=0x75740000, lpProcName="NetApiBufferFree") returned 0x757313d2 [0089.091] GetProcAddress (hModule=0x77230000, lpProcName="recv") returned 0x77236b0e [0089.091] GetProcAddress (hModule=0x75620000, lpProcName="WNetAddConnection2W") returned 0x75624744 [0089.091] GetProcAddress (hModule=0x77230000, lpProcName="bind") returned 0x77234582 [0089.091] GetProcAddress (hModule=0x77230000, lpProcName="socket") returned 0x77233eb8 [0089.091] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableA") returned 0x76d433a0 [0089.091] GetProcAddress (hModule=0x77710000, lpProcName="OpenServiceW") returned 0x7771ca4c [0089.091] GetProcAddress (hModule=0x770a0000, lpProcName="CreateCompatibleBitmap") returned 0x770b5f49 [0089.091] GetProcAddress (hModule=0x77710000, lpProcName="CheckTokenMembership") returned 0x7771df04 [0089.092] GetProcAddress (hModule=0x77130000, lpProcName="GetForegroundWindow") returned 0x77152320 [0089.092] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileA") returned 0x76d658e5 [0089.092] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0089.092] GetProcAddress (hModule=0x75640000, lpProcName="WTSEnumerateSessionsA") returned 0x75644023 [0089.092] GetProcAddress (hModule=0x75740000, lpProcName="NetUserAdd") returned 0x75655648 [0089.092] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0089.092] GetProcAddress (hModule=0x77130000, lpProcName="GetSystemMetrics") returned 0x77147d2f [0089.092] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount") returned 0x76d4110c [0089.092] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalUnlock") returned 0x76d5cfdf [0089.093] GetProcAddress (hModule=0x75740000, lpProcName="NetLocalGroupDelMembers") returned 0x75659322 [0089.093] GetProcAddress (hModule=0x77130000, lpProcName="DestroyIcon") returned 0x771549b2 [0089.093] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteDC") returned 0x770b58b3 [0089.093] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorA") returned 0x7714dad5 [0089.093] GetProcAddress (hModule=0x77230000, lpProcName="select") returned 0x77236989 [0089.093] GetProcAddress (hModule=0x77710000, lpProcName="InitializeSecurityDescriptor") returned 0x77724620 [0089.093] GetProcAddress (hModule=0x77710000, lpProcName="ConvertSidToStringSidA") returned 0x7774192a [0089.093] GetProcAddress (hModule=0x75620000, lpProcName="WNetEnumResourceW") returned 0x75623058 [0089.093] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0089.094] GetProcAddress (hModule=0x75740000, lpProcName="NetLocalGroupAdd") returned 0x75658c32 [0089.094] GetProcAddress (hModule=0x77230000, lpProcName="gethostbyname") returned 0x77247673 [0089.094] GetProcAddress (hModule=0x77130000, lpProcName="UpdateWindow") returned 0x77153559 [0089.094] GetProcAddress (hModule=0x77130000, lpProcName="CreateWindowExA") returned 0x7714d22e [0089.094] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyState") returned 0x7715291f [0089.094] GetProcAddress (hModule=0x77130000, lpProcName="InSendMessage") returned 0x77153e46 [0089.094] GetProcAddress (hModule=0x77130000, lpProcName="DrawIcon") returned 0x77158deb [0089.094] GetProcAddress (hModule=0x77710000, lpProcName="LsaOpenPolicy") returned 0x7773077c [0089.094] GetProcAddress (hModule=0x77130000, lpProcName="CloseClipboard") returned 0x77158e8d [0089.094] GetProcAddress (hModule=0x77130000, lpProcName="GetDC") returned 0x771472c4 [0089.095] GetProcAddress (hModule=0x759d0000, lpProcName="ExtractAssociatedIconW") returned 0x75bd4e1e [0089.095] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatus") returned 0x77722a86 [0089.095] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0089.095] GetProcAddress (hModule=0x75620000, lpProcName="WNetCancelConnection2W") returned 0x75628cd1 [0089.095] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0089.095] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0089.095] GetProcAddress (hModule=0x770a0000, lpProcName="TextOutA") returned 0x770beda3 [0089.095] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0089.095] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0089.096] GetProcAddress (hModule=0x77130000, lpProcName="SetClassLongA") returned 0x7715d5f9 [0089.096] GetProcAddress (hModule=0x770a0000, lpProcName="SelectObject") returned 0x770b4f70 [0089.096] GetProcAddress (hModule=0x77130000, lpProcName="InvalidateRect") returned 0x77151381 [0089.096] GetProcAddress (hModule=0x77230000, lpProcName="htonl") returned 0x77232d57 [0089.096] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0089.096] GetProcAddress (hModule=0x77130000, lpProcName="EmptyClipboard") returned 0x771a7cb9 [0089.096] GetProcAddress (hModule=0x77130000, lpProcName="SetClipboardData") returned 0x77188e57 [0089.096] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0089.096] GetProcAddress (hModule=0x77130000, lpProcName="DispatchMessageA") returned 0x77147bbb [0089.096] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0089.097] GetProcAddress (hModule=0x770a0000, lpProcName="SetBkColor") returned 0x770b52d8 [0089.097] GetProcAddress (hModule=0x77230000, lpProcName="htons") returned 0x77232d8b [0089.097] GetProcAddress (hModule=0x75740000, lpProcName="NetLocalGroupAddMembers") returned 0x756592fe [0089.097] GetProcAddress (hModule=0x77130000, lpProcName="GetMessageA") returned 0x77147bd3 [0089.097] GetProcAddress (hModule=0x77230000, lpProcName="closesocket") returned 0x77233918 [0089.097] GetProcAddress (hModule=0x77130000, lpProcName="DrawTextW") returned 0x771525cf [0089.097] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageA") returned 0x7715612e [0089.097] GetProcAddress (hModule=0x77130000, lpProcName="DrawTextA") returned 0x7715aea1 [0089.097] GetProcAddress (hModule=0x770a0000, lpProcName="SetTextColor") returned 0x770b522d [0089.097] GetProcAddress (hModule=0x77710000, lpProcName="SetNamedSecurityInfoW") returned 0x77719fe2 [0089.098] GetProcAddress (hModule=0x77230000, lpProcName="shutdown") returned 0x7723449d [0089.098] GetProcAddress (hModule=0x770a0000, lpProcName="BitBlt") returned 0x770b5ea6 [0089.098] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0089.098] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0089.098] VirtualAlloc (lpAddress=0x0, dwSize=0x73b6e, flAllocationType=0x1000, flProtect=0x40) returned 0x480000 [0089.115] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x564418 [0089.115] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x564418, dwRevision=0x1 | out: pSecurityDescriptor=0x564418) returned 1 [0089.115] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x564418, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x564418) returned 1 [0089.116] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0xa80000 [0089.116] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x220000 [0089.116] VirtualAlloc (lpAddress=0x0, dwSize=0x2300000, flAllocationType=0x3000, flProtect=0x40) returned 0xb80000 [0089.117] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x2e80000 [0089.117] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x2f80000 [0089.117] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x230000 [0089.118] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x230000, nSize=0x200 | out: lpBuffer="C:\\Windows\\TEMP") returned 0xf [0089.118] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e16, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e0a | out: pSid=0x458e0a*=0x564b00*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0089.118] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e28, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e1c | out: pSid=0x458e1c*=0x564b18*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0089.118] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x240000 [0089.118] SetEntriesInAclA () returned 0x0 [0089.123] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x566008 [0089.123] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x566008, dwRevision=0x1 | out: pSecurityDescriptor=0x566008) returned 1 [0089.123] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x566008, bDaclPresent=1, pDacl=0x5667e8, bDaclDefaulted=0 | out: pSecurityDescriptor=0x566008) returned 1 [0089.123] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x250000 [0089.123] SetEntriesInAclA () returned 0x0 [0089.123] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x566d00 [0089.123] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x566d00, dwRevision=0x1 | out: pSecurityDescriptor=0x566d00) returned 1 [0089.123] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x566d00, bDaclPresent=1, pDacl=0x566d58, bDaclDefaulted=0 | out: pSecurityDescriptor=0x566d00) returned 1 [0089.123] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x260000 [0089.123] SetEntriesInAclA () returned 0x0 [0089.123] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x566d20 [0089.123] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x566d20, dwRevision=0x1 | out: pSecurityDescriptor=0x566d20) returned 1 [0089.123] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x566d20, bDaclPresent=1, pDacl=0x566dd0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x566d20) returned 1 [0089.123] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x403110 | out: lpWSAData=0x403110) returned 0 [0089.131] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="uwkkwwAk") returned 0xfc [0089.131] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="DakkIgow") returned 0x100 [0089.131] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x3b0000 [0089.131] VirtualAlloc (lpAddress=0x0, dwSize=0x402, flAllocationType=0x3000, flProtect=0x40) returned 0x3c0000 [0089.131] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d0000 [0089.131] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3e0000 [0089.131] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3f0000 [0089.132] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x500000 [0089.132] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x510000 [0089.132] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x520000 [0089.132] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x3d0000, nSize=0x1000 | out: lpBuffer="C:\\Windows\\system32\\config\\systemprofile") returned 0x28 [0089.132] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x3e0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0089.132] CreateDirectoryW (lpPathName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou"), lpSecurityAttributes=0x458dca) returned 0 [0089.132] SetFileAttributesW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU", dwFileAttributes=0x6) returned 1 [0089.133] GetCurrentThreadId () returned 0xb20 [0089.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xae449950, dwHighDateTime=0x1d6076c)) [0089.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xae449950, dwHighDateTime=0x1d6076c)) [0089.133] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0x3e7) returned 0x0 [0089.133] GetCurrentThreadId () returned 0xb20 [0089.133] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou")) returned 0x16 [0089.133] CreateFileW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU\\BUccwoAg" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou\\buccwoag"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0089.133] CreateFileMappingA (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x108 [0089.133] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x530000 [0089.133] ReleaseMutex (hMutex=0xfc) returned 1 [0089.133] CreateDirectoryW (lpPathName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc"), lpSecurityAttributes=0x458dca) returned 0 [0089.133] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc", dwFileAttributes=0x6) returned 1 [0089.133] GetCurrentThreadId () returned 0xb20 [0089.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xae449950, dwHighDateTime=0x1d6076c)) [0089.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xae449950, dwHighDateTime=0x1d6076c)) [0089.134] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0x3e7) returned 0x0 [0089.134] GetCurrentThreadId () returned 0xb20 [0089.134] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc")) returned 0x16 [0089.134] CreateFileW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0089.134] CreateFileMappingA (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x110 [0089.134] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x540000 [0089.134] ReleaseMutex (hMutex=0xfc) returned 1 [0089.134] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x7e0000 [0089.143] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x990000 [0089.144] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x9a0000 [0089.144] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x9b0000 [0089.144] GetUserNameA (in: lpBuffer=0x9a001a, pcbBuffer=0x45db86 | out: lpBuffer="SYSTEM", pcbBuffer=0x45db86) returned 1 [0089.161] GetUserNameA (in: lpBuffer=0x9b001a, pcbBuffer=0x45db86 | out: lpBuffer="SYSTEM", pcbBuffer=0x45db86) returned 1 [0089.161] Sleep (dwMilliseconds=0xe6) [0089.384] LookupAccountNameW (in: lpSystemName=0x0, lpAccountName="gjpll9uxb4hpl9ud", Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed | out: Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed) returned 0 [0089.388] StartServiceCtrlDispatcherW (lpServiceTable=0x40ad47*(lpServiceName="", lpServiceProc=0x40b097)) returned 1 [0089.393] ExitProcess (uExitCode=0x0) Thread: id = 375 os_tid = 0xb10 Process: id = "25" image_name = "buccwoag.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag.exe" page_root = "0x1a562000" os_pid = "0x4c8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x134" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ea5f" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 378 os_tid = 0x4cc [0160.297] GetVersion () returned 0x1db10106 [0160.297] GetVersion () returned 0x1db10106 [0160.297] GetVersion () returned 0x1db10106 [0160.297] GetVersion () returned 0x1db10106 [0160.297] GetVersion () returned 0x1db10106 [0160.298] GetSystemDefaultLCID () returned 0x409 [0164.895] GetSystemDefaultLCID () returned 0x409 [0164.895] GetSystemDefaultLCID () returned 0x409 [0164.895] GetSystemDefaultLCID () returned 0x409 [0164.895] GetSystemDefaultLCID () returned 0x409 [0164.895] VirtualProtect (in: lpAddress=0x401400, dwSize=0x73fa5, flNewProtect=0x40, lpflOldProtect=0x18ff88 | out: lpflOldProtect=0x18ff88*=0x20) returned 1 [0165.026] GetSystemDefaultLCID () returned 0x409 [0165.026] GetSystemDefaultLCID () returned 0x409 [0165.026] GetSystemDefaultLCID () returned 0x409 [0165.026] GetSystemDefaultLCID () returned 0x409 [0165.026] GetSystemDefaultLCID () returned 0x409 [0165.026] GetSystemDefaultLCID () returned 0x409 [0165.027] GetSystemDefaultLCID () returned 0x409 [0165.027] GetSystemDefaultLCID () returned 0x409 [0165.027] GetSystemDefaultLCID () returned 0x409 [0165.027] GetSystemDefaultLCID () returned 0x409 [0165.027] GetSystemDefaultLCID () returned 0x409 [0165.049] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18ff80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18ff80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0165.321] GetVersionExA (in: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0165.329] GetProcAddress (hModule=0x75a70000, lpProcName="LocalFree") returned 0x75a82d3c [0165.329] GetProcAddress (hModule=0x75a70000, lpProcName="GetCommandLineW") returned 0x75a85223 [0165.329] GetProcAddress (hModule=0x75a70000, lpProcName="WaitForSingleObject") returned 0x75a81136 [0165.329] GetProcAddress (hModule=0x75a70000, lpProcName="ProcessIdToSessionId") returned 0x75a81275 [0165.329] GetProcAddress (hModule=0x75a70000, lpProcName="CreateProcessA") returned 0x75a81072 [0165.330] GetProcAddress (hModule=0x75a70000, lpProcName="CreateFileMappingA") returned 0x75a85506 [0165.330] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleHandleA") returned 0x75a81245 [0165.330] GetProcAddress (hModule=0x75a70000, lpProcName="ReadFile") returned 0x75a83ed3 [0165.330] GetProcAddress (hModule=0x75a70000, lpProcName="WriteFile") returned 0x75a81282 [0165.330] GetProcAddress (hModule=0x75a70000, lpProcName="SetFileAttributesA") returned 0x75a9ecd3 [0165.330] GetProcAddress (hModule=0x75a70000, lpProcName="GetCurrentDirectoryW") returned 0x75a85611 [0165.330] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalAlloc") returned 0x75a8588e [0165.330] GetProcAddress (hModule=0x75a70000, lpProcName="GetLogicalDriveStringsW") returned 0x75b0436f [0165.331] GetProcAddress (hModule=0x75a70000, lpProcName="GetSystemTimeAsFileTime") returned 0x75a83509 [0165.331] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleFileNameA") returned 0x75a814b1 [0165.331] GetProcAddress (hModule=0x75a70000, lpProcName="VirtualFree") returned 0x75a8186e [0165.331] GetProcAddress (hModule=0x75a70000, lpProcName="ResumeThread") returned 0x75a843ef [0165.331] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalUnlock") returned 0x75a9cfdf [0165.331] GetProcAddress (hModule=0x75a70000, lpProcName="GetLastError") returned 0x75a811c0 [0165.331] GetProcAddress (hModule=0x75a70000, lpProcName="Sleep") returned 0x75a810ff [0165.332] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleHandleW") returned 0x75a834b0 [0165.332] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalLock") returned 0x75a9d0a7 [0165.332] GetProcAddress (hModule=0x75a70000, lpProcName="UpdateResourceA") returned 0x75b1363d [0165.332] GetProcAddress (hModule=0x75a70000, lpProcName="UnmapViewOfFile") returned 0x75a81826 [0165.332] GetProcAddress (hModule=0x75a70000, lpProcName="GetTickCount") returned 0x75a8110c [0165.332] GetProcAddress (hModule=0x75a70000, lpProcName="Process32Next") returned 0x75aa88a4 [0165.332] GetProcAddress (hModule=0x75a70000, lpProcName="SetFilePointer") returned 0x75a817d1 [0165.333] GetProcAddress (hModule=0x75a70000, lpProcName="GetEnvironmentVariableW") returned 0x75a81b48 [0165.333] GetProcAddress (hModule=0x75a70000, lpProcName="Process32First") returned 0x75aa8ae7 [0165.333] GetProcAddress (hModule=0x75a70000, lpProcName="VirtualAlloc") returned 0x75a81856 [0165.333] GetProcAddress (hModule=0x75a70000, lpProcName="GetCurrentThreadId") returned 0x75a81450 [0165.333] GetProcAddress (hModule=0x75a70000, lpProcName="SetFileAttributesW") returned 0x75a9d4f7 [0165.333] GetProcAddress (hModule=0x75a70000, lpProcName="FindFirstFileW") returned 0x75a84435 [0165.334] GetProcAddress (hModule=0x75a70000, lpProcName="ExitProcess") returned 0x75a87a10 [0165.334] GetProcAddress (hModule=0x75a70000, lpProcName="WinExec") returned 0x75b02c21 [0165.334] GetProcAddress (hModule=0x75a70000, lpProcName="CreateDirectoryW") returned 0x75a84259 [0165.334] GetProcAddress (hModule=0x75a70000, lpProcName="OpenThread") returned 0x75a91248 [0165.334] GetProcAddress (hModule=0x75a70000, lpProcName="TerminateThread") returned 0x75a87a2f [0165.334] GetProcAddress (hModule=0x75a70000, lpProcName="ExitThread") returned 0x7738d598 [0165.334] GetProcAddress (hModule=0x75a70000, lpProcName="EndUpdateResourceA") returned 0x75b13d34 [0165.335] GetProcAddress (hModule=0x75a70000, lpProcName="CreateMutexA") returned 0x75a84c6b [0165.335] GetProcAddress (hModule=0x75a70000, lpProcName="CloseHandle") returned 0x75a81410 [0165.335] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleFileNameW") returned 0x75a84950 [0165.335] GetProcAddress (hModule=0x75a70000, lpProcName="FindNextFileW") returned 0x75a854ee [0165.335] GetProcAddress (hModule=0x75a70000, lpProcName="BeginUpdateResourceW") returned 0x75b13d6c [0165.335] GetProcAddress (hModule=0x75a70000, lpProcName="MapViewOfFile") returned 0x75a818f1 [0165.336] GetProcAddress (hModule=0x75a70000, lpProcName="BeginUpdateResourceA") returned 0x75b13f39 [0165.336] GetProcAddress (hModule=0x75a70000, lpProcName="SuspendThread") returned 0x75aa7d7e [0165.336] GetProcAddress (hModule=0x75a70000, lpProcName="GetFileSize") returned 0x75a8196e [0165.336] GetProcAddress (hModule=0x75a70000, lpProcName="ReleaseMutex") returned 0x75a8111e [0165.336] GetProcAddress (hModule=0x75a70000, lpProcName="GetLogicalDriveStringsA") returned 0x75a8e4dc [0165.336] GetProcAddress (hModule=0x75a70000, lpProcName="SetEvent") returned 0x75a816c5 [0165.337] GetProcAddress (hModule=0x75a70000, lpProcName="CopyFileA") returned 0x75aa58e5 [0165.337] GetProcAddress (hModule=0x75a70000, lpProcName="OpenProcess") returned 0x75a81986 [0165.337] GetProcAddress (hModule=0x75a70000, lpProcName="TerminateProcess") returned 0x75a9d802 [0165.337] GetProcAddress (hModule=0x75a70000, lpProcName="CreateFileA") returned 0x75a853c6 [0165.337] GetProcAddress (hModule=0x75a70000, lpProcName="GetEnvironmentVariableA") returned 0x75a833a0 [0165.337] GetProcAddress (hModule=0x75a70000, lpProcName="RtlZeroMemory") returned 0x77393c10 [0165.337] GetProcAddress (hModule=0x75a70000, lpProcName="GetCommandLineA") returned 0x75a851a1 [0165.337] GetProcAddress (hModule=0x75a70000, lpProcName="CreateToolhelp32Snapshot") returned 0x75aa735f [0165.338] GetProcAddress (hModule=0x75a70000, lpProcName="CreateFileW") returned 0x75a83f5c [0165.338] GetProcAddress (hModule=0x75a70000, lpProcName="DeleteFileA") returned 0x75a85444 [0165.338] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalFree") returned 0x75a85558 [0165.338] GetProcAddress (hModule=0x75a70000, lpProcName="GetFileAttributesW") returned 0x75a81b18 [0165.338] GetProcAddress (hModule=0x75a70000, lpProcName="CreateThread") returned 0x75a834d5 [0165.338] GetProcAddress (hModule=0x75a70000, lpProcName="CreateEventA") returned 0x75a8328c [0165.338] GetProcAddress (hModule=0x75a70000, lpProcName="CreateDirectoryA") returned 0x75aad526 [0165.339] GetProcAddress (hModule=0x75a70000, lpProcName="GetCurrentProcessId") returned 0x75a811f8 [0165.339] GetProcAddress (hModule=0x75a70000, lpProcName="CreateProcessW") returned 0x75a8103d [0165.339] GetProcAddress (hModule=0x75a70000, lpProcName="FindClose") returned 0x75a84442 [0165.339] GetProcAddress (hModule=0x75a70000, lpProcName="LoadLibraryA") returned 0x75a849d7 [0165.339] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x74e30000 [0171.824] GetProcAddress (hModule=0x74e30000, lpProcName="NetApiBufferFree") returned 0x74d313d2 [0171.824] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75590000 [0171.824] GetProcAddress (hModule=0x75590000, lpProcName="LoadIconA") returned 0x755adafb [0171.824] GetProcAddress (hModule=0x75590000, lpProcName="SetClassLongA") returned 0x755bd5f9 [0171.824] GetProcAddress (hModule=0x75590000, lpProcName="DrawIcon") returned 0x755b8deb [0171.825] GetProcAddress (hModule=0x75590000, lpProcName="ShowWindow") returned 0x755b0dfb [0171.825] GetProcAddress (hModule=0x74e30000, lpProcName="NetUserSetInfo") returned 0x74cf5d16 [0171.827] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76d90000 [0171.831] GetProcAddress (hModule=0x76d90000, lpProcName="gethostbyname") returned 0x76da7673 [0171.831] GetProcAddress (hModule=0x75590000, lpProcName="CreateWindowExA") returned 0x755ad22e [0171.831] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x75b80000 [0171.831] GetProcAddress (hModule=0x75b80000, lpProcName="RegCloseKey") returned 0x75b9469d [0171.832] GetProcAddress (hModule=0x75b80000, lpProcName="RegQueryValueExA") returned 0x75b948ef [0171.832] GetProcAddress (hModule=0x76d90000, lpProcName="getpeername") returned 0x76d97147 [0171.832] GetProcAddress (hModule=0x75590000, lpProcName="DestroyWindow") returned 0x755a9a55 [0171.832] GetProcAddress (hModule=0x75590000, lpProcName="RegisterClassExA") returned 0x755adb98 [0171.832] GetProcAddress (hModule=0x75590000, lpProcName="FindWindowA") returned 0x755affe6 [0171.832] GetProcAddress (hModule=0x75b80000, lpProcName="CreateProcessWithLogonW") returned 0x75bc52e9 [0171.833] GetProcAddress (hModule=0x75b80000, lpProcName="AllocateAndInitializeSid") returned 0x75b940e6 [0171.833] GetProcAddress (hModule=0x75590000, lpProcName="FillRect") returned 0x755b0eb6 [0171.833] GetProcAddress (hModule=0x75a70000, lpProcName="GetUserGeoID") returned 0x75aaacf0 [0171.833] GetProcAddress (hModule=0x75b80000, lpProcName="CheckTokenMembership") returned 0x75b8df04 [0171.833] GetProcAddress (hModule=0x75b80000, lpProcName="CloseServiceHandle") returned 0x75b9369c [0171.833] GetProcAddress (hModule=0x75590000, lpProcName="GetDC") returned 0x755a72c4 [0171.834] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x76010000 [0171.842] GetProcAddress (hModule=0x76010000, lpProcName="ExtractIconExW") returned 0x7612f0bd [0171.842] GetProcAddress (hModule=0x75590000, lpProcName="DrawTextA") returned 0x755baea1 [0171.842] GetProcAddress (hModule=0x75a70000, lpProcName="LocalAlloc") returned 0x75a8168c [0171.842] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupAddMembers") returned 0x74cf92fe [0171.842] GetProcAddress (hModule=0x76010000, lpProcName="ShellExecuteExW") returned 0x76031e46 [0171.843] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x74cc0000 [0171.905] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetOpenEnumW") returned 0x74cc2f06 [0171.905] GetProcAddress (hModule=0x75a70000, lpProcName="DeleteFileW") returned 0x75a889b3 [0171.905] GetProcAddress (hModule=0x75590000, lpProcName="GetKeyboardState") returned 0x755cec68 [0171.906] GetProcAddress (hModule=0x75590000, lpProcName="SetWindowPos") returned 0x755a8e4e [0171.906] GetProcAddress (hModule=0x75b80000, lpProcName="LogonUserW") returned 0x75b8c1a9 [0171.906] GetProcAddress (hModule=0x76d90000, lpProcName="select") returned 0x76d96989 [0171.906] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetCancelConnection2W") returned 0x74cc8cd1 [0171.906] GetProcAddress (hModule=0x75590000, lpProcName="InvalidateRect") returned 0x755b1381 [0171.906] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x75360000 [0171.906] GetProcAddress (hModule=0x75360000, lpProcName="DeleteObject") returned 0x75375689 [0171.906] GetProcAddress (hModule=0x75b80000, lpProcName="RegSetValueExW") returned 0x75b914d6 [0171.906] GetProcAddress (hModule=0x75b80000, lpProcName="CreateServiceW") returned 0x75ba712c [0171.907] GetProcAddress (hModule=0x75590000, lpProcName="GetForegroundWindow") returned 0x755b2320 [0171.907] GetProcAddress (hModule=0x75590000, lpProcName="BeginPaint") returned 0x755b1361 [0171.907] GetProcAddress (hModule=0x75b80000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x75b8a97d [0171.907] GetProcAddress (hModule=0x75b80000, lpProcName="OpenServiceW") returned 0x75b8ca4c [0171.907] GetProcAddress (hModule=0x75590000, lpProcName="SetTimer") returned 0x755a79fb [0171.907] GetProcAddress (hModule=0x76d90000, lpProcName="bind") returned 0x76d94582 [0171.907] GetProcAddress (hModule=0x75b80000, lpProcName="SetEntriesInAclA") returned 0x75bd15e9 [0171.908] GetProcAddress (hModule=0x76d90000, lpProcName="recv") returned 0x76d96b0e [0171.908] GetProcAddress (hModule=0x75590000, lpProcName="CloseClipboard") returned 0x755b8e8d [0171.908] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetEnumResourceW") returned 0x74cc3058 [0171.908] GetProcAddress (hModule=0x75360000, lpProcName="BitBlt") returned 0x75375ea6 [0171.908] GetProcAddress (hModule=0x75360000, lpProcName="TextOutW") returned 0x7537d41c [0171.908] GetProcAddress (hModule=0x76d90000, lpProcName="closesocket") returned 0x76d93918 [0171.908] GetProcAddress (hModule=0x75360000, lpProcName="SelectObject") returned 0x75374f70 [0171.908] LoadLibraryA (lpLibFileName="wtsapi32.dll") returned 0x74ce0000 [0171.914] GetProcAddress (hModule=0x74ce0000, lpProcName="WTSLogoffSession") returned 0x74ce3d77 [0171.914] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x75200000 [0171.918] GetProcAddress (hModule=0x75200000, lpProcName="CreateStreamOnHGlobal") returned 0x7522363b [0171.918] GetProcAddress (hModule=0x75590000, lpProcName="UpdateWindow") returned 0x755b3559 [0171.918] GetProcAddress (hModule=0x76d90000, lpProcName="shutdown") returned 0x76d9449d [0171.918] GetProcAddress (hModule=0x76d90000, lpProcName="send") returned 0x76d96f01 [0171.918] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x75c40000 [0171.958] GetProcAddress (hModule=0x75c40000, lpProcName="OleLoadPicture") returned 0x75ca7c49 [0171.958] GetProcAddress (hModule=0x76d90000, lpProcName="WSAStartup") returned 0x76d93ab2 [0171.958] GetProcAddress (hModule=0x75590000, lpProcName="GetKeyState") returned 0x755b291f [0171.958] GetProcAddress (hModule=0x75590000, lpProcName="DefWindowProcA") returned 0x773724e0 [0171.958] GetProcAddress (hModule=0x75b80000, lpProcName="LsaOpenPolicy") returned 0x75ba077c [0171.959] GetProcAddress (hModule=0x75360000, lpProcName="DeleteDC") returned 0x753758b3 [0171.959] GetProcAddress (hModule=0x75b80000, lpProcName="SetSecurityDescriptorDacl") returned 0x75b9415e [0171.959] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetAddConnection2W") returned 0x74cc4744 [0171.959] GetProcAddress (hModule=0x75590000, lpProcName="GetIconInfo") returned 0x755b49ea [0171.959] GetProcAddress (hModule=0x74e30000, lpProcName="NetUserAdd") returned 0x74cf5648 [0171.959] GetProcAddress (hModule=0x75b80000, lpProcName="OpenSCManagerW") returned 0x75b8ca64 [0171.959] GetProcAddress (hModule=0x75b80000, lpProcName="SetServiceStatus") returned 0x75b8c7a6 [0171.960] GetProcAddress (hModule=0x76d90000, lpProcName="htonl") returned 0x76d92d57 [0171.960] GetProcAddress (hModule=0x75b80000, lpProcName="InitializeSecurityDescriptor") returned 0x75b94620 [0171.960] GetProcAddress (hModule=0x75590000, lpProcName="SendMessageA") returned 0x755b612e [0171.960] GetProcAddress (hModule=0x75360000, lpProcName="CreateCompatibleDC") returned 0x753754f4 [0171.961] GetProcAddress (hModule=0x76d90000, lpProcName="htons") returned 0x76d92d8b [0171.961] GetProcAddress (hModule=0x75b80000, lpProcName="SetEntriesInAclW") returned 0x75b92a66 [0171.961] GetProcAddress (hModule=0x76010000, lpProcName="ExtractAssociatedIconW") returned 0x76214e1e [0171.961] GetProcAddress (hModule=0x75590000, lpProcName="DispatchMessageA") returned 0x755a7bbb [0171.961] GetProcAddress (hModule=0x75b80000, lpProcName="StartServiceCtrlDispatcherW") returned 0x75b8a965 [0171.961] GetProcAddress (hModule=0x75b80000, lpProcName="GetUserNameW") returned 0x75b9157a [0171.961] GetProcAddress (hModule=0x76d90000, lpProcName="listen") returned 0x76d9b001 [0171.962] GetProcAddress (hModule=0x75590000, lpProcName="DestroyIcon") returned 0x755b49b2 [0171.962] GetProcAddress (hModule=0x76d90000, lpProcName="ioctlsocket") returned 0x76d93084 [0171.962] GetProcAddress (hModule=0x75a70000, lpProcName="FreeLibrary") returned 0x75a834c8 [0171.963] GetProcAddress (hModule=0x74ce0000, lpProcName="WTSFreeMemory") returned 0x74ce1b65 [0171.963] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupDelMembers") returned 0x74cf9322 [0171.963] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupDel") returned 0x74cf8d7c [0171.963] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupGetMembers") returned 0x74cf21be [0171.963] GetProcAddress (hModule=0x75360000, lpProcName="CreateFontIndirectA") returned 0x7537cffd [0171.963] GetProcAddress (hModule=0x75b80000, lpProcName="ConvertStringSidToSidA") returned 0x75ba0f23 [0171.963] GetProcAddress (hModule=0x75590000, lpProcName="SetClipboardData") returned 0x755e8e57 [0171.964] GetProcAddress (hModule=0x75360000, lpProcName="GetObjectA") returned 0x753785d4 [0171.964] GetProcAddress (hModule=0x75360000, lpProcName="CreateSolidBrush") returned 0x75374f17 [0171.964] GetProcAddress (hModule=0x75b80000, lpProcName="StartServiceW") returned 0x75b87974 [0171.964] GetProcAddress (hModule=0x75590000, lpProcName="EndPaint") returned 0x755b1341 [0171.964] GetProcAddress (hModule=0x75360000, lpProcName="SetBkColor") returned 0x753752d8 [0171.964] GetProcAddress (hModule=0x75360000, lpProcName="GetDIBits") returned 0x75376001 [0171.964] GetProcAddress (hModule=0x75360000, lpProcName="CreateDIBSection") returned 0x7537ac46 [0171.965] GetProcAddress (hModule=0x75360000, lpProcName="SetTextColor") returned 0x7537522d [0171.965] GetProcAddress (hModule=0x75b80000, lpProcName="LookupAccountSidW") returned 0x75b94874 [0171.965] GetProcAddress (hModule=0x75a70000, lpProcName="CopyFileW") returned 0x75aa830d [0171.965] GetProcAddress (hModule=0x75b80000, lpProcName="FreeSid") returned 0x75b9412e [0171.965] GetProcAddress (hModule=0x75590000, lpProcName="DrawTextW") returned 0x755b25cf [0171.965] GetProcAddress (hModule=0x76d90000, lpProcName="socket") returned 0x76d93eb8 [0171.965] GetProcAddress (hModule=0x75590000, lpProcName="InSendMessage") returned 0x755b3e46 [0171.966] GetProcAddress (hModule=0x75b80000, lpProcName="LsaAddAccountRights") returned 0x75bc8819 [0171.966] GetProcAddress (hModule=0x76d90000, lpProcName="connect") returned 0x76d96bdd [0171.966] GetProcAddress (hModule=0x75590000, lpProcName="UnregisterClassA") returned 0x755adced [0171.966] GetProcAddress (hModule=0x75590000, lpProcName="GetMessageA") returned 0x755a7bd3 [0171.966] GetProcAddress (hModule=0x75590000, lpProcName="OpenClipboard") returned 0x755b8ecb [0171.967] GetProcAddress (hModule=0x75590000, lpProcName="LoadCursorA") returned 0x755adad5 [0171.967] GetProcAddress (hModule=0x75590000, lpProcName="TranslateMessage") returned 0x755a7809 [0171.967] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupAdd") returned 0x74cf8c32 [0171.967] GetProcAddress (hModule=0x75b80000, lpProcName="GetUserNameA") returned 0x75baa4b4 [0171.967] GetProcAddress (hModule=0x75b80000, lpProcName="SetNamedSecurityInfoW") returned 0x75b89fe2 [0171.967] GetProcAddress (hModule=0x75590000, lpProcName="PostQuitMessage") returned 0x755a9abb [0171.967] GetProcAddress (hModule=0x75360000, lpProcName="CreateCompatibleBitmap") returned 0x75375f49 [0171.968] GetProcAddress (hModule=0x75b80000, lpProcName="QueryServiceStatus") returned 0x75b92a86 [0171.968] GetProcAddress (hModule=0x75b80000, lpProcName="LookupAccountNameW") returned 0x75b8e276 [0171.968] GetProcAddress (hModule=0x75b80000, lpProcName="RegOpenKeyExW") returned 0x75b9468d [0171.968] GetProcAddress (hModule=0x75590000, lpProcName="EmptyClipboard") returned 0x75607cb9 [0171.968] GetProcAddress (hModule=0x76d90000, lpProcName="getsockname") returned 0x76d930af [0171.968] GetProcAddress (hModule=0x75b80000, lpProcName="ConvertSidToStringSidA") returned 0x75bb192a [0171.968] GetProcAddress (hModule=0x75590000, lpProcName="FindWindowExA") returned 0x755b00d9 [0171.969] GetProcAddress (hModule=0x75590000, lpProcName="GetSystemMetrics") returned 0x755a7d2f [0171.969] GetProcAddress (hModule=0x76d90000, lpProcName="accept") returned 0x76d968b6 [0171.969] GetProcAddress (hModule=0x76010000, lpProcName="ExtractAssociatedIconA") returned 0x76214efe [0171.969] GetProcAddress (hModule=0x75b80000, lpProcName="RegQueryValueExW") returned 0x75b946ad [0171.969] GetProcAddress (hModule=0x75b80000, lpProcName="RegOpenKeyExA") returned 0x75b94907 [0171.969] GetProcAddress (hModule=0x75360000, lpProcName="TextOutA") returned 0x7537eda3 [0171.970] GetProcAddress (hModule=0x74ce0000, lpProcName="WTSEnumerateSessionsA") returned 0x74ce4023 [0171.974] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0172.102] VirtualAlloc (lpAddress=0x0, dwSize=0x73b6e, flAllocationType=0x1000, flProtect=0x40) returned 0x220000 [0172.118] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5e4f00 [0172.118] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5e4f00, dwRevision=0x1 | out: pSecurityDescriptor=0x5e4f00) returned 1 [0172.118] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5e4f00, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5e4f00) returned 1 [0172.118] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x480000 [0172.147] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x2a0000 [0172.147] VirtualAlloc (lpAddress=0x0, dwSize=0x2300000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f50000 [0172.149] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x1df0000 [0172.154] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4250000 [0172.159] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x2b0000 [0172.159] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x2b0000, nSize=0x200 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24 [0172.162] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e16, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e0a | out: pSid=0x458e0a*=0x5e3ae8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0172.162] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e28, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e1c | out: pSid=0x458e1c*=0x5e3b00*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0172.162] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x2c0000 [0172.196] SetEntriesInAclA () returned 0x0 [0172.202] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5e4e70 [0172.202] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5e4e70, dwRevision=0x1 | out: pSecurityDescriptor=0x5e4e70) returned 1 [0172.202] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5e4e70, bDaclPresent=1, pDacl=0x5e6a38, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5e4e70) returned 1 [0172.202] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x2d0000 [0172.202] SetEntriesInAclA () returned 0x0 [0172.202] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5e6f50 [0172.202] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5e6f50, dwRevision=0x1 | out: pSecurityDescriptor=0x5e6f50) returned 1 [0172.202] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5e6f50, bDaclPresent=1, pDacl=0x5e6fa8, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5e6f50) returned 1 [0172.202] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x2e0000 [0172.202] SetEntriesInAclA () returned 0x0 [0172.202] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5e6f70 [0172.203] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5e6f70, dwRevision=0x1 | out: pSecurityDescriptor=0x5e6f70) returned 1 [0172.203] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5e6f70, bDaclPresent=1, pDacl=0x5e7020, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5e6f70) returned 1 [0172.203] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x403110 | out: lpWSAData=0x403110) returned 0 [0172.247] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="uwkkwwAk") returned 0xf4 [0172.247] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="DakkIgow") returned 0xf8 [0172.247] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x370000 [0172.284] VirtualAlloc (lpAddress=0x0, dwSize=0x402, flAllocationType=0x3000, flProtect=0x40) returned 0x380000 [0172.285] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x390000 [0172.285] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3a0000 [0172.285] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3b0000 [0172.285] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3c0000 [0172.285] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d0000 [0172.285] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3e0000 [0172.285] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x390000, nSize=0x1000 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0172.286] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x3a0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0172.288] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou"), lpSecurityAttributes=0x458dca) returned 0 [0172.302] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU", dwFileAttributes=0x6) returned 1 [0172.307] GetCurrentThreadId () returned 0x4cc [0172.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xed72b3a0, dwHighDateTime=0x1d6076c)) [0172.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xed72b3a0, dwHighDateTime=0x1d6076c)) [0172.307] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0172.307] GetCurrentThreadId () returned 0x4cc [0172.307] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou")) returned 0x16 [0172.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0172.307] CreateFileMappingA (hFile=0xfc, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x100 [0172.307] MapViewOfFile (hFileMappingObject=0x100, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3f0000 [0172.308] ReleaseMutex (hMutex=0xf4) returned 1 [0172.308] CreateDirectoryW (lpPathName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc"), lpSecurityAttributes=0x458dca) returned 0 [0172.309] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc", dwFileAttributes=0x6) returned 1 [0172.309] GetCurrentThreadId () returned 0x4cc [0172.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xed7328d0, dwHighDateTime=0x1d6076c)) [0172.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xed7328d0, dwHighDateTime=0x1d6076c)) [0172.309] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0172.309] GetCurrentThreadId () returned 0x4cc [0172.309] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc")) returned 0x16 [0172.309] CreateFileW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0172.310] CreateFileMappingA (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x108 [0172.310] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x580000 [0172.310] ReleaseMutex (hMutex=0xf4) returned 1 [0172.312] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x590000 [0172.357] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x5b0000 [0172.357] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x5c0000 [0172.358] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x1ef0000 [0172.696] GetUserNameA (in: lpBuffer=0x5c001a, pcbBuffer=0x45db86 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45db86) returned 1 [0172.700] GetUserNameA (in: lpBuffer=0x1ef001a, pcbBuffer=0x45db86 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45db86) returned 1 [0172.701] Sleep (dwMilliseconds=0xff) [0173.087] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f00000 [0173.101] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4620000 [0173.101] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x4620000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0173.102] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4630000 [0173.102] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x463000d, nSize=0x1000 | out: lpBuffer="") returned 0xe [0173.102] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x1f00000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0173.102] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4640000 [0173.105] LookupAccountNameW (in: lpSystemName=0x0, lpAccountName="gjpll9uxb4hpl9ud", Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed | out: Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed) returned 0 [0173.171] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4790000 [0173.190] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0173.190] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x4790000, nSize=0x1000 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag.exe")) returned 0x33 [0173.190] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0173.190] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x4790000, nSize=0x1000 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag.exe")) returned 0x33 [0173.190] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x154) returned 0x0 [0173.190] RegSetValueExW (in: hKey=0x154, lpValueName="BUccwoAg.exe", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe", cbData=0x66 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe") returned 0x0 [0173.190] RegCloseKey (hKey=0x154) returned 0x0 [0173.190] VirtualFree (lpAddress=0x4790000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.193] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg.exe\" " [0173.198] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4790000 [0173.230] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4890000 [0173.235] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4990000 [0173.240] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="è0@") returned 0x154 [0173.240] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="ð0@") returned 0x158 [0173.240] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="ø0@") returned 0x15c [0173.240] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="") returned 0x160 [0173.240] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="\x081@") returned 0x164 [0173.241] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x460360, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x6e4) returned 0x168 [0173.330] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x45e72a, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x6f4) returned 0x16c [0173.331] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x453eac, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x6f8) returned 0x170 [0173.331] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x6fc) returned 0x174 [0173.332] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40bba7, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x700) returned 0x178 [0173.333] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x410a5d, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x704) returned 0x17c [0173.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xedebb430, dwHighDateTime=0x1d6076c)) [0173.348] Sleep (dwMilliseconds=0x12c) [0174.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xee65c630, dwHighDateTime=0x1d6076c)) [0174.203] Sleep (dwMilliseconds=0x12c) [0175.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xeedd4020, dwHighDateTime=0x1d6076c)) [0175.013] Sleep (dwMilliseconds=0x12c) [0175.432] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xef1791d0, dwHighDateTime=0x1d6076c)) [0175.497] Sleep (dwMilliseconds=0x12c) [0175.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xef557590, dwHighDateTime=0x1d6076c)) [0175.839] Sleep (dwMilliseconds=0x12c) [0176.222] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xef90f7f0, dwHighDateTime=0x1d6076c)) [0176.222] Sleep (dwMilliseconds=0x12c) [0176.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xefd86130, dwHighDateTime=0x1d6076c)) [0176.699] Sleep (dwMilliseconds=0x12c) [0177.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf01d6910, dwHighDateTime=0x1d6076c)) [0177.138] Sleep (dwMilliseconds=0x12c) [0177.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf0568a10, dwHighDateTime=0x1d6076c)) [0177.514] Sleep (dwMilliseconds=0x12c) [0178.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf0a778d0, dwHighDateTime=0x1d6076c)) [0178.052] Sleep (dwMilliseconds=0x12c) [0178.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf0dbd710, dwHighDateTime=0x1d6076c)) [0178.393] Sleep (dwMilliseconds=0x12c) [0178.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf119bad0, dwHighDateTime=0x1d6076c)) [0178.802] Sleep (dwMilliseconds=0x12c) [0179.169] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf152dbd0, dwHighDateTime=0x1d6076c)) [0179.169] Sleep (dwMilliseconds=0x12c) [0179.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf18bfcd0, dwHighDateTime=0x1d6076c)) [0179.578] Sleep (dwMilliseconds=0x12c) [0179.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf1c05b10, dwHighDateTime=0x1d6076c)) [0179.968] Sleep (dwMilliseconds=0x12c) [0180.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf1fe3ed0, dwHighDateTime=0x1d6076c)) [0180.367] Sleep (dwMilliseconds=0x12c) [0180.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf239c130, dwHighDateTime=0x1d6076c)) [0180.767] Sleep (dwMilliseconds=0x12c) [0181.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf26e1f70, dwHighDateTime=0x1d6076c)) [0181.111] Sleep (dwMilliseconds=0x12c) [0181.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf2ba4b70, dwHighDateTime=0x1d6076c)) [0181.605] Sleep (dwMilliseconds=0x12c) [0181.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf2e9e6f0, dwHighDateTime=0x1d6076c)) [0181.938] Sleep (dwMilliseconds=0x12c) [0182.319] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf31e4530, dwHighDateTime=0x1d6076c)) [0182.319] Sleep (dwMilliseconds=0x12c) [0182.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf359c790, dwHighDateTime=0x1d6076c)) [0182.714] Sleep (dwMilliseconds=0x12c) [0183.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf38e25d0, dwHighDateTime=0x1d6076c)) [0183.058] Sleep (dwMilliseconds=0x12c) [0183.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf3d32db0, dwHighDateTime=0x1d6076c)) [0183.513] Sleep (dwMilliseconds=0x12c) [0183.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf40c4eb0, dwHighDateTime=0x1d6076c)) [0183.891] Sleep (dwMilliseconds=0x12c) [0184.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf4456fb0, dwHighDateTime=0x1d6076c)) [0184.254] Sleep (dwMilliseconds=0x12c) [0184.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf47e90b0, dwHighDateTime=0x1d6076c)) [0184.804] Sleep (dwMilliseconds=0x12c) [0185.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf4b55050, dwHighDateTime=0x1d6076c)) [0185.796] Sleep (dwMilliseconds=0x12c) [0186.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf4e4ebd0, dwHighDateTime=0x1d6076c)) [0186.973] Sleep (dwMilliseconds=0x12c) [0187.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf5148750, dwHighDateTime=0x1d6076c)) [0187.278] Sleep (dwMilliseconds=0x12c) [0187.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf54422d0, dwHighDateTime=0x1d6076c)) [0187.592] Sleep (dwMilliseconds=0x12c) [0187.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf573be50, dwHighDateTime=0x1d6076c)) [0187.907] Sleep (dwMilliseconds=0x12c) [0188.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf5b1a210, dwHighDateTime=0x1d6076c)) [0188.307] Sleep (dwMilliseconds=0x12c) [0188.667] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf5e861b0, dwHighDateTime=0x1d6076c)) [0188.671] Sleep (dwMilliseconds=0x12c) [0189.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf661c7d0, dwHighDateTime=0x1d6076c)) [0189.469] Sleep (dwMilliseconds=0x12c) [0189.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf6a6cfb0, dwHighDateTime=0x1d6076c)) [0189.915] Sleep (dwMilliseconds=0x12c) [0190.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf6e714d0, dwHighDateTime=0x1d6076c)) [0190.336] Sleep (dwMilliseconds=0x12c) [0190.711] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf72035d0, dwHighDateTime=0x1d6076c)) [0190.712] Sleep (dwMilliseconds=0x12c) [0191.088] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf75956d0, dwHighDateTime=0x1d6076c)) [0191.089] Sleep (dwMilliseconds=0x12c) [0191.443] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf7901670, dwHighDateTime=0x1d6076c)) [0191.443] Sleep (dwMilliseconds=0x12c) [0191.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf7d05b90, dwHighDateTime=0x1d6076c)) [0191.870] Sleep (dwMilliseconds=0x12c) [0192.362] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.362] Sleep (dwMilliseconds=0x12c) [0192.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf849c1b0, dwHighDateTime=0x1d6076c)) [0192.664] Sleep (dwMilliseconds=0x12c) [0192.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf8795d30, dwHighDateTime=0x1d6076c)) [0192.983] Sleep (dwMilliseconds=0x12c) [0193.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf8a8f8b0, dwHighDateTime=0x1d6076c)) [0193.284] Sleep (dwMilliseconds=0x12c) [0193.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.595] Sleep (dwMilliseconds=0x12c) [0193.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf9082fb0, dwHighDateTime=0x1d6076c)) [0193.907] Sleep (dwMilliseconds=0x12c) [0194.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf937cb30, dwHighDateTime=0x1d6076c)) [0194.225] Sleep (dwMilliseconds=0x12c) [0194.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf96766b0, dwHighDateTime=0x1d6076c)) [0194.531] Sleep (dwMilliseconds=0x12c) [0194.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf99bc4f0, dwHighDateTime=0x1d6076c)) [0194.968] Sleep (dwMilliseconds=0x12c) [0195.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf9d02330, dwHighDateTime=0x1d6076c)) [0195.313] Sleep (dwMilliseconds=0x12c) [0195.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf9ffbeb0, dwHighDateTime=0x1d6076c)) [0195.623] Sleep (dwMilliseconds=0x12c) [0195.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfa2f5a30, dwHighDateTime=0x1d6076c)) [0195.950] Sleep (dwMilliseconds=0x12c) [0196.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfa5ef5b0, dwHighDateTime=0x1d6076c)) [0196.248] Sleep (dwMilliseconds=0x12c) [0196.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfa8e9130, dwHighDateTime=0x1d6076c)) [0196.559] Sleep (dwMilliseconds=0x12c) [0196.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfac550d0, dwHighDateTime=0x1d6076c)) [0196.923] Sleep (dwMilliseconds=0x12c) [0197.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfaf74db0, dwHighDateTime=0x1d6076c)) [0197.247] Sleep (dwMilliseconds=0x12c) [0197.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfb294a90, dwHighDateTime=0x1d6076c)) [0197.580] Sleep (dwMilliseconds=0x12c) [0197.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfb5da8d0, dwHighDateTime=0x1d6076c)) [0197.931] Sleep (dwMilliseconds=0x12c) [0198.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfb920710, dwHighDateTime=0x1d6076c)) [0198.272] Sleep (dwMilliseconds=0x12c) [0198.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfbc66550, dwHighDateTime=0x1d6076c)) [0198.603] Sleep (dwMilliseconds=0x12c) [0198.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfbfac390, dwHighDateTime=0x1d6076c)) [0198.946] Sleep (dwMilliseconds=0x12c) [0199.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfc2a5f10, dwHighDateTime=0x1d6076c)) [0199.268] Sleep (dwMilliseconds=0x12c) [0199.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfc59fa90, dwHighDateTime=0x1d6076c)) [0199.570] Sleep (dwMilliseconds=0x12c) [0199.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfc899610, dwHighDateTime=0x1d6076c)) [0199.882] Sleep (dwMilliseconds=0x12c) [0200.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfcb93190, dwHighDateTime=0x1d6076c)) [0200.194] Sleep (dwMilliseconds=0x12c) [0200.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfce8cd10, dwHighDateTime=0x1d6076c)) [0200.509] Sleep (dwMilliseconds=0x12c) [0200.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfd186890, dwHighDateTime=0x1d6076c)) [0200.818] Sleep (dwMilliseconds=0x12c) [0201.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfd4a6570, dwHighDateTime=0x1d6076c)) [0201.146] Sleep (dwMilliseconds=0x12c) [0201.458] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfd7a00f0, dwHighDateTime=0x1d6076c)) [0201.458] Sleep (dwMilliseconds=0x12c) [0201.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfda99c70, dwHighDateTime=0x1d6076c)) [0201.773] Sleep (dwMilliseconds=0x12c) [0202.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfdd937f0, dwHighDateTime=0x1d6076c)) [0202.098] Sleep (dwMilliseconds=0x12c) [0202.443] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfe0d9630, dwHighDateTime=0x1d6076c)) [0202.444] Sleep (dwMilliseconds=0x12c) [0202.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfe3d31b0, dwHighDateTime=0x1d6076c)) [0202.753] Sleep (dwMilliseconds=0x12c) [0203.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfe6ccd30, dwHighDateTime=0x1d6076c)) [0203.066] Sleep (dwMilliseconds=0x12c) [0203.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfe9eca10, dwHighDateTime=0x1d6076c)) [0203.393] Sleep (dwMilliseconds=0x12c) [0203.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfece6590, dwHighDateTime=0x1d6076c)) [0203.704] Sleep (dwMilliseconds=0x12c) [0204.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xff02c3d0, dwHighDateTime=0x1d6076c)) [0204.048] Sleep (dwMilliseconds=0x12c) [0204.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xff325f50, dwHighDateTime=0x1d6076c)) [0204.360] Sleep (dwMilliseconds=0x12c) [0205.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xff645c30, dwHighDateTime=0x1d6076c)) [0205.718] Sleep (dwMilliseconds=0x12c) [0206.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xff93f7b0, dwHighDateTime=0x1d6076c)) [0206.034] Sleep (dwMilliseconds=0x12c) [0206.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xffc39330, dwHighDateTime=0x1d6076c)) [0206.341] Sleep (dwMilliseconds=0x12c) [0206.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfff32eb0, dwHighDateTime=0x1d6076c)) [0206.653] Sleep (dwMilliseconds=0x12c) [0206.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x22ca30, dwHighDateTime=0x1d6076d)) [0206.965] Sleep (dwMilliseconds=0x12c) [0207.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x5265b0, dwHighDateTime=0x1d6076d)) [0207.277] Sleep (dwMilliseconds=0x12c) [0207.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.592] Sleep (dwMilliseconds=0x12c) [0207.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.902] Sleep (dwMilliseconds=0x12c) [0208.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xe13830, dwHighDateTime=0x1d6076d)) [0208.213] Sleep (dwMilliseconds=0x12c) [0208.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1159670, dwHighDateTime=0x1d6076d)) [0208.556] Sleep (dwMilliseconds=0x12c) [0208.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x14531f0, dwHighDateTime=0x1d6076d)) [0208.868] Sleep (dwMilliseconds=0x12c) [0209.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x174cd70, dwHighDateTime=0x1d6076d)) [0209.274] Sleep (dwMilliseconds=0x12c) [0209.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.597] Sleep (dwMilliseconds=0x12c) [0209.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.911] Sleep (dwMilliseconds=0x12c) [0210.211] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2039ff0, dwHighDateTime=0x1d6076d)) [0210.211] Sleep (dwMilliseconds=0x12c) [0210.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x237fe30, dwHighDateTime=0x1d6076d)) [0210.553] Sleep (dwMilliseconds=0x12c) [0210.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26799b0, dwHighDateTime=0x1d6076d)) [0210.867] Sleep (dwMilliseconds=0x12c) [0211.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2973530, dwHighDateTime=0x1d6076d)) [0211.262] Sleep (dwMilliseconds=0x12c) [0211.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2c6d0b0, dwHighDateTime=0x1d6076d)) [0211.567] Sleep (dwMilliseconds=0x12c) [0211.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2f66c30, dwHighDateTime=0x1d6076d)) [0211.881] Sleep (dwMilliseconds=0x12c) [0212.222] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x32aca70, dwHighDateTime=0x1d6076d)) [0212.223] Sleep (dwMilliseconds=0x12c) [0212.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.551] Sleep (dwMilliseconds=0x12c) [0212.862] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x38a0170, dwHighDateTime=0x1d6076d)) [0212.862] Sleep (dwMilliseconds=0x12c) [0213.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x3b99cf0, dwHighDateTime=0x1d6076d)) [0213.174] Sleep (dwMilliseconds=0x12c) [0213.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x3eb99d0, dwHighDateTime=0x1d6076d)) [0213.502] Sleep (dwMilliseconds=0x12c) [0213.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x41b3550, dwHighDateTime=0x1d6076d)) [0213.822] Sleep (dwMilliseconds=0x12c) [0214.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x44ad0d0, dwHighDateTime=0x1d6076d)) [0214.125] Sleep (dwMilliseconds=0x12c) [0214.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x47f2f10, dwHighDateTime=0x1d6076d)) [0214.469] Sleep (dwMilliseconds=0x12c) [0214.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x4b12bf0, dwHighDateTime=0x1d6076d)) [0214.796] Sleep (dwMilliseconds=0x12c) [0215.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.109] Sleep (dwMilliseconds=0x12c) [0215.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x512c450, dwHighDateTime=0x1d6076d)) [0215.440] Sleep (dwMilliseconds=0x12c) [0215.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x5472290, dwHighDateTime=0x1d6076d)) [0215.781] Sleep (dwMilliseconds=0x12c) [0216.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x5791f70, dwHighDateTime=0x1d6076d)) [0216.108] Sleep (dwMilliseconds=0x12c) [0216.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x5afdf10, dwHighDateTime=0x1d6076d)) [0216.474] Sleep (dwMilliseconds=0x12c) [0216.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x5e43d50, dwHighDateTime=0x1d6076d)) [0216.808] Sleep (dwMilliseconds=0x12c) [0217.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x6189b90, dwHighDateTime=0x1d6076d)) [0217.151] Sleep (dwMilliseconds=0x12c) [0217.475] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x6483710, dwHighDateTime=0x1d6076d)) [0217.476] Sleep (dwMilliseconds=0x12c) [0217.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x677d290, dwHighDateTime=0x1d6076d)) [0217.776] Sleep (dwMilliseconds=0x12c) [0218.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x6b0f390, dwHighDateTime=0x1d6076d)) [0218.150] Sleep (dwMilliseconds=0x12c) [0218.462] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x6e08f10, dwHighDateTime=0x1d6076d)) [0218.462] Sleep (dwMilliseconds=0x12c) [0219.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.476] Sleep (dwMilliseconds=0x12c) [0219.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x7c77470, dwHighDateTime=0x1d6076d)) [0219.989] Sleep (dwMilliseconds=0x12c) [0220.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x7fe3410, dwHighDateTime=0x1d6076d)) [0220.334] Sleep (dwMilliseconds=0x12c) [0220.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x839b670, dwHighDateTime=0x1d6076d)) [0220.724] Sleep (dwMilliseconds=0x12c) [0221.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x86e14b0, dwHighDateTime=0x1d6076d)) [0221.067] Sleep (dwMilliseconds=0x12c) [0221.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x8a01190, dwHighDateTime=0x1d6076d)) [0221.401] Sleep (dwMilliseconds=0x12c) [0221.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x8d20e70, dwHighDateTime=0x1d6076d)) [0221.723] Sleep (dwMilliseconds=0x12c) [0222.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x9066cb0, dwHighDateTime=0x1d6076d)) [0222.065] Sleep (dwMilliseconds=0x12c) [0222.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x9360830, dwHighDateTime=0x1d6076d)) [0222.378] Sleep (dwMilliseconds=0x12c) [0222.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x96a6670, dwHighDateTime=0x1d6076d)) [0222.721] Sleep (dwMilliseconds=0x12c) [0223.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.048] Sleep (dwMilliseconds=0x12c) [0223.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x9d0c190, dwHighDateTime=0x1d6076d)) [0223.394] Sleep (dwMilliseconds=0x12c) [0223.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa02be70, dwHighDateTime=0x1d6076d)) [0223.720] Sleep (dwMilliseconds=0x12c) [0224.046] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa34bb50, dwHighDateTime=0x1d6076d)) [0224.046] Sleep (dwMilliseconds=0x12c) [0224.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa66b830, dwHighDateTime=0x1d6076d)) [0224.380] Sleep (dwMilliseconds=0x12c) [0224.702] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa98b510, dwHighDateTime=0x1d6076d)) [0224.703] Sleep (dwMilliseconds=0x12c) [0225.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xacab1f0, dwHighDateTime=0x1d6076d)) [0225.029] Sleep (dwMilliseconds=0x12c) [0225.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xafcaed0, dwHighDateTime=0x1d6076d)) [0225.359] Sleep (dwMilliseconds=0x12c) [0225.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xb2c4a50, dwHighDateTime=0x1d6076d)) [0225.669] Sleep (dwMilliseconds=0x12c) [0226.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xb6309f0, dwHighDateTime=0x1d6076d)) [0226.080] OpenThread (dwDesiredAccess=0x1, bInheritHandle=0, dwThreadId=0x6fc) returned 0x1134 [0226.080] TerminateThread (hThread=0x1134, dwExitCode=0x0) returned 1 [0226.085] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1140 [0226.086] Sleep (dwMilliseconds=0x12c) [0226.418] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xb976830, dwHighDateTime=0x1d6076d)) [0226.418] Sleep (dwMilliseconds=0x12c) [0226.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xbce27d0, dwHighDateTime=0x1d6076d)) [0226.777] Sleep (dwMilliseconds=0x12c) [0227.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xc028610, dwHighDateTime=0x1d6076d)) [0227.120] Sleep (dwMilliseconds=0x12c) [0227.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xc36e450, dwHighDateTime=0x1d6076d)) [0227.464] Sleep (dwMilliseconds=0x12c) [0227.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xc68e130, dwHighDateTime=0x1d6076d)) [0227.792] Sleep (dwMilliseconds=0x12c) [0228.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.108] Sleep (dwMilliseconds=0x12c) [0228.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xcc81830, dwHighDateTime=0x1d6076d)) [0228.415] Sleep (dwMilliseconds=0x12c) [0228.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xcfc7670, dwHighDateTime=0x1d6076d)) [0228.758] Sleep (dwMilliseconds=0x12c) [0229.085] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xd2e7350, dwHighDateTime=0x1d6076d)) [0229.086] Sleep (dwMilliseconds=0x12c) [0229.413] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xd607030, dwHighDateTime=0x1d6076d)) [0229.413] Sleep (dwMilliseconds=0x12c) [0229.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xd900bb0, dwHighDateTime=0x1d6076d)) [0229.730] Sleep (dwMilliseconds=0x12c) [0230.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xdbfa730, dwHighDateTime=0x1d6076d)) [0230.039] Sleep (dwMilliseconds=0x12c) [0230.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xdef42b0, dwHighDateTime=0x1d6076d)) [0230.365] Sleep (dwMilliseconds=0x12c) [0230.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xe1ede30, dwHighDateTime=0x1d6076d)) [0230.677] Sleep (dwMilliseconds=0x12c) [0231.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xe50db10, dwHighDateTime=0x1d6076d)) [0231.004] Sleep (dwMilliseconds=0x12c) [0231.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xe807690, dwHighDateTime=0x1d6076d)) [0231.331] Sleep (dwMilliseconds=0x12c) [0231.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xeb01210, dwHighDateTime=0x1d6076d)) [0231.628] Sleep (dwMilliseconds=0x12c) [0231.942] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xedfad90, dwHighDateTime=0x1d6076d)) [0231.942] Sleep (dwMilliseconds=0x12c) [0232.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf0f4910, dwHighDateTime=0x1d6076d)) [0232.252] Sleep (dwMilliseconds=0x12c) [0232.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf4145f0, dwHighDateTime=0x1d6076d)) [0232.581] Sleep (dwMilliseconds=0x12c) [0232.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.909] Sleep (dwMilliseconds=0x12c) [0233.221] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.221] Sleep (dwMilliseconds=0x12c) [0233.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfd73c90, dwHighDateTime=0x1d6076d)) [0233.570] Sleep (dwMilliseconds=0x12c) [0233.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x10105d90, dwHighDateTime=0x1d6076d)) [0233.940] Sleep (dwMilliseconds=0x12c) [0234.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1044bbd0, dwHighDateTime=0x1d6076d)) [0234.281] Sleep (dwMilliseconds=0x12c) [0234.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x107b7b70, dwHighDateTime=0x1d6076d)) [0234.647] Sleep (dwMilliseconds=0x12c) [0234.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x10ad7850, dwHighDateTime=0x1d6076d)) [0234.983] Sleep (dwMilliseconds=0x12c) [0235.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x10e437f0, dwHighDateTime=0x1d6076d)) [0235.342] Sleep (dwMilliseconds=0x12c) [0235.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x11189630, dwHighDateTime=0x1d6076d)) [0235.685] Sleep (dwMilliseconds=0x12c) [0236.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.024] Sleep (dwMilliseconds=0x12c) [0236.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x117c8ff0, dwHighDateTime=0x1d6076d)) [0236.344] Sleep (dwMilliseconds=0x12c) [0236.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x11ac2b70, dwHighDateTime=0x1d6076d)) [0236.654] Sleep (dwMilliseconds=0x12c) [0236.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x11de2850, dwHighDateTime=0x1d6076d)) [0236.979] Sleep (dwMilliseconds=0x12c) [0237.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x120dc3d0, dwHighDateTime=0x1d6076d)) [0237.334] Sleep (dwMilliseconds=0x12c) [0237.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x123d5f50, dwHighDateTime=0x1d6076d)) [0237.635] Sleep (dwMilliseconds=0x12c) [0237.977] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x126f5c30, dwHighDateTime=0x1d6076d)) [0237.978] Sleep (dwMilliseconds=0x12c) [0238.305] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x12a15910, dwHighDateTime=0x1d6076d)) [0238.305] Sleep (dwMilliseconds=0x12c) [0238.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x12d0f490, dwHighDateTime=0x1d6076d)) [0238.617] Sleep (dwMilliseconds=0x12c) [0238.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x13009010, dwHighDateTime=0x1d6076d)) [0238.939] Sleep (dwMilliseconds=0x12c) [0239.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x13302b90, dwHighDateTime=0x1d6076d)) [0239.241] Sleep (dwMilliseconds=0x12c) [0240.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x135fc710, dwHighDateTime=0x1d6076d)) [0240.879] Sleep (dwMilliseconds=0x12c) [0242.533] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x138f6290, dwHighDateTime=0x1d6076d)) [0242.533] Sleep (dwMilliseconds=0x12c) [0242.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x13befe10, dwHighDateTime=0x1d6076d)) [0242.907] Sleep (dwMilliseconds=0x12c) [0243.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x13ee9990, dwHighDateTime=0x1d6076d)) [0243.219] Sleep (dwMilliseconds=0x12c) [0243.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x141e3510, dwHighDateTime=0x1d6076d)) [0243.531] Sleep (dwMilliseconds=0x12c) [0244.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x144dd090, dwHighDateTime=0x1d6076d)) [0244.061] Sleep (dwMilliseconds=0x12c) [0244.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x147d6c10, dwHighDateTime=0x1d6076d)) [0244.374] Sleep (dwMilliseconds=0x12c) [0244.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x14ad0790, dwHighDateTime=0x1d6076d)) [0244.686] Sleep (dwMilliseconds=0x12c) [0244.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x14dca310, dwHighDateTime=0x1d6076d)) [0244.998] Sleep (dwMilliseconds=0x12c) [0245.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x150c3e90, dwHighDateTime=0x1d6076d)) [0245.310] Sleep (dwMilliseconds=0x12c) [0245.622] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x153bda10, dwHighDateTime=0x1d6076d)) [0245.622] Sleep (dwMilliseconds=0x12c) [0245.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x156b7590, dwHighDateTime=0x1d6076d)) [0245.934] Sleep (dwMilliseconds=0x12c) [0246.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x159b1110, dwHighDateTime=0x1d6076d)) [0246.246] Sleep (dwMilliseconds=0x12c) [0246.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x15caac90, dwHighDateTime=0x1d6076d)) [0246.559] Sleep (dwMilliseconds=0x12c) [0246.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x15fa4810, dwHighDateTime=0x1d6076d)) [0246.870] Sleep (dwMilliseconds=0x12c) [0247.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1629e390, dwHighDateTime=0x1d6076d)) [0247.182] Sleep (dwMilliseconds=0x12c) [0247.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x16597f10, dwHighDateTime=0x1d6076d)) [0247.493] Sleep (dwMilliseconds=0x12c) [0247.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x16891a90, dwHighDateTime=0x1d6076d)) [0247.806] Sleep (dwMilliseconds=0x12c) [0248.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x16b8b610, dwHighDateTime=0x1d6076d)) [0248.118] Sleep (dwMilliseconds=0x12c) [0248.430] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x16e85190, dwHighDateTime=0x1d6076d)) [0248.430] Sleep (dwMilliseconds=0x12c) [0248.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1717ed10, dwHighDateTime=0x1d6076d)) [0248.741] Sleep (dwMilliseconds=0x12c) [0249.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x17478890, dwHighDateTime=0x1d6076d)) [0249.054] Sleep (dwMilliseconds=0x12c) [0249.366] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x17772410, dwHighDateTime=0x1d6076d)) [0249.366] Sleep (dwMilliseconds=0x12c) [0249.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x17a6bf90, dwHighDateTime=0x1d6076d)) [0249.678] OpenThread (dwDesiredAccess=0x1, bInheritHandle=0, dwThreadId=0x43c) returned 0x14e4 [0249.678] TerminateThread (hThread=0x14e4, dwExitCode=0x0) returned 1 [0249.682] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14e8 [0249.683] Sleep (dwMilliseconds=0x12c) [0249.990] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x17d65b10, dwHighDateTime=0x1d6076d)) [0249.990] Sleep (dwMilliseconds=0x12c) [0250.316] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1805f690, dwHighDateTime=0x1d6076d)) [0250.316] Sleep (dwMilliseconds=0x12c) [0250.615] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x18359210, dwHighDateTime=0x1d6076d)) [0250.615] Sleep (dwMilliseconds=0x12c) [0250.926] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x18652d90, dwHighDateTime=0x1d6076d)) [0250.926] Sleep (dwMilliseconds=0x12c) [0251.253] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1894c910, dwHighDateTime=0x1d6076d)) [0251.253] Sleep (dwMilliseconds=0x12c) [0251.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x18c46490, dwHighDateTime=0x1d6076d)) [0251.566] Sleep (dwMilliseconds=0x12c) [0251.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x18f40010, dwHighDateTime=0x1d6076d)) [0251.877] Sleep (dwMilliseconds=0x12c) [0252.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x19239b90, dwHighDateTime=0x1d6076d)) [0252.189] Sleep (dwMilliseconds=0x12c) [0252.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x19533710, dwHighDateTime=0x1d6076d)) [0252.501] Sleep (dwMilliseconds=0x12c) [0252.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1982d290, dwHighDateTime=0x1d6076d)) [0252.813] Sleep (dwMilliseconds=0x12c) [0253.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x19b26e10, dwHighDateTime=0x1d6076d)) [0253.125] Sleep (dwMilliseconds=0x12c) [0253.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x19e20990, dwHighDateTime=0x1d6076d)) [0253.437] Sleep (dwMilliseconds=0x12c) [0253.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1a11a510, dwHighDateTime=0x1d6076d)) [0253.749] Sleep (dwMilliseconds=0x12c) [0254.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1a414090, dwHighDateTime=0x1d6076d)) [0254.062] Sleep (dwMilliseconds=0x12c) [0254.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1a70dc10, dwHighDateTime=0x1d6076d)) [0254.374] Sleep (dwMilliseconds=0x12c) [0254.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1aa07790, dwHighDateTime=0x1d6076d)) [0254.685] Sleep (dwMilliseconds=0x12c) [0254.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1ad01310, dwHighDateTime=0x1d6076d)) [0254.997] Sleep (dwMilliseconds=0x12c) [0255.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1affae90, dwHighDateTime=0x1d6076d)) [0255.309] Sleep (dwMilliseconds=0x12c) [0255.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1b2f4a10, dwHighDateTime=0x1d6076d)) [0255.621] Sleep (dwMilliseconds=0x12c) [0255.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1b5ee590, dwHighDateTime=0x1d6076d)) [0255.933] Sleep (dwMilliseconds=0x12c) [0256.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1b90e270, dwHighDateTime=0x1d6076d)) [0256.265] Sleep (dwMilliseconds=0x12c) [0256.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1bc07df0, dwHighDateTime=0x1d6076d)) [0256.573] Sleep (dwMilliseconds=0x12c) [0256.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1bf01970, dwHighDateTime=0x1d6076d)) [0256.885] Sleep (dwMilliseconds=0x12c) [0257.197] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1c1fb4f0, dwHighDateTime=0x1d6076d)) [0257.197] Sleep (dwMilliseconds=0x12c) [0258.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1c4f5070, dwHighDateTime=0x1d6076d)) [0258.772] Sleep (dwMilliseconds=0x12c) [0259.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1c7eebf0, dwHighDateTime=0x1d6076d)) [0259.085] Sleep (dwMilliseconds=0x12c) [0259.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1cae8770, dwHighDateTime=0x1d6076d)) [0259.396] Sleep (dwMilliseconds=0x12c) [0260.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1cde22f0, dwHighDateTime=0x1d6076d)) [0260.098] Sleep (dwMilliseconds=0x12c) [0260.410] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1d0dbe70, dwHighDateTime=0x1d6076d)) [0260.410] Sleep (dwMilliseconds=0x12c) [0260.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1d3d59f0, dwHighDateTime=0x1d6076d)) [0260.722] Sleep (dwMilliseconds=0x12c) [0261.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1d6cf570, dwHighDateTime=0x1d6076d)) [0261.034] Sleep (dwMilliseconds=0x12c) [0261.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1d9c90f0, dwHighDateTime=0x1d6076d)) [0261.348] Sleep (dwMilliseconds=0x12c) [0261.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1dcc2c70, dwHighDateTime=0x1d6076d)) [0261.658] OpenThread (dwDesiredAccess=0x1, bInheritHandle=0, dwThreadId=0x694) returned 0x36c [0261.658] TerminateThread (hThread=0x36c, dwExitCode=0x0) returned 1 [0261.658] shutdown (s=0x364, how=2) returned 0 [0261.659] closesocket (s=0x364) returned 0 [0261.659] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x364 [0261.661] Sleep (dwMilliseconds=0x12c) [0261.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1dfbc7f0, dwHighDateTime=0x1d6076d)) [0261.971] Sleep (dwMilliseconds=0x12c) [0262.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1e2b6370, dwHighDateTime=0x1d6076d)) [0262.283] Sleep (dwMilliseconds=0x12c) [0262.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1e5afef0, dwHighDateTime=0x1d6076d)) [0262.594] Sleep (dwMilliseconds=0x12c) [0262.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1e8a9a70, dwHighDateTime=0x1d6076d)) [0262.907] Sleep (dwMilliseconds=0x12c) [0263.218] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1eba35f0, dwHighDateTime=0x1d6076d)) [0263.218] Sleep (dwMilliseconds=0x12c) [0263.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1ee9d170, dwHighDateTime=0x1d6076d)) [0263.531] Sleep (dwMilliseconds=0x12c) [0263.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1f196cf0, dwHighDateTime=0x1d6076d)) [0263.843] Sleep (dwMilliseconds=0x12c) [0264.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1f490870, dwHighDateTime=0x1d6076d)) [0264.155] Sleep (dwMilliseconds=0x12c) [0264.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1f78a3f0, dwHighDateTime=0x1d6076d)) [0264.466] Sleep (dwMilliseconds=0x12c) [0264.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1fa83f70, dwHighDateTime=0x1d6076d)) [0264.778] Sleep (dwMilliseconds=0x12c) [0265.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1fd7daf0, dwHighDateTime=0x1d6076d)) [0265.090] Sleep (dwMilliseconds=0x12c) [0265.429] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2009d7d0, dwHighDateTime=0x1d6076d)) [0265.429] Sleep (dwMilliseconds=0x12c) [0265.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x20397350, dwHighDateTime=0x1d6076d)) [0265.730] Sleep (dwMilliseconds=0x12c) [0266.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x20690ed0, dwHighDateTime=0x1d6076d)) [0266.042] Sleep (dwMilliseconds=0x12c) [0266.354] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2098aa50, dwHighDateTime=0x1d6076d)) [0266.354] Sleep (dwMilliseconds=0x12c) [0266.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x20c845d0, dwHighDateTime=0x1d6076d)) [0266.666] Sleep (dwMilliseconds=0x12c) [0267.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x20fa42b0, dwHighDateTime=0x1d6076d)) [0267.002] Sleep (dwMilliseconds=0x12c) [0267.305] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2129de30, dwHighDateTime=0x1d6076d)) [0267.305] Sleep (dwMilliseconds=0x12c) [0267.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x215979b0, dwHighDateTime=0x1d6076d)) [0267.617] Sleep (dwMilliseconds=0x12c) [0267.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x21891530, dwHighDateTime=0x1d6076d)) [0267.929] Sleep (dwMilliseconds=0x12c) [0268.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x21b8b0b0, dwHighDateTime=0x1d6076d)) [0268.242] Sleep (dwMilliseconds=0x12c) [0268.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x21e84c30, dwHighDateTime=0x1d6076d)) [0268.554] Sleep (dwMilliseconds=0x12c) [0268.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x221a4910, dwHighDateTime=0x1d6076d)) [0268.892] Sleep (dwMilliseconds=0x12c) [0269.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2249e490, dwHighDateTime=0x1d6076d)) [0269.196] Sleep (dwMilliseconds=0x12c) [0269.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x22798010, dwHighDateTime=0x1d6076d)) [0269.506] Sleep (dwMilliseconds=0x12c) [0269.817] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x22a91b90, dwHighDateTime=0x1d6076d)) [0269.817] Sleep (dwMilliseconds=0x12c) [0270.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x22d8b710, dwHighDateTime=0x1d6076d)) [0270.129] Sleep (dwMilliseconds=0x12c) [0270.450] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x23085290, dwHighDateTime=0x1d6076d)) [0270.450] Sleep (dwMilliseconds=0x12c) [0270.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2337ee10, dwHighDateTime=0x1d6076d)) [0270.753] Sleep (dwMilliseconds=0x12c) [0271.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x23678990, dwHighDateTime=0x1d6076d)) [0271.081] Sleep (dwMilliseconds=0x12c) [0271.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x23972510, dwHighDateTime=0x1d6076d)) [0271.393] Sleep (dwMilliseconds=0x12c) [0271.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x23c6c090, dwHighDateTime=0x1d6076d)) [0271.712] Sleep (dwMilliseconds=0x12c) [0272.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x23f65c10, dwHighDateTime=0x1d6076d)) [0272.029] Sleep (dwMilliseconds=0x12c) [0272.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.329] Sleep (dwMilliseconds=0x12c) [0272.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x24559310, dwHighDateTime=0x1d6076d)) [0272.641] Sleep (dwMilliseconds=0x12c) [0272.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x24852e90, dwHighDateTime=0x1d6076d)) [0272.953] Sleep (dwMilliseconds=0x12c) [0273.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x24b4ca10, dwHighDateTime=0x1d6076d)) [0273.265] Sleep (dwMilliseconds=0x12c) [0273.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x24e46590, dwHighDateTime=0x1d6076d)) [0273.577] Sleep (dwMilliseconds=0x12c) [0273.912] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x25166270, dwHighDateTime=0x1d6076d)) [0273.912] Sleep (dwMilliseconds=0x12c) [0274.216] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2545fdf0, dwHighDateTime=0x1d6076d)) [0274.216] Sleep (dwMilliseconds=0x12c) [0274.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x25759970, dwHighDateTime=0x1d6076d)) [0274.528] Sleep (dwMilliseconds=0x12c) [0274.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x25a534f0, dwHighDateTime=0x1d6076d)) [0274.840] Sleep (dwMilliseconds=0x12c) [0275.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x25d4d070, dwHighDateTime=0x1d6076d)) [0275.155] Sleep (dwMilliseconds=0x12c) [0275.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26046bf0, dwHighDateTime=0x1d6076d)) [0275.464] Sleep (dwMilliseconds=0x12c) [0275.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x263668d0, dwHighDateTime=0x1d6076d)) [0275.800] Sleep (dwMilliseconds=0x12c) [0276.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26660450, dwHighDateTime=0x1d6076d)) [0276.104] Sleep (dwMilliseconds=0x12c) [0276.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26959fd0, dwHighDateTime=0x1d6076d)) [0276.417] Sleep (dwMilliseconds=0x12c) [0276.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26c53b50, dwHighDateTime=0x1d6076d)) [0276.728] Sleep (dwMilliseconds=0x12c) [0277.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26f4d6d0, dwHighDateTime=0x1d6076d)) [0277.048] Sleep (dwMilliseconds=0x12c) [0277.352] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x27247250, dwHighDateTime=0x1d6076d)) [0277.352] Sleep (dwMilliseconds=0x12c) [0277.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x27540dd0, dwHighDateTime=0x1d6076d)) [0277.664] Sleep (dwMilliseconds=0x12c) [0277.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2783a950, dwHighDateTime=0x1d6076d)) [0277.976] Sleep (dwMilliseconds=0x12c) Thread: id = 380 os_tid = 0x6dc Thread: id = 382 os_tid = 0x6e4 [0173.259] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0173.277] ReleaseMutex (hMutex=0x158) returned 1 [0173.277] GetCurrentThreadId () returned 0x6e4 [0173.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xede34fc0, dwHighDateTime=0x1d6076c)) [0173.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xede34fc0, dwHighDateTime=0x1d6076c)) [0173.277] GetCurrentThreadId () returned 0x6e4 [0173.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xede34fc0, dwHighDateTime=0x1d6076c)) [0173.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xede34fc0, dwHighDateTime=0x1d6076c)) [0173.278] GetCurrentThreadId () returned 0x6e4 [0173.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xede376d0, dwHighDateTime=0x1d6076c)) [0173.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xede376d0, dwHighDateTime=0x1d6076c)) [0173.278] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0173.278] GetCurrentThreadId () returned 0x6e4 [0173.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xede376d0, dwHighDateTime=0x1d6076c)) [0173.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xede376d0, dwHighDateTime=0x1d6076c)) [0173.278] GetTickCount () returned 0x1134155 [0173.278] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0173.278] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4bd0000 [0173.279] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4be0000 [0173.280] VirtualFree (lpAddress=0x4be0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.281] VirtualFree (lpAddress=0x4bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.281] ReleaseMutex (hMutex=0x154) returned 1 [0173.281] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0173.281] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4bd0000 [0173.281] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4be0000 [0173.283] VirtualFree (lpAddress=0x4be0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.284] VirtualFree (lpAddress=0x4bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.284] ReleaseMutex (hMutex=0x154) returned 1 [0173.284] ReleaseMutex (hMutex=0xf4) returned 1 [0173.284] GetCurrentThreadId () returned 0x6e4 [0173.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xede46130, dwHighDateTime=0x1d6076c)) [0173.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xede46130, dwHighDateTime=0x1d6076c)) [0173.284] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0173.284] GetCurrentThreadId () returned 0x6e4 [0173.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xede46130, dwHighDateTime=0x1d6076c)) [0173.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xede46130, dwHighDateTime=0x1d6076c)) [0173.284] GetTickCount () returned 0x1134164 [0173.285] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0173.285] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4bd0000 [0173.285] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4be0000 [0173.286] VirtualFree (lpAddress=0x4be0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.287] VirtualFree (lpAddress=0x4bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.287] ReleaseMutex (hMutex=0x154) returned 1 [0173.287] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0173.287] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4bd0000 [0173.287] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4be0000 [0173.329] VirtualFree (lpAddress=0x4be0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.329] VirtualFree (lpAddress=0x4bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.330] ReleaseMutex (hMutex=0x154) returned 1 [0173.330] ReleaseMutex (hMutex=0xf4) returned 1 [0173.330] GetCurrentThreadId () returned 0x6e4 [0173.330] GetCurrentThreadId () returned 0x6e4 [0173.330] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xedeb3f00, dwHighDateTime=0x1d6076c)) [0173.330] Sleep (dwMilliseconds=0xd65) [0177.058] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0177.058] ReleaseMutex (hMutex=0x158) returned 1 [0177.058] GetCurrentThreadId () returned 0x6e4 [0177.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xf00f20d0, dwHighDateTime=0x1d6076c)) [0177.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xf00f20d0, dwHighDateTime=0x1d6076c)) [0177.058] GetCurrentThreadId () returned 0x6e4 [0177.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xf00f20d0, dwHighDateTime=0x1d6076c)) [0177.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xf00f20d0, dwHighDateTime=0x1d6076c)) [0177.058] GetCurrentThreadId () returned 0x6e4 [0177.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf00f20d0, dwHighDateTime=0x1d6076c)) [0177.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf00f20d0, dwHighDateTime=0x1d6076c)) [0177.058] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0177.058] GetCurrentThreadId () returned 0x6e4 [0177.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xf00f20d0, dwHighDateTime=0x1d6076c)) [0177.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xf00f20d0, dwHighDateTime=0x1d6076c)) [0177.058] GetTickCount () returned 0x1134f97 [0177.081] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0177.099] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0177.100] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0177.102] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.102] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.103] ReleaseMutex (hMutex=0x154) returned 1 [0177.103] GetCurrentThreadId () returned 0x6e4 [0177.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf01644f0, dwHighDateTime=0x1d6076c)) [0177.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf01644f0, dwHighDateTime=0x1d6076c)) [0177.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfed4 | out: lpSystemTimeAsFileTime=0x4bcfed4*(dwLowDateTime=0xf01644f0, dwHighDateTime=0x1d6076c)) [0177.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xf01644f0, dwHighDateTime=0x1d6076c)) [0177.103] GetCurrentThreadId () returned 0x6e4 [0177.103] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0177.103] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0177.104] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0177.106] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.107] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.107] ReleaseMutex (hMutex=0x154) returned 1 [0177.107] ReleaseMutex (hMutex=0xf4) returned 1 [0177.107] GetCurrentThreadId () returned 0x6e4 [0177.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf018a650, dwHighDateTime=0x1d6076c)) [0177.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf018a650, dwHighDateTime=0x1d6076c)) [0177.107] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0177.108] GetCurrentThreadId () returned 0x6e4 [0177.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xf018a650, dwHighDateTime=0x1d6076c)) [0177.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xf018a650, dwHighDateTime=0x1d6076c)) [0177.108] GetTickCount () returned 0x1134fd5 [0177.108] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0177.108] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0177.108] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0177.110] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.111] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.111] ReleaseMutex (hMutex=0x154) returned 1 [0177.111] GetCurrentThreadId () returned 0x6e4 [0177.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf018a650, dwHighDateTime=0x1d6076c)) [0177.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf018a650, dwHighDateTime=0x1d6076c)) [0177.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfed4 | out: lpSystemTimeAsFileTime=0x4bcfed4*(dwLowDateTime=0xf018a650, dwHighDateTime=0x1d6076c)) [0177.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xf018a650, dwHighDateTime=0x1d6076c)) [0177.111] GetCurrentThreadId () returned 0x6e4 [0177.111] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0177.111] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0177.112] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0177.114] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.114] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.115] ReleaseMutex (hMutex=0x154) returned 1 [0177.115] ReleaseMutex (hMutex=0xf4) returned 1 [0177.115] GetCurrentThreadId () returned 0x6e4 [0177.115] GetCurrentThreadId () returned 0x6e4 [0177.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xf018a650, dwHighDateTime=0x1d6076c)) [0177.115] Sleep (dwMilliseconds=0xb79) [0180.191] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0180.191] ReleaseMutex (hMutex=0x158) returned 1 [0180.191] GetCurrentThreadId () returned 0x6e4 [0180.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xf1e1ae50, dwHighDateTime=0x1d6076c)) [0180.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xf1e1ae50, dwHighDateTime=0x1d6076c)) [0180.192] GetCurrentThreadId () returned 0x6e4 [0180.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xf1e1ae50, dwHighDateTime=0x1d6076c)) [0180.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xf1e1ae50, dwHighDateTime=0x1d6076c)) [0180.192] GetCurrentThreadId () returned 0x6e4 [0180.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf1e1ae50, dwHighDateTime=0x1d6076c)) [0180.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf1e1ae50, dwHighDateTime=0x1d6076c)) [0180.192] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0180.192] GetCurrentThreadId () returned 0x6e4 [0180.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xf1e1ae50, dwHighDateTime=0x1d6076c)) [0180.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xf1e1ae50, dwHighDateTime=0x1d6076c)) [0180.192] GetTickCount () returned 0x1135b89 [0180.192] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0180.192] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0180.193] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0180.195] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.195] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.196] ReleaseMutex (hMutex=0x154) returned 1 [0180.196] GetCurrentThreadId () returned 0x6e4 [0180.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.196] GetCurrentThreadId () returned 0x6e4 [0180.196] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0180.196] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0180.196] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0180.198] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.198] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.199] ReleaseMutex (hMutex=0x154) returned 1 [0180.199] ReleaseMutex (hMutex=0xf4) returned 1 [0180.199] GetCurrentThreadId () returned 0x6e4 [0180.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.199] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0180.199] GetCurrentThreadId () returned 0x6e4 [0180.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.199] GetTickCount () returned 0x1135b98 [0180.199] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0180.199] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0180.199] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0180.201] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.201] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.201] ReleaseMutex (hMutex=0x154) returned 1 [0180.201] GetCurrentThreadId () returned 0x6e4 [0180.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.202] GetCurrentThreadId () returned 0x6e4 [0180.202] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0180.202] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0180.202] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0180.204] VirtualFree (lpAddress=0x5220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.204] VirtualFree (lpAddress=0x5210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.204] ReleaseMutex (hMutex=0x154) returned 1 [0180.204] ReleaseMutex (hMutex=0xf4) returned 1 [0180.204] GetCurrentThreadId () returned 0x6e4 [0180.204] GetCurrentThreadId () returned 0x6e4 [0180.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xf1e40fb0, dwHighDateTime=0x1d6076c)) [0180.204] Sleep (dwMilliseconds=0xb4d) [0183.230] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0183.230] ReleaseMutex (hMutex=0x158) returned 1 [0183.234] GetCurrentThreadId () returned 0x6e4 [0183.234] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xf3a854f0, dwHighDateTime=0x1d6076c)) [0183.234] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xf3a854f0, dwHighDateTime=0x1d6076c)) [0183.234] GetCurrentThreadId () returned 0x6e4 [0183.234] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xf3a854f0, dwHighDateTime=0x1d6076c)) [0183.234] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xf3a854f0, dwHighDateTime=0x1d6076c)) [0183.234] GetCurrentThreadId () returned 0x6e4 [0183.234] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf3a854f0, dwHighDateTime=0x1d6076c)) [0183.234] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf3a854f0, dwHighDateTime=0x1d6076c)) [0183.234] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0183.251] GetCurrentThreadId () returned 0x6e4 [0183.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xf3aab650, dwHighDateTime=0x1d6076c)) [0183.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xf3aab650, dwHighDateTime=0x1d6076c)) [0183.251] GetTickCount () returned 0x113673c [0183.251] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0183.252] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5380000 [0183.369] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53a0000 [0183.371] VirtualFree (lpAddress=0x53a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.372] VirtualFree (lpAddress=0x5380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.372] ReleaseMutex (hMutex=0x154) returned 1 [0183.372] GetCurrentThreadId () returned 0x6e4 [0183.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf3bdc150, dwHighDateTime=0x1d6076c)) [0183.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf3bdc150, dwHighDateTime=0x1d6076c)) [0183.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xf3bdc150, dwHighDateTime=0x1d6076c)) [0183.373] GetCurrentThreadId () returned 0x6e4 [0183.373] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0183.373] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5380000 [0183.373] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53a0000 [0183.375] VirtualFree (lpAddress=0x53a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.376] VirtualFree (lpAddress=0x5380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.376] ReleaseMutex (hMutex=0x154) returned 1 [0183.376] ReleaseMutex (hMutex=0xf4) returned 1 [0183.376] GetCurrentThreadId () returned 0x6e4 [0183.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf3bdc150, dwHighDateTime=0x1d6076c)) [0183.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf3bdc150, dwHighDateTime=0x1d6076c)) [0183.376] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0183.376] GetCurrentThreadId () returned 0x6e4 [0183.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xf3bdc150, dwHighDateTime=0x1d6076c)) [0183.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xf3bdc150, dwHighDateTime=0x1d6076c)) [0183.377] GetTickCount () returned 0x11367b9 [0183.377] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0183.377] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5380000 [0183.377] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53a0000 [0183.379] VirtualFree (lpAddress=0x53a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.380] VirtualFree (lpAddress=0x5380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.380] ReleaseMutex (hMutex=0x154) returned 1 [0183.380] GetCurrentThreadId () returned 0x6e4 [0183.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf3c022b0, dwHighDateTime=0x1d6076c)) [0183.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf3c022b0, dwHighDateTime=0x1d6076c)) [0183.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xf3c022b0, dwHighDateTime=0x1d6076c)) [0183.381] GetCurrentThreadId () returned 0x6e4 [0183.381] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0183.381] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5380000 [0183.381] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53a0000 [0183.383] VirtualFree (lpAddress=0x53a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.384] VirtualFree (lpAddress=0x5380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.384] ReleaseMutex (hMutex=0x154) returned 1 [0183.384] ReleaseMutex (hMutex=0xf4) returned 1 [0183.384] GetCurrentThreadId () returned 0x6e4 [0183.384] GetCurrentThreadId () returned 0x6e4 [0183.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xf3c022b0, dwHighDateTime=0x1d6076c)) [0183.384] Sleep (dwMilliseconds=0xc97) [0188.324] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0188.339] ReleaseMutex (hMutex=0x158) returned 1 [0188.339] GetCurrentThreadId () returned 0x6e4 [0188.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.340] GetCurrentThreadId () returned 0x6e4 [0188.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.340] GetCurrentThreadId () returned 0x6e4 [0188.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.340] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0188.340] GetCurrentThreadId () returned 0x6e4 [0188.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.340] GetTickCount () returned 0x11374a4 [0188.340] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0188.340] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5430000 [0188.341] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5590000 [0188.343] VirtualFree (lpAddress=0x5590000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.344] VirtualFree (lpAddress=0x5430000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.344] ReleaseMutex (hMutex=0x154) returned 1 [0188.344] GetCurrentThreadId () returned 0x6e4 [0188.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.345] GetCurrentThreadId () returned 0x6e4 [0188.345] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0188.345] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5430000 [0188.345] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5590000 [0188.348] VirtualFree (lpAddress=0x5590000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.348] VirtualFree (lpAddress=0x5430000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.349] ReleaseMutex (hMutex=0x154) returned 1 [0188.349] ReleaseMutex (hMutex=0xf4) returned 1 [0188.349] GetCurrentThreadId () returned 0x6e4 [0188.349] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.349] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.349] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0188.349] GetCurrentThreadId () returned 0x6e4 [0188.349] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.349] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.349] GetTickCount () returned 0x11374a4 [0188.349] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0188.349] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5430000 [0188.350] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5590000 [0188.352] VirtualFree (lpAddress=0x5590000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.352] VirtualFree (lpAddress=0x5430000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.353] ReleaseMutex (hMutex=0x154) returned 1 [0188.353] GetCurrentThreadId () returned 0x6e4 [0188.353] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.353] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.353] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xf5b664d0, dwHighDateTime=0x1d6076c)) [0188.353] GetCurrentThreadId () returned 0x6e4 [0188.353] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0188.353] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5430000 [0188.475] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5590000 [0188.477] VirtualFree (lpAddress=0x5590000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.477] VirtualFree (lpAddress=0x5430000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.478] ReleaseMutex (hMutex=0x154) returned 1 [0188.478] ReleaseMutex (hMutex=0xf4) returned 1 [0188.478] GetCurrentThreadId () returned 0x6e4 [0188.478] GetCurrentThreadId () returned 0x6e4 [0188.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xf5cbd130, dwHighDateTime=0x1d6076c)) [0188.479] Sleep (dwMilliseconds=0xe90) [0192.482] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0192.482] ReleaseMutex (hMutex=0x158) returned 1 [0192.482] GetCurrentThreadId () returned 0x6e4 [0192.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.482] GetCurrentThreadId () returned 0x6e4 [0192.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.482] GetCurrentThreadId () returned 0x6e4 [0192.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.482] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0192.482] GetCurrentThreadId () returned 0x6e4 [0192.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.482] GetTickCount () returned 0x11384ca [0192.482] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0192.482] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0192.483] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0192.485] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.486] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.486] ReleaseMutex (hMutex=0x154) returned 1 [0192.486] GetCurrentThreadId () returned 0x6e4 [0192.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xf82d3130, dwHighDateTime=0x1d6076c)) [0192.486] GetCurrentThreadId () returned 0x6e4 [0192.486] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0192.487] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0192.487] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0192.489] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.490] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.490] ReleaseMutex (hMutex=0x154) returned 1 [0192.490] ReleaseMutex (hMutex=0xf4) returned 1 [0192.490] GetCurrentThreadId () returned 0x6e4 [0192.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.491] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0192.491] GetCurrentThreadId () returned 0x6e4 [0192.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.491] GetTickCount () returned 0x11384d9 [0192.491] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0192.491] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0192.491] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0192.493] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.494] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.494] ReleaseMutex (hMutex=0x154) returned 1 [0192.494] GetCurrentThreadId () returned 0x6e4 [0192.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.495] GetCurrentThreadId () returned 0x6e4 [0192.495] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0192.495] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0192.495] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0192.497] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.498] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.498] ReleaseMutex (hMutex=0x154) returned 1 [0192.498] ReleaseMutex (hMutex=0xf4) returned 1 [0192.498] GetCurrentThreadId () returned 0x6e4 [0192.498] GetCurrentThreadId () returned 0x6e4 [0192.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.498] Sleep (dwMilliseconds=0xc0f) [0195.670] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0195.670] ReleaseMutex (hMutex=0x158) returned 1 [0195.670] GetCurrentThreadId () returned 0x6e4 [0195.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xfa06e2d0, dwHighDateTime=0x1d6076c)) [0195.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xfa06e2d0, dwHighDateTime=0x1d6076c)) [0195.674] GetCurrentThreadId () returned 0x6e4 [0195.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xfa06e2d0, dwHighDateTime=0x1d6076c)) [0195.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xfa06e2d0, dwHighDateTime=0x1d6076c)) [0195.674] GetCurrentThreadId () returned 0x6e4 [0195.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfa06e2d0, dwHighDateTime=0x1d6076c)) [0195.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfa06e2d0, dwHighDateTime=0x1d6076c)) [0195.674] Sleep (dwMilliseconds=0x32) [0195.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.813] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0195.813] GetCurrentThreadId () returned 0x6e4 [0195.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.813] GetTickCount () returned 0x1139177 [0195.813] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0195.813] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0195.814] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0195.817] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.818] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.818] ReleaseMutex (hMutex=0x154) returned 1 [0195.818] GetCurrentThreadId () returned 0x6e4 [0195.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.818] GetCurrentThreadId () returned 0x6e4 [0195.818] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0195.818] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0195.819] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0195.821] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.822] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.822] ReleaseMutex (hMutex=0x154) returned 1 [0195.822] ReleaseMutex (hMutex=0xf4) returned 1 [0195.822] GetCurrentThreadId () returned 0x6e4 [0195.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.823] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0195.823] GetCurrentThreadId () returned 0x6e4 [0195.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.823] GetTickCount () returned 0x1139177 [0195.823] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0195.823] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0195.823] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0195.826] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.826] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.827] ReleaseMutex (hMutex=0x154) returned 1 [0195.827] GetCurrentThreadId () returned 0x6e4 [0195.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfa1eb090, dwHighDateTime=0x1d6076c)) [0195.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfa1eb090, dwHighDateTime=0x1d6076c)) [0195.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xfa1eb090, dwHighDateTime=0x1d6076c)) [0195.827] GetCurrentThreadId () returned 0x6e4 [0195.827] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0195.827] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0195.827] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0195.830] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.830] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.831] ReleaseMutex (hMutex=0x154) returned 1 [0195.831] ReleaseMutex (hMutex=0xf4) returned 1 [0195.831] GetCurrentThreadId () returned 0x6e4 [0195.831] GetCurrentThreadId () returned 0x6e4 [0195.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xfa1eb090, dwHighDateTime=0x1d6076c)) [0195.831] Sleep (dwMilliseconds=0xb6d) [0198.760] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0198.760] ReleaseMutex (hMutex=0x158) returned 1 [0198.760] GetCurrentThreadId () returned 0x6e4 [0198.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.760] GetCurrentThreadId () returned 0x6e4 [0198.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.761] GetCurrentThreadId () returned 0x6e4 [0198.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.761] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0198.761] GetCurrentThreadId () returned 0x6e4 [0198.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.761] GetTickCount () returned 0x1139cfb [0198.761] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0198.761] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0198.761] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0198.763] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.764] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.764] ReleaseMutex (hMutex=0x154) returned 1 [0198.764] GetCurrentThreadId () returned 0x6e4 [0198.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.764] GetCurrentThreadId () returned 0x6e4 [0198.764] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0198.764] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0198.765] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0198.766] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.767] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.767] ReleaseMutex (hMutex=0x154) returned 1 [0198.767] ReleaseMutex (hMutex=0xf4) returned 1 [0198.767] GetCurrentThreadId () returned 0x6e4 [0198.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.767] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0198.768] GetCurrentThreadId () returned 0x6e4 [0198.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.768] GetTickCount () returned 0x1139cfb [0198.768] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0198.768] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0198.768] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0198.770] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.770] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.770] ReleaseMutex (hMutex=0x154) returned 1 [0198.770] GetCurrentThreadId () returned 0x6e4 [0198.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.771] GetCurrentThreadId () returned 0x6e4 [0198.771] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0198.771] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0198.771] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0198.773] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.773] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.773] ReleaseMutex (hMutex=0x154) returned 1 [0198.773] ReleaseMutex (hMutex=0xf4) returned 1 [0198.774] GetCurrentThreadId () returned 0x6e4 [0198.774] GetCurrentThreadId () returned 0x6e4 [0198.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.774] Sleep (dwMilliseconds=0xab7) [0201.504] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0201.504] ReleaseMutex (hMutex=0x158) returned 1 [0201.504] GetCurrentThreadId () returned 0x6e4 [0201.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.505] GetCurrentThreadId () returned 0x6e4 [0201.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.505] GetCurrentThreadId () returned 0x6e4 [0201.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.505] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0201.505] GetCurrentThreadId () returned 0x6e4 [0201.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.505] GetTickCount () returned 0x113a7b5 [0201.505] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0201.505] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0201.506] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0201.508] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.509] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.509] ReleaseMutex (hMutex=0x154) returned 1 [0201.510] GetCurrentThreadId () returned 0x6e4 [0201.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.510] GetCurrentThreadId () returned 0x6e4 [0201.510] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0201.510] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0201.510] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0201.513] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.513] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.514] ReleaseMutex (hMutex=0x154) returned 1 [0201.514] ReleaseMutex (hMutex=0xf4) returned 1 [0201.514] GetCurrentThreadId () returned 0x6e4 [0201.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.514] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0201.514] GetCurrentThreadId () returned 0x6e4 [0201.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.514] GetTickCount () returned 0x113a7b5 [0201.514] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0201.514] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0201.515] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0201.517] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.518] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.518] ReleaseMutex (hMutex=0x154) returned 1 [0201.518] GetCurrentThreadId () returned 0x6e4 [0201.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xfd812510, dwHighDateTime=0x1d6076c)) [0201.518] GetCurrentThreadId () returned 0x6e4 [0201.519] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0201.519] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0201.519] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0201.522] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.522] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.523] ReleaseMutex (hMutex=0x154) returned 1 [0201.523] ReleaseMutex (hMutex=0xf4) returned 1 [0201.523] GetCurrentThreadId () returned 0x6e4 [0201.523] GetCurrentThreadId () returned 0x6e4 [0201.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xfd838670, dwHighDateTime=0x1d6076c)) [0201.523] Sleep (dwMilliseconds=0xc78) [0205.764] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0205.764] ReleaseMutex (hMutex=0x158) returned 1 [0205.764] GetCurrentThreadId () returned 0x6e4 [0205.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xff6b8050, dwHighDateTime=0x1d6076c)) [0205.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xff6b8050, dwHighDateTime=0x1d6076c)) [0205.764] GetCurrentThreadId () returned 0x6e4 [0205.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xff6b8050, dwHighDateTime=0x1d6076c)) [0205.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xff6b8050, dwHighDateTime=0x1d6076c)) [0205.765] GetCurrentThreadId () returned 0x6e4 [0205.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xff6b8050, dwHighDateTime=0x1d6076c)) [0205.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xff6b8050, dwHighDateTime=0x1d6076c)) [0205.765] Sleep (dwMilliseconds=0x32) [0205.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xff7505d0, dwHighDateTime=0x1d6076c)) [0205.827] Sleep (dwMilliseconds=0x32) [0205.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xff7e8b50, dwHighDateTime=0x1d6076c)) [0205.901] Sleep (dwMilliseconds=0x32) [0205.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xff8810d0, dwHighDateTime=0x1d6076c)) [0205.951] Sleep (dwMilliseconds=0x32) [0206.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.013] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0206.013] GetCurrentThreadId () returned 0x6e4 [0206.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.013] GetTickCount () returned 0x113b53c [0206.013] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0206.013] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0206.014] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0206.016] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.017] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.017] ReleaseMutex (hMutex=0x154) returned 1 [0206.017] GetCurrentThreadId () returned 0x6e4 [0206.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.017] GetCurrentThreadId () returned 0x6e4 [0206.018] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0206.018] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0206.018] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0206.020] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.021] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.021] ReleaseMutex (hMutex=0x154) returned 1 [0206.022] ReleaseMutex (hMutex=0xf4) returned 1 [0206.022] GetCurrentThreadId () returned 0x6e4 [0206.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.022] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0206.022] GetCurrentThreadId () returned 0x6e4 [0206.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.022] GetTickCount () returned 0x113b53c [0206.022] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0206.022] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0206.022] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0206.025] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.025] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.026] ReleaseMutex (hMutex=0x154) returned 1 [0206.026] GetCurrentThreadId () returned 0x6e4 [0206.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xff919650, dwHighDateTime=0x1d6076c)) [0206.026] GetCurrentThreadId () returned 0x6e4 [0206.026] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0206.026] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0206.026] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0206.032] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.032] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.033] ReleaseMutex (hMutex=0x154) returned 1 [0206.033] ReleaseMutex (hMutex=0xf4) returned 1 [0206.033] GetCurrentThreadId () returned 0x6e4 [0206.033] GetCurrentThreadId () returned 0x6e4 [0206.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xff93f7b0, dwHighDateTime=0x1d6076c)) [0206.033] Sleep (dwMilliseconds=0xb31) [0208.908] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0208.908] ReleaseMutex (hMutex=0x158) returned 1 [0208.908] GetCurrentThreadId () returned 0x6e4 [0208.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.908] GetCurrentThreadId () returned 0x6e4 [0208.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.908] GetCurrentThreadId () returned 0x6e4 [0208.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.908] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0208.908] GetCurrentThreadId () returned 0x6e4 [0208.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.908] GetTickCount () returned 0x113c082 [0208.908] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0208.909] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0208.909] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0208.912] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.912] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.913] ReleaseMutex (hMutex=0x154) returned 1 [0208.913] GetCurrentThreadId () returned 0x6e4 [0208.913] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.913] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.913] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.913] GetCurrentThreadId () returned 0x6e4 [0208.913] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0208.913] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0208.914] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0208.916] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.917] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.918] ReleaseMutex (hMutex=0x154) returned 1 [0208.918] ReleaseMutex (hMutex=0xf4) returned 1 [0208.918] GetCurrentThreadId () returned 0x6e4 [0208.918] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.918] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.918] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0208.918] GetCurrentThreadId () returned 0x6e4 [0208.918] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.918] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.918] GetTickCount () returned 0x113c092 [0208.918] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0208.918] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0208.919] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0208.921] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.922] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.922] ReleaseMutex (hMutex=0x154) returned 1 [0208.922] GetCurrentThreadId () returned 0x6e4 [0208.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.922] GetCurrentThreadId () returned 0x6e4 [0208.923] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0208.923] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0208.923] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0208.926] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.926] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.927] ReleaseMutex (hMutex=0x154) returned 1 [0208.927] ReleaseMutex (hMutex=0xf4) returned 1 [0208.927] GetCurrentThreadId () returned 0x6e4 [0208.927] GetCurrentThreadId () returned 0x6e4 [0208.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.927] Sleep (dwMilliseconds=0xe87) [0212.830] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0212.830] ReleaseMutex (hMutex=0x158) returned 1 [0212.830] GetCurrentThreadId () returned 0x6e4 [0212.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x3853eb0, dwHighDateTime=0x1d6076d)) [0212.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x3853eb0, dwHighDateTime=0x1d6076d)) [0212.830] GetCurrentThreadId () returned 0x6e4 [0212.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x3853eb0, dwHighDateTime=0x1d6076d)) [0212.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x3853eb0, dwHighDateTime=0x1d6076d)) [0212.830] GetCurrentThreadId () returned 0x6e4 [0212.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x3853eb0, dwHighDateTime=0x1d6076d)) [0212.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x3853eb0, dwHighDateTime=0x1d6076d)) [0212.830] Sleep (dwMilliseconds=0x32) [0212.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x38ec430, dwHighDateTime=0x1d6076d)) [0212.892] Sleep (dwMilliseconds=0x32) [0212.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x39849b0, dwHighDateTime=0x1d6076d)) [0212.955] Sleep (dwMilliseconds=0x32) [0213.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x3a1cf30, dwHighDateTime=0x1d6076d)) [0213.017] Sleep (dwMilliseconds=0x32) [0213.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x3ab54b0, dwHighDateTime=0x1d6076d)) [0213.080] Sleep (dwMilliseconds=0x32) [0213.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.142] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0213.142] GetCurrentThreadId () returned 0x6e4 [0213.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.143] GetTickCount () returned 0x113d05a [0213.143] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0213.143] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0213.143] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0213.146] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0213.147] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0213.147] ReleaseMutex (hMutex=0x154) returned 1 [0213.147] GetCurrentThreadId () returned 0x6e4 [0213.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.148] GetCurrentThreadId () returned 0x6e4 [0213.148] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0213.148] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0213.148] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0213.151] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0213.151] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0213.151] ReleaseMutex (hMutex=0x154) returned 1 [0213.152] ReleaseMutex (hMutex=0xf4) returned 1 [0213.152] GetCurrentThreadId () returned 0x6e4 [0213.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.152] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0213.152] GetCurrentThreadId () returned 0x6e4 [0213.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.152] GetTickCount () returned 0x113d05a [0213.152] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0213.152] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0213.152] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0213.154] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0213.154] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0213.155] ReleaseMutex (hMutex=0x154) returned 1 [0213.155] GetCurrentThreadId () returned 0x6e4 [0213.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.155] GetCurrentThreadId () returned 0x6e4 [0213.155] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0213.155] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0213.155] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0213.157] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0213.157] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0213.158] ReleaseMutex (hMutex=0x154) returned 1 [0213.158] ReleaseMutex (hMutex=0xf4) returned 1 [0213.158] GetCurrentThreadId () returned 0x6e4 [0213.158] GetCurrentThreadId () returned 0x6e4 [0213.158] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x3b73b90, dwHighDateTime=0x1d6076d)) [0213.158] Sleep (dwMilliseconds=0xc39) [0216.333] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0216.333] ReleaseMutex (hMutex=0x158) returned 1 [0216.333] GetCurrentThreadId () returned 0x6e4 [0216.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.333] GetCurrentThreadId () returned 0x6e4 [0216.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.333] GetCurrentThreadId () returned 0x6e4 [0216.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.334] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0216.334] GetCurrentThreadId () returned 0x6e4 [0216.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.334] GetTickCount () returned 0x113dcc8 [0216.334] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0216.334] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0216.335] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0216.337] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.337] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.338] ReleaseMutex (hMutex=0x154) returned 1 [0216.338] GetCurrentThreadId () returned 0x6e4 [0216.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x59a72b0, dwHighDateTime=0x1d6076d)) [0216.338] GetCurrentThreadId () returned 0x6e4 [0216.338] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0216.338] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0216.339] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0216.341] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.342] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.343] ReleaseMutex (hMutex=0x154) returned 1 [0216.343] ReleaseMutex (hMutex=0xf4) returned 1 [0216.343] GetCurrentThreadId () returned 0x6e4 [0216.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x59cd410, dwHighDateTime=0x1d6076d)) [0216.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x59cd410, dwHighDateTime=0x1d6076d)) [0216.343] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0216.343] GetCurrentThreadId () returned 0x6e4 [0216.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x59cd410, dwHighDateTime=0x1d6076d)) [0216.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x59cd410, dwHighDateTime=0x1d6076d)) [0216.343] GetTickCount () returned 0x113dcd8 [0216.343] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0216.343] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0216.344] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0216.346] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.347] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.347] ReleaseMutex (hMutex=0x154) returned 1 [0216.348] GetCurrentThreadId () returned 0x6e4 [0216.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x59cd410, dwHighDateTime=0x1d6076d)) [0216.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x59cd410, dwHighDateTime=0x1d6076d)) [0216.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x59cd410, dwHighDateTime=0x1d6076d)) [0216.348] GetCurrentThreadId () returned 0x6e4 [0216.348] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0216.348] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0216.348] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0216.351] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.351] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.352] ReleaseMutex (hMutex=0x154) returned 1 [0216.352] ReleaseMutex (hMutex=0xf4) returned 1 [0216.352] GetCurrentThreadId () returned 0x6e4 [0216.352] GetCurrentThreadId () returned 0x6e4 [0216.352] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x59cd410, dwHighDateTime=0x1d6076d)) [0216.352] Sleep (dwMilliseconds=0xd95) [0220.003] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0220.003] ReleaseMutex (hMutex=0x158) returned 1 [0220.003] GetCurrentThreadId () returned 0x6e4 [0220.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.003] GetCurrentThreadId () returned 0x6e4 [0220.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.003] GetCurrentThreadId () returned 0x6e4 [0220.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.003] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0220.003] GetCurrentThreadId () returned 0x6e4 [0220.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.003] GetTickCount () returned 0x113eb1a [0220.003] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0220.003] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0220.004] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0220.006] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0220.007] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0220.008] ReleaseMutex (hMutex=0x154) returned 1 [0220.008] GetCurrentThreadId () returned 0x6e4 [0220.008] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.008] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.008] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.008] GetCurrentThreadId () returned 0x6e4 [0220.008] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0220.008] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0220.009] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0220.011] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0220.011] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0220.012] ReleaseMutex (hMutex=0x154) returned 1 [0220.012] ReleaseMutex (hMutex=0xf4) returned 1 [0220.012] GetCurrentThreadId () returned 0x6e4 [0220.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.012] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0220.012] GetCurrentThreadId () returned 0x6e4 [0220.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.012] GetTickCount () returned 0x113eb2a [0220.012] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0220.012] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0220.013] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0220.015] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0220.016] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0220.016] ReleaseMutex (hMutex=0x154) returned 1 [0220.016] GetCurrentThreadId () returned 0x6e4 [0220.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.017] GetCurrentThreadId () returned 0x6e4 [0220.017] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0220.017] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0220.017] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0220.019] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0220.020] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0220.021] ReleaseMutex (hMutex=0x154) returned 1 [0220.021] ReleaseMutex (hMutex=0xf4) returned 1 [0220.021] GetCurrentThreadId () returned 0x6e4 [0220.021] GetCurrentThreadId () returned 0x6e4 [0220.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.021] Sleep (dwMilliseconds=0xc41) [0223.188] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0223.188] ReleaseMutex (hMutex=0x158) returned 1 [0223.188] GetCurrentThreadId () returned 0x6e4 [0223.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x9b1cfb0, dwHighDateTime=0x1d6076d)) [0223.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x9b1cfb0, dwHighDateTime=0x1d6076d)) [0223.188] GetCurrentThreadId () returned 0x6e4 [0223.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x9b1cfb0, dwHighDateTime=0x1d6076d)) [0223.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x9b1cfb0, dwHighDateTime=0x1d6076d)) [0223.189] GetCurrentThreadId () returned 0x6e4 [0223.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x9b1cfb0, dwHighDateTime=0x1d6076d)) [0223.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x9b1cfb0, dwHighDateTime=0x1d6076d)) [0223.189] Sleep (dwMilliseconds=0x32) [0223.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x9bdb690, dwHighDateTime=0x1d6076d)) [0223.272] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0223.272] GetCurrentThreadId () returned 0x6e4 [0223.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x9bdb690, dwHighDateTime=0x1d6076d)) [0223.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x9bdb690, dwHighDateTime=0x1d6076d)) [0223.273] GetTickCount () returned 0x113f7e6 [0223.276] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0223.294] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0223.295] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0223.297] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0223.297] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0223.297] ReleaseMutex (hMutex=0x154) returned 1 [0223.298] GetCurrentThreadId () returned 0x6e4 [0223.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.298] GetCurrentThreadId () returned 0x6e4 [0223.298] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0223.298] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0223.298] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0223.300] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0223.300] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0223.301] ReleaseMutex (hMutex=0x154) returned 1 [0223.301] ReleaseMutex (hMutex=0xf4) returned 1 [0223.301] GetCurrentThreadId () returned 0x6e4 [0223.301] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.301] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.301] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0223.301] GetCurrentThreadId () returned 0x6e4 [0223.301] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.301] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.301] GetTickCount () returned 0x113f806 [0223.301] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0223.301] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0223.301] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0223.303] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0223.303] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0223.304] ReleaseMutex (hMutex=0x154) returned 1 [0223.304] GetCurrentThreadId () returned 0x6e4 [0223.304] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.304] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.304] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.304] GetCurrentThreadId () returned 0x6e4 [0223.304] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0223.304] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0223.304] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5610000 [0223.306] VirtualFree (lpAddress=0x5610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0223.307] VirtualFree (lpAddress=0x5600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0223.307] ReleaseMutex (hMutex=0x154) returned 1 [0223.307] ReleaseMutex (hMutex=0xf4) returned 1 [0223.307] GetCurrentThreadId () returned 0x6e4 [0223.307] GetCurrentThreadId () returned 0x6e4 [0223.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x9c27950, dwHighDateTime=0x1d6076d)) [0223.307] Sleep (dwMilliseconds=0xa57) [0225.976] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0225.976] ReleaseMutex (hMutex=0x158) returned 1 [0225.976] GetCurrentThreadId () returned 0x6e4 [0225.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.976] GetCurrentThreadId () returned 0x6e4 [0225.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.976] GetCurrentThreadId () returned 0x6e4 [0225.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.976] Sleep (dwMilliseconds=0x32) [0226.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xb6a2e10, dwHighDateTime=0x1d6076d)) [0226.121] Sleep (dwMilliseconds=0x32) [0226.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.231] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0226.231] GetCurrentThreadId () returned 0x6e4 [0226.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.231] GetTickCount () returned 0x114034c [0226.231] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0226.231] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0226.232] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0226.234] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.235] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.235] ReleaseMutex (hMutex=0x154) returned 1 [0226.235] GetCurrentThreadId () returned 0x6e4 [0226.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.236] GetCurrentThreadId () returned 0x6e4 [0226.236] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0226.236] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0226.236] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0226.239] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.239] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.240] ReleaseMutex (hMutex=0x154) returned 1 [0226.240] ReleaseMutex (hMutex=0xf4) returned 1 [0226.240] GetCurrentThreadId () returned 0x6e4 [0226.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.240] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0226.240] GetCurrentThreadId () returned 0x6e4 [0226.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.240] GetTickCount () returned 0x114034c [0226.240] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0226.240] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0226.241] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0226.244] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.244] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.245] ReleaseMutex (hMutex=0x154) returned 1 [0226.245] GetCurrentThreadId () returned 0x6e4 [0226.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xb7ad7b0, dwHighDateTime=0x1d6076d)) [0226.245] GetCurrentThreadId () returned 0x6e4 [0226.245] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0226.245] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0226.246] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0226.248] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.249] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.249] ReleaseMutex (hMutex=0x154) returned 1 [0226.249] ReleaseMutex (hMutex=0xf4) returned 1 [0226.249] GetCurrentThreadId () returned 0x6e4 [0226.249] GetCurrentThreadId () returned 0x6e4 [0226.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xb7d3910, dwHighDateTime=0x1d6076d)) [0226.249] Sleep (dwMilliseconds=0xda5) [0229.772] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0229.772] ReleaseMutex (hMutex=0x158) returned 1 [0229.772] GetCurrentThreadId () returned 0x6e4 [0229.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xd972fd0, dwHighDateTime=0x1d6076d)) [0229.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xd972fd0, dwHighDateTime=0x1d6076d)) [0229.772] GetCurrentThreadId () returned 0x6e4 [0229.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xd972fd0, dwHighDateTime=0x1d6076d)) [0229.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xd972fd0, dwHighDateTime=0x1d6076d)) [0229.772] GetCurrentThreadId () returned 0x6e4 [0229.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xd972fd0, dwHighDateTime=0x1d6076d)) [0229.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xd972fd0, dwHighDateTime=0x1d6076d)) [0229.773] Sleep (dwMilliseconds=0x32) [0229.865] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xda57810, dwHighDateTime=0x1d6076d)) [0229.865] Sleep (dwMilliseconds=0x32) [0229.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xdb15ef0, dwHighDateTime=0x1d6076d)) [0229.949] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0229.949] GetCurrentThreadId () returned 0x6e4 [0229.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xdb15ef0, dwHighDateTime=0x1d6076d)) [0229.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xdb15ef0, dwHighDateTime=0x1d6076d)) [0229.949] GetTickCount () returned 0x11411cc [0229.949] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0229.949] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0229.950] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0229.977] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0229.977] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0229.978] ReleaseMutex (hMutex=0x154) returned 1 [0229.978] GetCurrentThreadId () returned 0x6e4 [0229.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xdb3c050, dwHighDateTime=0x1d6076d)) [0229.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xdb3c050, dwHighDateTime=0x1d6076d)) [0229.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xdb3c050, dwHighDateTime=0x1d6076d)) [0229.978] GetCurrentThreadId () returned 0x6e4 [0229.978] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0229.979] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0229.979] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0229.982] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0229.982] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0229.983] ReleaseMutex (hMutex=0x154) returned 1 [0229.983] ReleaseMutex (hMutex=0xf4) returned 1 [0229.983] GetCurrentThreadId () returned 0x6e4 [0229.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xdb621b0, dwHighDateTime=0x1d6076d)) [0229.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xdb621b0, dwHighDateTime=0x1d6076d)) [0229.983] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0229.983] GetCurrentThreadId () returned 0x6e4 [0229.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xdb621b0, dwHighDateTime=0x1d6076d)) [0229.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xdb621b0, dwHighDateTime=0x1d6076d)) [0229.983] GetTickCount () returned 0x11411ec [0229.983] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0229.983] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0229.984] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0229.986] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0229.987] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0229.987] ReleaseMutex (hMutex=0x154) returned 1 [0229.987] GetCurrentThreadId () returned 0x6e4 [0229.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xdb621b0, dwHighDateTime=0x1d6076d)) [0229.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xdb621b0, dwHighDateTime=0x1d6076d)) [0229.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xdb621b0, dwHighDateTime=0x1d6076d)) [0229.987] GetCurrentThreadId () returned 0x6e4 [0229.987] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0229.987] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0229.988] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0229.989] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0230.038] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0230.039] ReleaseMutex (hMutex=0x154) returned 1 [0230.039] ReleaseMutex (hMutex=0xf4) returned 1 [0230.039] GetCurrentThreadId () returned 0x6e4 [0230.039] GetCurrentThreadId () returned 0x6e4 [0230.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xdbfa730, dwHighDateTime=0x1d6076d)) [0230.039] Sleep (dwMilliseconds=0xc37) [0233.219] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0233.220] ReleaseMutex (hMutex=0x158) returned 1 [0233.220] GetCurrentThreadId () returned 0x6e4 [0233.220] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.220] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.220] GetCurrentThreadId () returned 0x6e4 [0233.220] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.220] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.220] GetCurrentThreadId () returned 0x6e4 [0233.220] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.220] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.220] Sleep (dwMilliseconds=0x32) [0233.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfb12690, dwHighDateTime=0x1d6076d)) [0233.315] Sleep (dwMilliseconds=0x32) [0233.410] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfbf6ed0, dwHighDateTime=0x1d6076d)) [0233.411] Sleep (dwMilliseconds=0x32) [0233.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfcdb710, dwHighDateTime=0x1d6076d)) [0233.501] Sleep (dwMilliseconds=0x32) [0233.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfd73c90, dwHighDateTime=0x1d6076d)) [0233.571] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0233.571] GetCurrentThreadId () returned 0x6e4 [0233.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xfd73c90, dwHighDateTime=0x1d6076d)) [0233.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xfd73c90, dwHighDateTime=0x1d6076d)) [0233.571] GetTickCount () returned 0x1141fe0 [0233.571] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0233.571] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0233.572] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0233.574] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0233.575] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0233.575] ReleaseMutex (hMutex=0x154) returned 1 [0233.575] GetCurrentThreadId () returned 0x6e4 [0233.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfd73c90, dwHighDateTime=0x1d6076d)) [0233.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfd73c90, dwHighDateTime=0x1d6076d)) [0233.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xfd73c90, dwHighDateTime=0x1d6076d)) [0233.575] GetCurrentThreadId () returned 0x6e4 [0233.575] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0233.575] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0233.576] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0233.578] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0233.579] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0233.580] ReleaseMutex (hMutex=0x154) returned 1 [0233.580] ReleaseMutex (hMutex=0xf4) returned 1 [0233.580] GetCurrentThreadId () returned 0x6e4 [0233.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.580] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0233.580] GetCurrentThreadId () returned 0x6e4 [0233.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.580] GetTickCount () returned 0x1141ff0 [0233.580] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0233.580] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0233.581] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0233.583] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0233.583] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0233.584] ReleaseMutex (hMutex=0x154) returned 1 [0233.584] GetCurrentThreadId () returned 0x6e4 [0233.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.584] GetCurrentThreadId () returned 0x6e4 [0233.584] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0233.584] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0233.585] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0233.586] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0233.587] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0233.587] ReleaseMutex (hMutex=0x154) returned 1 [0233.588] ReleaseMutex (hMutex=0xf4) returned 1 [0233.588] GetCurrentThreadId () returned 0x6e4 [0233.588] GetCurrentThreadId () returned 0x6e4 [0233.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.588] Sleep (dwMilliseconds=0x9ff) [0236.168] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0236.168] ReleaseMutex (hMutex=0x158) returned 1 [0236.168] GetCurrentThreadId () returned 0x6e4 [0236.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x116260d0, dwHighDateTime=0x1d6076d)) [0236.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x116260d0, dwHighDateTime=0x1d6076d)) [0236.168] GetCurrentThreadId () returned 0x6e4 [0236.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x116260d0, dwHighDateTime=0x1d6076d)) [0236.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x116260d0, dwHighDateTime=0x1d6076d)) [0236.168] GetCurrentThreadId () returned 0x6e4 [0236.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x116260d0, dwHighDateTime=0x1d6076d)) [0236.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x116260d0, dwHighDateTime=0x1d6076d)) [0236.168] Sleep (dwMilliseconds=0x32) [0236.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1170a910, dwHighDateTime=0x1d6076d)) [0236.261] Sleep (dwMilliseconds=0x32) [0236.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x117c8ff0, dwHighDateTime=0x1d6076d)) [0236.345] Sleep (dwMilliseconds=0x32) [0236.433] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x118ad830, dwHighDateTime=0x1d6076d)) [0236.433] Sleep (dwMilliseconds=0x32) [0236.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x11945db0, dwHighDateTime=0x1d6076d)) [0236.503] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0236.503] GetCurrentThreadId () returned 0x6e4 [0236.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x11945db0, dwHighDateTime=0x1d6076d)) [0236.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x11945db0, dwHighDateTime=0x1d6076d)) [0236.503] GetTickCount () returned 0x1142b45 [0236.503] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0236.504] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0236.504] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0236.507] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0236.508] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0236.508] ReleaseMutex (hMutex=0x154) returned 1 [0236.508] GetCurrentThreadId () returned 0x6e4 [0236.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x11945db0, dwHighDateTime=0x1d6076d)) [0236.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x11945db0, dwHighDateTime=0x1d6076d)) [0236.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x11945db0, dwHighDateTime=0x1d6076d)) [0236.509] GetCurrentThreadId () returned 0x6e4 [0236.509] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0236.509] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0236.509] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0236.512] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0236.512] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0236.513] ReleaseMutex (hMutex=0x154) returned 1 [0236.513] ReleaseMutex (hMutex=0xf4) returned 1 [0236.513] GetCurrentThreadId () returned 0x6e4 [0236.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1196bf10, dwHighDateTime=0x1d6076d)) [0236.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1196bf10, dwHighDateTime=0x1d6076d)) [0236.513] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0236.513] GetCurrentThreadId () returned 0x6e4 [0236.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x1196bf10, dwHighDateTime=0x1d6076d)) [0236.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x1196bf10, dwHighDateTime=0x1d6076d)) [0236.513] GetTickCount () returned 0x1142b55 [0236.513] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0236.513] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0236.514] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0236.518] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0236.518] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0236.519] ReleaseMutex (hMutex=0x154) returned 1 [0236.519] GetCurrentThreadId () returned 0x6e4 [0236.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1196bf10, dwHighDateTime=0x1d6076d)) [0236.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1196bf10, dwHighDateTime=0x1d6076d)) [0236.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x1196bf10, dwHighDateTime=0x1d6076d)) [0236.519] GetCurrentThreadId () returned 0x6e4 [0236.519] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0236.519] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0236.520] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0236.522] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0236.523] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0236.523] ReleaseMutex (hMutex=0x154) returned 1 [0236.523] ReleaseMutex (hMutex=0xf4) returned 1 [0236.523] GetCurrentThreadId () returned 0x6e4 [0236.524] GetCurrentThreadId () returned 0x6e4 [0236.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x1196bf10, dwHighDateTime=0x1d6076d)) [0236.524] Sleep (dwMilliseconds=0xa35) [0239.194] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0239.194] ReleaseMutex (hMutex=0x158) returned 1 [0239.194] GetCurrentThreadId () returned 0x6e4 [0239.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x13290770, dwHighDateTime=0x1d6076d)) [0239.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x13290770, dwHighDateTime=0x1d6076d)) [0239.194] GetCurrentThreadId () returned 0x6e4 [0239.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x13290770, dwHighDateTime=0x1d6076d)) [0239.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x13290770, dwHighDateTime=0x1d6076d)) [0239.194] GetCurrentThreadId () returned 0x6e4 [0239.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x13290770, dwHighDateTime=0x1d6076d)) [0239.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x13290770, dwHighDateTime=0x1d6076d)) [0239.194] Sleep (dwMilliseconds=0x32) [0239.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1334ee50, dwHighDateTime=0x1d6076d)) [0239.274] Sleep (dwMilliseconds=0x32) [0240.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x13433690, dwHighDateTime=0x1d6076d)) [0240.185] Sleep (dwMilliseconds=0x32) [0240.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.754] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0240.754] GetCurrentThreadId () returned 0x6e4 [0240.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.754] GetTickCount () returned 0x114368b [0240.754] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0240.754] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e70000 [0240.755] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0240.757] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.757] VirtualFree (lpAddress=0x4e70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.757] ReleaseMutex (hMutex=0x154) returned 1 [0240.757] GetCurrentThreadId () returned 0x6e4 [0240.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.757] GetCurrentThreadId () returned 0x6e4 [0240.757] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0240.758] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e70000 [0240.758] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0240.759] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.760] VirtualFree (lpAddress=0x4e70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.760] ReleaseMutex (hMutex=0x154) returned 1 [0240.760] ReleaseMutex (hMutex=0xf4) returned 1 [0240.760] GetCurrentThreadId () returned 0x6e4 [0240.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.760] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0240.760] GetCurrentThreadId () returned 0x6e4 [0240.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.760] GetTickCount () returned 0x114368b [0240.760] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0240.760] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e70000 [0240.761] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0240.763] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.763] VirtualFree (lpAddress=0x4e70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.764] ReleaseMutex (hMutex=0x154) returned 1 [0240.764] GetCurrentThreadId () returned 0x6e4 [0240.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.764] GetCurrentThreadId () returned 0x6e4 [0240.764] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0240.764] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e70000 [0240.764] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0240.766] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.766] VirtualFree (lpAddress=0x4e70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.767] ReleaseMutex (hMutex=0x154) returned 1 [0240.767] ReleaseMutex (hMutex=0xf4) returned 1 [0240.767] GetCurrentThreadId () returned 0x6e4 [0240.767] GetCurrentThreadId () returned 0x6e4 [0240.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x134cbc10, dwHighDateTime=0x1d6076d)) [0240.767] Sleep (dwMilliseconds=0xcdb) [0245.668] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0245.668] ReleaseMutex (hMutex=0x158) returned 1 [0245.668] GetCurrentThreadId () returned 0x6e4 [0245.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x1542fe30, dwHighDateTime=0x1d6076d)) [0245.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x1542fe30, dwHighDateTime=0x1d6076d)) [0245.668] GetCurrentThreadId () returned 0x6e4 [0245.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x1542fe30, dwHighDateTime=0x1d6076d)) [0245.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x1542fe30, dwHighDateTime=0x1d6076d)) [0245.668] GetCurrentThreadId () returned 0x6e4 [0245.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1542fe30, dwHighDateTime=0x1d6076d)) [0245.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1542fe30, dwHighDateTime=0x1d6076d)) [0245.668] Sleep (dwMilliseconds=0x32) [0245.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x154c83b0, dwHighDateTime=0x1d6076d)) [0245.730] Sleep (dwMilliseconds=0x32) [0245.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.793] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0245.793] GetCurrentThreadId () returned 0x6e4 [0245.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.793] GetTickCount () returned 0x11443e4 [0245.793] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0245.793] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0245.794] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0245.795] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0245.796] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0245.796] ReleaseMutex (hMutex=0x154) returned 1 [0245.796] GetCurrentThreadId () returned 0x6e4 [0245.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.796] GetCurrentThreadId () returned 0x6e4 [0245.796] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0245.796] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0245.796] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0245.798] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0245.798] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0245.798] ReleaseMutex (hMutex=0x154) returned 1 [0245.798] ReleaseMutex (hMutex=0xf4) returned 1 [0245.798] GetCurrentThreadId () returned 0x6e4 [0245.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.799] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0245.799] GetCurrentThreadId () returned 0x6e4 [0245.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.799] GetTickCount () returned 0x11443e4 [0245.799] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0245.799] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0245.799] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0245.801] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0245.801] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0245.801] ReleaseMutex (hMutex=0x154) returned 1 [0245.801] GetCurrentThreadId () returned 0x6e4 [0245.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.802] GetCurrentThreadId () returned 0x6e4 [0245.802] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0245.802] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0245.802] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0245.803] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0245.804] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0245.804] ReleaseMutex (hMutex=0x154) returned 1 [0245.804] ReleaseMutex (hMutex=0xf4) returned 1 [0245.804] GetCurrentThreadId () returned 0x6e4 [0245.804] GetCurrentThreadId () returned 0x6e4 [0245.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.804] Sleep (dwMilliseconds=0xce9) [0249.100] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0249.100] ReleaseMutex (hMutex=0x158) returned 1 [0249.100] GetCurrentThreadId () returned 0x6e4 [0249.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x174eacb0, dwHighDateTime=0x1d6076d)) [0249.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x174eacb0, dwHighDateTime=0x1d6076d)) [0249.100] GetCurrentThreadId () returned 0x6e4 [0249.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x174eacb0, dwHighDateTime=0x1d6076d)) [0249.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x174eacb0, dwHighDateTime=0x1d6076d)) [0249.100] GetCurrentThreadId () returned 0x6e4 [0249.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x174eacb0, dwHighDateTime=0x1d6076d)) [0249.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x174eacb0, dwHighDateTime=0x1d6076d)) [0249.100] Sleep (dwMilliseconds=0x32) [0249.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x17583230, dwHighDateTime=0x1d6076d)) [0249.162] Sleep (dwMilliseconds=0x32) [0249.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.225] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0249.225] GetCurrentThreadId () returned 0x6e4 [0249.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.225] GetTickCount () returned 0x114514c [0249.225] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0249.225] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0249.226] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0249.228] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0249.228] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0249.229] ReleaseMutex (hMutex=0x154) returned 1 [0249.229] GetCurrentThreadId () returned 0x6e4 [0249.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.229] GetCurrentThreadId () returned 0x6e4 [0249.229] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0249.229] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0249.229] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0249.231] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0249.232] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0249.232] ReleaseMutex (hMutex=0x154) returned 1 [0249.232] ReleaseMutex (hMutex=0xf4) returned 1 [0249.232] GetCurrentThreadId () returned 0x6e4 [0249.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.232] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0249.232] GetCurrentThreadId () returned 0x6e4 [0249.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.233] GetTickCount () returned 0x114514c [0249.233] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0249.233] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0249.233] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0249.235] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0249.235] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0249.236] ReleaseMutex (hMutex=0x154) returned 1 [0249.236] GetCurrentThreadId () returned 0x6e4 [0249.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.236] GetCurrentThreadId () returned 0x6e4 [0249.236] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0249.236] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0249.236] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0249.238] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0249.238] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0249.239] ReleaseMutex (hMutex=0x154) returned 1 [0249.239] ReleaseMutex (hMutex=0xf4) returned 1 [0249.239] GetCurrentThreadId () returned 0x6e4 [0249.239] GetCurrentThreadId () returned 0x6e4 [0249.239] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.239] Sleep (dwMilliseconds=0xc5d) [0252.407] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0252.407] ReleaseMutex (hMutex=0x158) returned 1 [0252.407] GetCurrentThreadId () returned 0x6e4 [0252.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x1944eed0, dwHighDateTime=0x1d6076d)) [0252.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x1944eed0, dwHighDateTime=0x1d6076d)) [0252.407] GetCurrentThreadId () returned 0x6e4 [0252.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x1944eed0, dwHighDateTime=0x1d6076d)) [0252.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x1944eed0, dwHighDateTime=0x1d6076d)) [0252.407] GetCurrentThreadId () returned 0x6e4 [0252.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1944eed0, dwHighDateTime=0x1d6076d)) [0252.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1944eed0, dwHighDateTime=0x1d6076d)) [0252.407] Sleep (dwMilliseconds=0x32) [0252.470] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x194e7450, dwHighDateTime=0x1d6076d)) [0252.470] Sleep (dwMilliseconds=0x32) [0252.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1957f9d0, dwHighDateTime=0x1d6076d)) [0252.532] Sleep (dwMilliseconds=0x32) [0252.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x19617f50, dwHighDateTime=0x1d6076d)) [0252.594] Sleep (dwMilliseconds=0x32) [0252.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x196b04d0, dwHighDateTime=0x1d6076d)) [0252.657] Sleep (dwMilliseconds=0x32) [0252.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.719] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0252.719] GetCurrentThreadId () returned 0x6e4 [0252.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.719] GetTickCount () returned 0x1145ee3 [0252.719] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0252.719] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ec0000 [0252.720] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ed0000 [0252.722] VirtualFree (lpAddress=0x4ed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0252.722] VirtualFree (lpAddress=0x4ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0252.722] ReleaseMutex (hMutex=0x154) returned 1 [0252.722] GetCurrentThreadId () returned 0x6e4 [0252.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.722] GetCurrentThreadId () returned 0x6e4 [0252.722] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0252.723] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ec0000 [0252.723] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ed0000 [0252.725] VirtualFree (lpAddress=0x4ed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0252.725] VirtualFree (lpAddress=0x4ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0252.726] ReleaseMutex (hMutex=0x154) returned 1 [0252.726] ReleaseMutex (hMutex=0xf4) returned 1 [0252.726] GetCurrentThreadId () returned 0x6e4 [0252.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.726] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0252.726] GetCurrentThreadId () returned 0x6e4 [0252.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.726] GetTickCount () returned 0x1145ee3 [0252.726] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0252.726] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ec0000 [0252.727] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ed0000 [0252.729] VirtualFree (lpAddress=0x4ed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0252.729] VirtualFree (lpAddress=0x4ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0252.730] ReleaseMutex (hMutex=0x154) returned 1 [0252.730] GetCurrentThreadId () returned 0x6e4 [0252.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.730] GetCurrentThreadId () returned 0x6e4 [0252.730] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0252.730] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ec0000 [0252.731] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ed0000 [0252.733] VirtualFree (lpAddress=0x4ed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0252.733] VirtualFree (lpAddress=0x4ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0252.733] ReleaseMutex (hMutex=0x154) returned 1 [0252.733] ReleaseMutex (hMutex=0xf4) returned 1 [0252.733] GetCurrentThreadId () returned 0x6e4 [0252.733] GetCurrentThreadId () returned 0x6e4 [0252.734] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x19748a50, dwHighDateTime=0x1d6076d)) [0252.734] Sleep (dwMilliseconds=0xc5b) [0255.886] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0255.886] ReleaseMutex (hMutex=0x158) returned 1 [0255.886] GetCurrentThreadId () returned 0x6e4 [0255.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x1b57c170, dwHighDateTime=0x1d6076d)) [0255.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x1b57c170, dwHighDateTime=0x1d6076d)) [0255.886] GetCurrentThreadId () returned 0x6e4 [0255.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x1b57c170, dwHighDateTime=0x1d6076d)) [0255.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x1b57c170, dwHighDateTime=0x1d6076d)) [0255.886] GetCurrentThreadId () returned 0x6e4 [0255.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1b57c170, dwHighDateTime=0x1d6076d)) [0255.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1b57c170, dwHighDateTime=0x1d6076d)) [0255.886] Sleep (dwMilliseconds=0x32) [0255.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1b6146f0, dwHighDateTime=0x1d6076d)) [0255.949] Sleep (dwMilliseconds=0x32) [0256.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1b6acc70, dwHighDateTime=0x1d6076d)) [0256.013] Sleep (dwMilliseconds=0x32) [0256.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1b7451f0, dwHighDateTime=0x1d6076d)) [0256.074] Sleep (dwMilliseconds=0x32) [0256.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.136] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0256.136] GetCurrentThreadId () returned 0x6e4 [0256.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.136] GetTickCount () returned 0x1146c3b [0256.136] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0256.136] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ec0000 [0256.137] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ed0000 [0256.139] VirtualFree (lpAddress=0x4ed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.139] VirtualFree (lpAddress=0x4ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.140] ReleaseMutex (hMutex=0x154) returned 1 [0256.140] GetCurrentThreadId () returned 0x6e4 [0256.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.140] GetCurrentThreadId () returned 0x6e4 [0256.140] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0256.140] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ec0000 [0256.141] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ed0000 [0256.143] VirtualFree (lpAddress=0x4ed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.143] VirtualFree (lpAddress=0x4ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.144] ReleaseMutex (hMutex=0x154) returned 1 [0256.144] ReleaseMutex (hMutex=0xf4) returned 1 [0256.144] GetCurrentThreadId () returned 0x6e4 [0256.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.144] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0256.144] GetCurrentThreadId () returned 0x6e4 [0256.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.144] GetTickCount () returned 0x1146c3b [0256.144] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0256.144] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ec0000 [0256.145] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ed0000 [0256.147] VirtualFree (lpAddress=0x4ed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.148] VirtualFree (lpAddress=0x4ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.148] ReleaseMutex (hMutex=0x154) returned 1 [0256.148] GetCurrentThreadId () returned 0x6e4 [0256.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x1b7dd770, dwHighDateTime=0x1d6076d)) [0256.148] GetCurrentThreadId () returned 0x6e4 [0256.149] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0256.149] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ec0000 [0256.149] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ed0000 [0256.151] VirtualFree (lpAddress=0x4ed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.152] VirtualFree (lpAddress=0x4ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.152] ReleaseMutex (hMutex=0x154) returned 1 [0256.152] ReleaseMutex (hMutex=0xf4) returned 1 [0256.152] GetCurrentThreadId () returned 0x6e4 [0256.152] GetCurrentThreadId () returned 0x6e4 [0256.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x1b8038d0, dwHighDateTime=0x1d6076d)) [0256.152] Sleep (dwMilliseconds=0xe33) [0261.468] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0261.468] ReleaseMutex (hMutex=0x158) returned 1 [0261.468] GetCurrentThreadId () returned 0x6e4 [0261.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.468] GetCurrentThreadId () returned 0x6e4 [0261.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.468] GetCurrentThreadId () returned 0x6e4 [0261.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.468] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0261.469] GetCurrentThreadId () returned 0x6e4 [0261.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.469] GetTickCount () returned 0x1147a8d [0261.469] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0261.469] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53d0000 [0261.469] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53e0000 [0261.471] VirtualFree (lpAddress=0x53e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.471] VirtualFree (lpAddress=0x53d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.471] ReleaseMutex (hMutex=0x154) returned 1 [0261.471] GetCurrentThreadId () returned 0x6e4 [0261.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.472] GetCurrentThreadId () returned 0x6e4 [0261.472] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0261.472] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53d0000 [0261.472] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53e0000 [0261.474] VirtualFree (lpAddress=0x53e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.474] VirtualFree (lpAddress=0x53d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.474] ReleaseMutex (hMutex=0x154) returned 1 [0261.474] ReleaseMutex (hMutex=0xf4) returned 1 [0261.474] GetCurrentThreadId () returned 0x6e4 [0261.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.474] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0261.474] GetCurrentThreadId () returned 0x6e4 [0261.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.474] GetTickCount () returned 0x1147a9d [0261.474] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0261.475] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53d0000 [0261.475] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53e0000 [0261.477] VirtualFree (lpAddress=0x53e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.477] VirtualFree (lpAddress=0x53d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.477] ReleaseMutex (hMutex=0x154) returned 1 [0261.477] GetCurrentThreadId () returned 0x6e4 [0261.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.478] GetCurrentThreadId () returned 0x6e4 [0261.478] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0261.478] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53d0000 [0261.478] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x53e0000 [0261.480] VirtualFree (lpAddress=0x53e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.480] VirtualFree (lpAddress=0x53d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.480] ReleaseMutex (hMutex=0x154) returned 1 [0261.480] ReleaseMutex (hMutex=0xf4) returned 1 [0261.480] GetCurrentThreadId () returned 0x6e4 [0261.480] GetCurrentThreadId () returned 0x6e4 [0261.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x1daf9bf0, dwHighDateTime=0x1d6076d)) [0261.480] Sleep (dwMilliseconds=0xde2) [0265.028] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0265.028] ReleaseMutex (hMutex=0x158) returned 1 [0265.028] GetCurrentThreadId () returned 0x6e4 [0265.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.028] GetCurrentThreadId () returned 0x6e4 [0265.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.028] GetCurrentThreadId () returned 0x6e4 [0265.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.028] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0265.028] GetCurrentThreadId () returned 0x6e4 [0265.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.028] GetTickCount () returned 0x1148881 [0265.028] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0265.028] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0265.029] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0265.030] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.031] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.031] ReleaseMutex (hMutex=0x154) returned 1 [0265.031] GetCurrentThreadId () returned 0x6e4 [0265.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.031] GetCurrentThreadId () returned 0x6e4 [0265.031] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0265.031] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0265.031] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0265.033] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.033] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.034] ReleaseMutex (hMutex=0x154) returned 1 [0265.034] ReleaseMutex (hMutex=0xf4) returned 1 [0265.034] GetCurrentThreadId () returned 0x6e4 [0265.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.034] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0265.034] GetCurrentThreadId () returned 0x6e4 [0265.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.034] GetTickCount () returned 0x1148881 [0265.034] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0265.034] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0265.034] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0265.036] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.037] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.037] ReleaseMutex (hMutex=0x154) returned 1 [0265.037] GetCurrentThreadId () returned 0x6e4 [0265.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.037] GetCurrentThreadId () returned 0x6e4 [0265.037] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0265.037] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0265.038] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e90000 [0265.040] VirtualFree (lpAddress=0x4e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.040] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.040] ReleaseMutex (hMutex=0x154) returned 1 [0265.040] ReleaseMutex (hMutex=0xf4) returned 1 [0265.040] GetCurrentThreadId () returned 0x6e4 [0265.040] GetCurrentThreadId () returned 0x6e4 [0265.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.040] Sleep (dwMilliseconds=0xdbb) [0268.554] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0268.554] ReleaseMutex (hMutex=0x158) returned 1 [0268.554] GetCurrentThreadId () returned 0x6e4 [0268.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x21e84c30, dwHighDateTime=0x1d6076d)) [0268.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x21e84c30, dwHighDateTime=0x1d6076d)) [0268.554] GetCurrentThreadId () returned 0x6e4 [0268.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x21e84c30, dwHighDateTime=0x1d6076d)) [0268.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x21e84c30, dwHighDateTime=0x1d6076d)) [0268.554] GetCurrentThreadId () returned 0x6e4 [0268.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x21e84c30, dwHighDateTime=0x1d6076d)) [0268.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x21e84c30, dwHighDateTime=0x1d6076d)) [0268.554] Sleep (dwMilliseconds=0x32) [0268.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x21f1d1b0, dwHighDateTime=0x1d6076d)) [0268.616] Sleep (dwMilliseconds=0x32) [0268.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x21fb5730, dwHighDateTime=0x1d6076d)) [0268.678] Sleep (dwMilliseconds=0x32) [0268.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x2204dcb0, dwHighDateTime=0x1d6076d)) [0268.741] Sleep (dwMilliseconds=0x32) [0268.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x220e6230, dwHighDateTime=0x1d6076d)) [0268.806] Sleep (dwMilliseconds=0x32) [0268.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x221a4910, dwHighDateTime=0x1d6076d)) [0268.892] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0268.892] GetCurrentThreadId () returned 0x6e4 [0268.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x221a4910, dwHighDateTime=0x1d6076d)) [0268.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x221a4910, dwHighDateTime=0x1d6076d)) [0268.892] GetTickCount () returned 0x114978f [0268.893] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0268.893] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0268.893] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0268.895] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0268.896] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0268.897] ReleaseMutex (hMutex=0x154) returned 1 [0268.897] GetCurrentThreadId () returned 0x6e4 [0268.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.897] GetCurrentThreadId () returned 0x6e4 [0268.897] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0268.897] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0268.898] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0268.900] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0268.900] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0268.900] ReleaseMutex (hMutex=0x154) returned 1 [0268.900] ReleaseMutex (hMutex=0xf4) returned 1 [0268.901] GetCurrentThreadId () returned 0x6e4 [0268.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.901] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0268.901] GetCurrentThreadId () returned 0x6e4 [0268.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.901] GetTickCount () returned 0x114979e [0268.901] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0268.901] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0268.901] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0268.903] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0268.904] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0268.904] ReleaseMutex (hMutex=0x154) returned 1 [0268.904] GetCurrentThreadId () returned 0x6e4 [0268.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.905] GetCurrentThreadId () returned 0x6e4 [0268.905] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0268.905] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0268.905] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0268.907] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0268.908] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0268.908] ReleaseMutex (hMutex=0x154) returned 1 [0268.908] ReleaseMutex (hMutex=0xf4) returned 1 [0268.908] GetCurrentThreadId () returned 0x6e4 [0268.908] GetCurrentThreadId () returned 0x6e4 [0268.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.908] Sleep (dwMilliseconds=0xc9b) [0272.141] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0272.142] ReleaseMutex (hMutex=0x158) returned 1 [0272.142] GetCurrentThreadId () returned 0x6e4 [0272.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x24096710, dwHighDateTime=0x1d6076d)) [0272.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x24096710, dwHighDateTime=0x1d6076d)) [0272.142] GetCurrentThreadId () returned 0x6e4 [0272.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x24096710, dwHighDateTime=0x1d6076d)) [0272.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x24096710, dwHighDateTime=0x1d6076d)) [0272.142] GetCurrentThreadId () returned 0x6e4 [0272.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x24096710, dwHighDateTime=0x1d6076d)) [0272.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x24096710, dwHighDateTime=0x1d6076d)) [0272.142] Sleep (dwMilliseconds=0x32) [0272.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x2412ec90, dwHighDateTime=0x1d6076d)) [0272.204] Sleep (dwMilliseconds=0x32) [0272.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x241c7210, dwHighDateTime=0x1d6076d)) [0272.266] Sleep (dwMilliseconds=0x32) [0272.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.329] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0272.329] GetCurrentThreadId () returned 0x6e4 [0272.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.329] GetTickCount () returned 0x114a4f7 [0272.329] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0272.329] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0272.330] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0272.331] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.332] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.332] ReleaseMutex (hMutex=0x154) returned 1 [0272.332] GetCurrentThreadId () returned 0x6e4 [0272.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.332] GetCurrentThreadId () returned 0x6e4 [0272.332] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0272.332] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0272.333] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0272.334] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.335] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.335] ReleaseMutex (hMutex=0x154) returned 1 [0272.335] ReleaseMutex (hMutex=0xf4) returned 1 [0272.335] GetCurrentThreadId () returned 0x6e4 [0272.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.335] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0272.336] GetCurrentThreadId () returned 0x6e4 [0272.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.336] GetTickCount () returned 0x114a4f7 [0272.336] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0272.336] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0272.336] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0272.338] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.338] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.338] ReleaseMutex (hMutex=0x154) returned 1 [0272.338] GetCurrentThreadId () returned 0x6e4 [0272.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.338] GetCurrentThreadId () returned 0x6e4 [0272.338] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0272.339] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0272.339] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0272.340] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.341] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.341] ReleaseMutex (hMutex=0x154) returned 1 [0272.341] ReleaseMutex (hMutex=0xf4) returned 1 [0272.341] GetCurrentThreadId () returned 0x6e4 [0272.341] GetCurrentThreadId () returned 0x6e4 [0272.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.341] Sleep (dwMilliseconds=0xc63) [0275.511] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0275.511] ReleaseMutex (hMutex=0x158) returned 1 [0275.511] GetCurrentThreadId () returned 0x6e4 [0275.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x260b9010, dwHighDateTime=0x1d6076d)) [0275.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff50 | out: lpSystemTimeAsFileTime=0x4bcff50*(dwLowDateTime=0x260b9010, dwHighDateTime=0x1d6076d)) [0275.511] GetCurrentThreadId () returned 0x6e4 [0275.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x260b9010, dwHighDateTime=0x1d6076d)) [0275.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff30 | out: lpSystemTimeAsFileTime=0x4bcff30*(dwLowDateTime=0x260b9010, dwHighDateTime=0x1d6076d)) [0275.511] GetCurrentThreadId () returned 0x6e4 [0275.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x260b9010, dwHighDateTime=0x1d6076d)) [0275.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x260b9010, dwHighDateTime=0x1d6076d)) [0275.511] Sleep (dwMilliseconds=0x32) [0275.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x26151590, dwHighDateTime=0x1d6076d)) [0275.574] Sleep (dwMilliseconds=0x32) [0275.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x261e9b10, dwHighDateTime=0x1d6076d)) [0275.636] Sleep (dwMilliseconds=0x32) [0275.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x26282090, dwHighDateTime=0x1d6076d)) [0275.698] Sleep (dwMilliseconds=0x32) [0275.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x2631a610, dwHighDateTime=0x1d6076d)) [0275.763] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0275.763] GetCurrentThreadId () returned 0x6e4 [0275.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x2631a610, dwHighDateTime=0x1d6076d)) [0275.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x2631a610, dwHighDateTime=0x1d6076d)) [0275.763] GetTickCount () returned 0x114b25f [0275.763] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0275.763] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0275.765] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0275.770] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0275.771] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0275.772] ReleaseMutex (hMutex=0x154) returned 1 [0275.772] GetCurrentThreadId () returned 0x6e4 [0275.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x2631a610, dwHighDateTime=0x1d6076d)) [0275.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x2631a610, dwHighDateTime=0x1d6076d)) [0275.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x2631a610, dwHighDateTime=0x1d6076d)) [0275.772] GetCurrentThreadId () returned 0x6e4 [0275.772] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0275.773] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0275.774] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0275.780] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0275.781] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0275.782] ReleaseMutex (hMutex=0x154) returned 1 [0275.782] ReleaseMutex (hMutex=0xf4) returned 1 [0275.782] GetCurrentThreadId () returned 0x6e4 [0275.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x26340770, dwHighDateTime=0x1d6076d)) [0275.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfef0 | out: lpSystemTimeAsFileTime=0x4bcfef0*(dwLowDateTime=0x26340770, dwHighDateTime=0x1d6076d)) [0275.782] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0275.783] GetCurrentThreadId () returned 0x6e4 [0275.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff10 | out: lpSystemTimeAsFileTime=0x4bcff10*(dwLowDateTime=0x26340770, dwHighDateTime=0x1d6076d)) [0275.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfee8 | out: lpSystemTimeAsFileTime=0x4bcfee8*(dwLowDateTime=0x26340770, dwHighDateTime=0x1d6076d)) [0275.783] GetTickCount () returned 0x114b26e [0275.783] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0275.783] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0275.784] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0275.789] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0275.790] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0275.791] ReleaseMutex (hMutex=0x154) returned 1 [0275.791] GetCurrentThreadId () returned 0x6e4 [0275.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x263668d0, dwHighDateTime=0x1d6076d)) [0275.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff04 | out: lpSystemTimeAsFileTime=0x4bcff04*(dwLowDateTime=0x263668d0, dwHighDateTime=0x1d6076d)) [0275.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcfebc | out: lpSystemTimeAsFileTime=0x4bcfebc*(dwLowDateTime=0x263668d0, dwHighDateTime=0x1d6076d)) [0275.792] GetCurrentThreadId () returned 0x6e4 [0275.792] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x1b58) returned 0x0 [0275.792] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0275.793] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4eb0000 [0275.799] VirtualFree (lpAddress=0x4eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0275.799] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0275.800] ReleaseMutex (hMutex=0x154) returned 1 [0275.800] ReleaseMutex (hMutex=0xf4) returned 1 [0275.800] GetCurrentThreadId () returned 0x6e4 [0275.800] GetCurrentThreadId () returned 0x6e4 [0275.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4bcff70 | out: lpSystemTimeAsFileTime=0x4bcff70*(dwLowDateTime=0x263668d0, dwHighDateTime=0x1d6076d)) [0275.800] Sleep (dwMilliseconds=0xadb) Thread: id = 386 os_tid = 0x6f4 [0173.350] GetCurrentProcessId () returned 0x4c8 [0173.350] ProcessIdToSessionId (in: dwProcessId=0x4c8, pSessionId=0x45e6fe | out: pSessionId=0x45e6fe) returned 1 [0173.352] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="HYMEMkcU1") returned 0x180 [0173.352] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="LcQMUQsg1") returned 0x184 [0173.352] GetCurrentThreadId () returned 0x6f4 [0173.352] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xedee7350, dwHighDateTime=0x1d6076c)) [0173.352] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xedee7350, dwHighDateTime=0x1d6076c)) [0173.352] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0x3e8) returned 0x0 [0173.380] GetCurrentThreadId () returned 0x6f4 [0173.380] Sleep (dwMilliseconds=0x4b1) [0175.013] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0175.014] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0175.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xeedd6730, dwHighDateTime=0x1d6076c)) [0175.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xeedd6730, dwHighDateTime=0x1d6076c)) [0175.014] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0x16 [0175.015] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0x20 [0175.015] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x0 [0175.307] Sleep (dwMilliseconds=0x151) [0175.813] GetCurrentThreadId () returned 0x6f4 [0175.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xef531430, dwHighDateTime=0x1d6076c)) [0175.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xef531430, dwHighDateTime=0x1d6076c)) [0175.813] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x0 [0175.813] GetCurrentThreadId () returned 0x6f4 [0175.813] ReleaseMutex (hMutex=0x184) returned 1 [0175.813] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0175.813] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a8 [0175.816] Process32First (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0175.817] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x48, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0175.817] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0175.817] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0175.818] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0175.818] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0175.818] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0175.819] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0175.819] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0175.819] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0175.820] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.820] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.821] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.821] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.821] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.822] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0175.822] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.822] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1a8, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0175.823] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.823] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0175.824] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.824] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0175.824] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0175.825] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x52c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0175.825] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x534, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0175.825] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0175.826] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.826] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0175.827] Process32Next (in: hSnapshot=0x1a8, lppe=0x45e8a5 | out: lppe=0x45e8a5*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 0 [0175.827] CloseHandle (hObject=0x1a8) returned 1 [0175.827] CreateProcessW (in: lpApplicationName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x46249e*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x46248e | out: lpCommandLine=0x0, lpProcessInformation=0x46248e*(hProcess=0x1a8, hThread=0x194, dwProcessId=0x730, dwThreadId=0x734)) returned 1 [0176.308] Sleep (dwMilliseconds=0xea60) [0188.248] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0188.248] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0188.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf5a81c90, dwHighDateTime=0x1d6076c)) [0188.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf5a81c90, dwHighDateTime=0x1d6076c)) [0188.252] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0x16 [0188.271] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0x20 [0188.272] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x0 [0188.272] Sleep (dwMilliseconds=0x151) [0188.665] GetCurrentThreadId () returned 0x6f4 [0188.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf5e60050, dwHighDateTime=0x1d6076c)) [0188.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf5e60050, dwHighDateTime=0x1d6076c)) [0188.665] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0189.490] GetCurrentThreadId () returned 0x6f4 [0189.490] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0189.490] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0189.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf6642930, dwHighDateTime=0x1d6076c)) [0189.490] Sleep (dwMilliseconds=0x151) [0189.915] GetCurrentThreadId () returned 0x6f4 [0189.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf6a6cfb0, dwHighDateTime=0x1d6076c)) [0189.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf6a6cfb0, dwHighDateTime=0x1d6076c)) [0189.915] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0190.338] GetCurrentThreadId () returned 0x6f4 [0190.338] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0190.341] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0190.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf6e714d0, dwHighDateTime=0x1d6076c)) [0190.342] Sleep (dwMilliseconds=0x151) [0190.712] GetCurrentThreadId () returned 0x6f4 [0190.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf72035d0, dwHighDateTime=0x1d6076c)) [0190.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf72035d0, dwHighDateTime=0x1d6076c)) [0190.713] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0191.089] GetCurrentThreadId () returned 0x6f4 [0191.089] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0191.089] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0191.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf75956d0, dwHighDateTime=0x1d6076c)) [0191.089] Sleep (dwMilliseconds=0x151) [0191.593] GetCurrentThreadId () returned 0x6f4 [0191.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf7a582d0, dwHighDateTime=0x1d6076c)) [0191.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf7a582d0, dwHighDateTime=0x1d6076c)) [0191.593] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0191.958] GetCurrentThreadId () returned 0x6f4 [0191.958] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0191.958] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0191.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf7dea3d0, dwHighDateTime=0x1d6076c)) [0191.958] Sleep (dwMilliseconds=0x151) [0192.501] GetCurrentThreadId () returned 0x6f4 [0192.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.501] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0192.838] GetCurrentThreadId () returned 0x6f4 [0192.838] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0192.838] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0192.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf863f0d0, dwHighDateTime=0x1d6076c)) [0192.838] Sleep (dwMilliseconds=0x151) [0193.174] GetCurrentThreadId () returned 0x6f4 [0193.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf8984f10, dwHighDateTime=0x1d6076c)) [0193.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf8984f10, dwHighDateTime=0x1d6076c)) [0193.174] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0193.517] GetCurrentThreadId () returned 0x6f4 [0193.517] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0193.517] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0193.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf8ccad50, dwHighDateTime=0x1d6076c)) [0193.517] Sleep (dwMilliseconds=0x151) [0193.874] GetCurrentThreadId () returned 0x6f4 [0193.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf9010b90, dwHighDateTime=0x1d6076c)) [0193.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf9010b90, dwHighDateTime=0x1d6076c)) [0193.874] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0194.207] GetCurrentThreadId () returned 0x6f4 [0194.207] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0194.207] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0194.207] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf93569d0, dwHighDateTime=0x1d6076c)) [0194.207] Sleep (dwMilliseconds=0x151) [0194.562] GetCurrentThreadId () returned 0x6f4 [0194.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf96c2970, dwHighDateTime=0x1d6076c)) [0194.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf96c2970, dwHighDateTime=0x1d6076c)) [0194.563] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0195.015] GetCurrentThreadId () returned 0x6f4 [0195.015] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0195.015] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0195.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf9a2e910, dwHighDateTime=0x1d6076c)) [0195.015] Sleep (dwMilliseconds=0x151) [0195.359] GetCurrentThreadId () returned 0x6f4 [0195.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.359] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0195.763] GetCurrentThreadId () returned 0x6f4 [0195.763] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0195.763] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0195.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfa152b10, dwHighDateTime=0x1d6076c)) [0195.763] Sleep (dwMilliseconds=0x151) [0196.138] GetCurrentThreadId () returned 0x6f4 [0196.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfa4e4c10, dwHighDateTime=0x1d6076c)) [0196.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfa4e4c10, dwHighDateTime=0x1d6076c)) [0196.138] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0196.513] GetCurrentThreadId () returned 0x6f4 [0196.513] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0196.513] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0196.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfa876d10, dwHighDateTime=0x1d6076c)) [0196.513] Sleep (dwMilliseconds=0x151) [0196.857] GetCurrentThreadId () returned 0x6f4 [0196.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfabbcb50, dwHighDateTime=0x1d6076c)) [0196.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfabbcb50, dwHighDateTime=0x1d6076c)) [0196.857] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0197.206] GetCurrentThreadId () returned 0x6f4 [0197.206] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0197.206] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0197.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfaf02990, dwHighDateTime=0x1d6076c)) [0197.206] Sleep (dwMilliseconds=0x151) [0197.556] GetCurrentThreadId () returned 0x6f4 [0197.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfb2487d0, dwHighDateTime=0x1d6076c)) [0197.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfb2487d0, dwHighDateTime=0x1d6076c)) [0197.556] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0197.930] GetCurrentThreadId () returned 0x6f4 [0197.930] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0197.930] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0197.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfb5da8d0, dwHighDateTime=0x1d6076c)) [0197.930] Sleep (dwMilliseconds=0x151) [0198.272] GetCurrentThreadId () returned 0x6f4 [0198.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfb920710, dwHighDateTime=0x1d6076c)) [0198.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfb920710, dwHighDateTime=0x1d6076c)) [0198.272] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0198.604] GetCurrentThreadId () returned 0x6f4 [0198.604] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0198.604] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0198.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfbc66550, dwHighDateTime=0x1d6076c)) [0198.604] Sleep (dwMilliseconds=0x151) [0198.947] GetCurrentThreadId () returned 0x6f4 [0198.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfbfac390, dwHighDateTime=0x1d6076c)) [0198.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfbfac390, dwHighDateTime=0x1d6076c)) [0198.947] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0199.289] GetCurrentThreadId () returned 0x6f4 [0199.289] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0199.289] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0199.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfc2f21d0, dwHighDateTime=0x1d6076c)) [0199.289] Sleep (dwMilliseconds=0x151) [0199.664] GetCurrentThreadId () returned 0x6f4 [0199.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfc6842d0, dwHighDateTime=0x1d6076c)) [0199.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfc6842d0, dwHighDateTime=0x1d6076c)) [0199.664] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0200.007] GetCurrentThreadId () returned 0x6f4 [0200.007] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0200.007] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0200.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfc9ca110, dwHighDateTime=0x1d6076c)) [0200.007] Sleep (dwMilliseconds=0x151) [0200.350] GetCurrentThreadId () returned 0x6f4 [0200.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfcd0ff50, dwHighDateTime=0x1d6076c)) [0200.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfcd0ff50, dwHighDateTime=0x1d6076c)) [0200.350] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0200.709] GetCurrentThreadId () returned 0x6f4 [0200.709] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0200.709] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0200.709] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfd07bef0, dwHighDateTime=0x1d6076c)) [0200.709] Sleep (dwMilliseconds=0x151) [0201.052] GetCurrentThreadId () returned 0x6f4 [0201.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfd3c1d30, dwHighDateTime=0x1d6076c)) [0201.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfd3c1d30, dwHighDateTime=0x1d6076c)) [0201.052] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0201.395] GetCurrentThreadId () returned 0x6f4 [0201.395] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0201.395] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0201.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfd707b70, dwHighDateTime=0x1d6076c)) [0201.396] Sleep (dwMilliseconds=0x151) [0201.738] GetCurrentThreadId () returned 0x6f4 [0201.738] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfda4d9b0, dwHighDateTime=0x1d6076c)) [0201.738] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfda4d9b0, dwHighDateTime=0x1d6076c)) [0201.739] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0202.097] GetCurrentThreadId () returned 0x6f4 [0202.097] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0202.097] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0202.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfdd937f0, dwHighDateTime=0x1d6076c)) [0202.098] Sleep (dwMilliseconds=0x151) [0202.444] GetCurrentThreadId () returned 0x6f4 [0202.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfe0d9630, dwHighDateTime=0x1d6076c)) [0202.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfe0d9630, dwHighDateTime=0x1d6076c)) [0202.444] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0202.815] GetCurrentThreadId () returned 0x6f4 [0202.815] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0202.815] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0202.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfe46b730, dwHighDateTime=0x1d6076c)) [0202.815] Sleep (dwMilliseconds=0x151) [0203.161] GetCurrentThreadId () returned 0x6f4 [0203.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.161] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0203.532] GetCurrentThreadId () returned 0x6f4 [0203.532] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0203.533] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0203.533] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.533] Sleep (dwMilliseconds=0x151) [0203.907] GetCurrentThreadId () returned 0x6f4 [0203.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfeed5770, dwHighDateTime=0x1d6076c)) [0203.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfeed5770, dwHighDateTime=0x1d6076c)) [0203.907] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0204.264] GetCurrentThreadId () returned 0x6f4 [0204.264] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0204.264] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0204.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xff21b5b0, dwHighDateTime=0x1d6076c)) [0204.264] Sleep (dwMilliseconds=0x151) [0205.623] GetCurrentThreadId () returned 0x6f4 [0205.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xff5613f0, dwHighDateTime=0x1d6076c)) [0205.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xff5613f0, dwHighDateTime=0x1d6076c)) [0205.623] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0205.966] GetCurrentThreadId () returned 0x6f4 [0205.966] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0205.966] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0205.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xff8a7230, dwHighDateTime=0x1d6076c)) [0205.966] Sleep (dwMilliseconds=0x151) [0206.309] GetCurrentThreadId () returned 0x6f4 [0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xffbed070, dwHighDateTime=0x1d6076c)) [0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xffbed070, dwHighDateTime=0x1d6076c)) [0206.310] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0206.652] GetCurrentThreadId () returned 0x6f4 [0206.652] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0206.653] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0206.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfff32eb0, dwHighDateTime=0x1d6076c)) [0206.653] Sleep (dwMilliseconds=0x151) [0206.996] GetCurrentThreadId () returned 0x6f4 [0206.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x278cf0, dwHighDateTime=0x1d6076d)) [0206.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x278cf0, dwHighDateTime=0x1d6076d)) [0206.996] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0207.340] GetCurrentThreadId () returned 0x6f4 [0207.340] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0207.340] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0207.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x5beb30, dwHighDateTime=0x1d6076d)) [0207.340] Sleep (dwMilliseconds=0x151) [0207.682] GetCurrentThreadId () returned 0x6f4 [0207.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x904970, dwHighDateTime=0x1d6076d)) [0207.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x904970, dwHighDateTime=0x1d6076d)) [0207.682] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0208.056] GetCurrentThreadId () returned 0x6f4 [0208.056] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0208.057] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0208.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xc96a70, dwHighDateTime=0x1d6076d)) [0208.057] Sleep (dwMilliseconds=0x151) [0208.401] GetCurrentThreadId () returned 0x6f4 [0208.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfdc8b0, dwHighDateTime=0x1d6076d)) [0208.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xfdc8b0, dwHighDateTime=0x1d6076d)) [0208.401] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0208.774] GetCurrentThreadId () returned 0x6f4 [0208.774] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0208.774] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0208.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x136e9b0, dwHighDateTime=0x1d6076d)) [0208.774] Sleep (dwMilliseconds=0x151) [0209.226] GetCurrentThreadId () returned 0x6f4 [0209.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x16da950, dwHighDateTime=0x1d6076d)) [0209.227] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x16da950, dwHighDateTime=0x1d6076d)) [0209.227] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0209.581] GetCurrentThreadId () returned 0x6f4 [0209.581] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0209.581] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0209.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1a20790, dwHighDateTime=0x1d6076d)) [0209.581] Sleep (dwMilliseconds=0x151) [0209.914] GetCurrentThreadId () returned 0x6f4 [0209.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1d665d0, dwHighDateTime=0x1d6076d)) [0209.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1d665d0, dwHighDateTime=0x1d6076d)) [0209.914] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0210.256] GetCurrentThreadId () returned 0x6f4 [0210.256] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0210.256] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0210.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x20ac410, dwHighDateTime=0x1d6076d)) [0210.256] Sleep (dwMilliseconds=0x151) [0210.600] GetCurrentThreadId () returned 0x6f4 [0210.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x23f2250, dwHighDateTime=0x1d6076d)) [0210.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x23f2250, dwHighDateTime=0x1d6076d)) [0210.600] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0211.024] GetCurrentThreadId () returned 0x6f4 [0211.025] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0211.025] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0211.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x2738090, dwHighDateTime=0x1d6076d)) [0211.025] Sleep (dwMilliseconds=0x151) [0211.364] GetCurrentThreadId () returned 0x6f4 [0211.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x2a7ded0, dwHighDateTime=0x1d6076d)) [0211.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x2a7ded0, dwHighDateTime=0x1d6076d)) [0211.364] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0211.722] GetCurrentThreadId () returned 0x6f4 [0211.722] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0211.722] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0211.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x2de9e70, dwHighDateTime=0x1d6076d)) [0211.722] Sleep (dwMilliseconds=0x151) [0212.097] GetCurrentThreadId () returned 0x6f4 [0212.097] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x317bf70, dwHighDateTime=0x1d6076d)) [0212.097] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x317bf70, dwHighDateTime=0x1d6076d)) [0212.097] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0212.440] GetCurrentThreadId () returned 0x6f4 [0212.440] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0212.440] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0212.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x34c1db0, dwHighDateTime=0x1d6076d)) [0212.441] Sleep (dwMilliseconds=0x151) [0212.799] GetCurrentThreadId () returned 0x6f4 [0212.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x3807bf0, dwHighDateTime=0x1d6076d)) [0212.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x3807bf0, dwHighDateTime=0x1d6076d)) [0212.799] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0213.142] GetCurrentThreadId () returned 0x6f4 [0213.142] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0213.142] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0213.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x3b4da30, dwHighDateTime=0x1d6076d)) [0213.142] Sleep (dwMilliseconds=0x151) [0213.501] GetCurrentThreadId () returned 0x6f4 [0213.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x3eb99d0, dwHighDateTime=0x1d6076d)) [0213.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x3eb99d0, dwHighDateTime=0x1d6076d)) [0213.501] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0213.860] GetCurrentThreadId () returned 0x6f4 [0213.860] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0213.860] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0213.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x4225970, dwHighDateTime=0x1d6076d)) [0213.860] Sleep (dwMilliseconds=0x151) [0214.204] GetCurrentThreadId () returned 0x6f4 [0214.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x456b7b0, dwHighDateTime=0x1d6076d)) [0214.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x456b7b0, dwHighDateTime=0x1d6076d)) [0214.204] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0214.562] GetCurrentThreadId () returned 0x6f4 [0214.562] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0214.562] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0214.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x48d7750, dwHighDateTime=0x1d6076d)) [0214.562] Sleep (dwMilliseconds=0x151) [0214.936] GetCurrentThreadId () returned 0x6f4 [0214.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x4c69850, dwHighDateTime=0x1d6076d)) [0214.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x4c69850, dwHighDateTime=0x1d6076d)) [0214.936] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0215.329] GetCurrentThreadId () returned 0x6f4 [0215.329] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0215.329] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0215.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x5021ab0, dwHighDateTime=0x1d6076d)) [0215.329] Sleep (dwMilliseconds=0x151) [0215.780] GetCurrentThreadId () returned 0x6f4 [0215.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x5472290, dwHighDateTime=0x1d6076d)) [0215.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x5472290, dwHighDateTime=0x1d6076d)) [0215.780] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0216.155] GetCurrentThreadId () returned 0x6f4 [0216.156] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0216.156] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0216.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x5804390, dwHighDateTime=0x1d6076d)) [0216.156] Sleep (dwMilliseconds=0x151) [0216.498] GetCurrentThreadId () returned 0x6f4 [0216.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x5b4a1d0, dwHighDateTime=0x1d6076d)) [0216.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x5b4a1d0, dwHighDateTime=0x1d6076d)) [0216.498] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0216.855] GetCurrentThreadId () returned 0x6f4 [0216.855] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0216.855] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0216.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x5eb6170, dwHighDateTime=0x1d6076d)) [0216.855] Sleep (dwMilliseconds=0x151) [0217.246] GetCurrentThreadId () returned 0x6f4 [0217.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x626e3d0, dwHighDateTime=0x1d6076d)) [0217.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x626e3d0, dwHighDateTime=0x1d6076d)) [0217.247] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0217.592] GetCurrentThreadId () returned 0x6f4 [0217.592] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0217.592] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0217.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x65b4210, dwHighDateTime=0x1d6076d)) [0217.593] Sleep (dwMilliseconds=0x151) [0217.948] GetCurrentThreadId () returned 0x6f4 [0217.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x69201b0, dwHighDateTime=0x1d6076d)) [0217.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x69201b0, dwHighDateTime=0x1d6076d)) [0217.948] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0218.290] GetCurrentThreadId () returned 0x6f4 [0218.290] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0218.290] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0218.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x6c65ff0, dwHighDateTime=0x1d6076d)) [0218.290] Sleep (dwMilliseconds=0x151) [0218.666] GetCurrentThreadId () returned 0x6f4 [0218.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x6ff80f0, dwHighDateTime=0x1d6076d)) [0218.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x6ff80f0, dwHighDateTime=0x1d6076d)) [0218.666] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0219.489] GetCurrentThreadId () returned 0x6f4 [0219.489] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0219.489] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0219.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.489] Sleep (dwMilliseconds=0x151) [0220.021] GetCurrentThreadId () returned 0x6f4 [0220.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x7cc3730, dwHighDateTime=0x1d6076d)) [0220.021] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0220.427] GetCurrentThreadId () returned 0x6f4 [0220.427] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0220.427] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0220.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x80c7c50, dwHighDateTime=0x1d6076d)) [0220.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x80c7c50, dwHighDateTime=0x1d6076d)) [0220.428] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0x16 [0220.428] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0x20 [0220.428] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x0 [0220.428] Sleep (dwMilliseconds=0x151) [0220.801] GetCurrentThreadId () returned 0x6f4 [0220.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x8459d50, dwHighDateTime=0x1d6076d)) [0220.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x8459d50, dwHighDateTime=0x1d6076d)) [0220.802] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0221.145] GetCurrentThreadId () returned 0x6f4 [0221.145] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0221.145] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0221.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x879fb90, dwHighDateTime=0x1d6076d)) [0221.145] Sleep (dwMilliseconds=0x151) [0221.488] GetCurrentThreadId () returned 0x6f4 [0221.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x8ae59d0, dwHighDateTime=0x1d6076d)) [0221.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x8ae59d0, dwHighDateTime=0x1d6076d)) [0221.488] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0221.833] GetCurrentThreadId () returned 0x6f4 [0221.833] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0221.833] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0221.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x8e2b810, dwHighDateTime=0x1d6076d)) [0221.833] Sleep (dwMilliseconds=0x151) [0222.190] GetCurrentThreadId () returned 0x6f4 [0222.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x91977b0, dwHighDateTime=0x1d6076d)) [0222.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x91977b0, dwHighDateTime=0x1d6076d)) [0222.190] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0222.533] GetCurrentThreadId () returned 0x6f4 [0222.533] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0222.534] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0222.534] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x94dd5f0, dwHighDateTime=0x1d6076d)) [0222.534] Sleep (dwMilliseconds=0x151) [0222.908] GetCurrentThreadId () returned 0x6f4 [0222.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x986f6f0, dwHighDateTime=0x1d6076d)) [0222.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x986f6f0, dwHighDateTime=0x1d6076d)) [0222.908] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0223.272] GetCurrentThreadId () returned 0x6f4 [0223.272] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0223.272] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0223.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x9bdb690, dwHighDateTime=0x1d6076d)) [0223.272] Sleep (dwMilliseconds=0x151) [0223.611] GetCurrentThreadId () returned 0x6f4 [0223.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x9f214d0, dwHighDateTime=0x1d6076d)) [0223.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x9f214d0, dwHighDateTime=0x1d6076d)) [0223.611] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0223.956] GetCurrentThreadId () returned 0x6f4 [0223.956] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0223.956] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0223.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xa267310, dwHighDateTime=0x1d6076d)) [0223.956] Sleep (dwMilliseconds=0x151) [0224.296] GetCurrentThreadId () returned 0x6f4 [0224.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xa5ad150, dwHighDateTime=0x1d6076d)) [0224.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xa5ad150, dwHighDateTime=0x1d6076d)) [0224.296] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0224.656] GetCurrentThreadId () returned 0x6f4 [0224.656] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0224.656] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0224.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xa9190f0, dwHighDateTime=0x1d6076d)) [0224.656] Sleep (dwMilliseconds=0x151) [0225.029] GetCurrentThreadId () returned 0x6f4 [0225.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xacab1f0, dwHighDateTime=0x1d6076d)) [0225.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xacab1f0, dwHighDateTime=0x1d6076d)) [0225.029] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0225.404] GetCurrentThreadId () returned 0x6f4 [0225.405] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0225.405] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0225.405] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xb03d2f0, dwHighDateTime=0x1d6076d)) [0225.405] Sleep (dwMilliseconds=0x151) [0225.763] GetCurrentThreadId () returned 0x6f4 [0225.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xb3a9290, dwHighDateTime=0x1d6076d)) [0225.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xb3a9290, dwHighDateTime=0x1d6076d)) [0225.763] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0226.193] GetCurrentThreadId () returned 0x6f4 [0226.193] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0226.193] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0226.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xb73b390, dwHighDateTime=0x1d6076d)) [0226.193] Sleep (dwMilliseconds=0x151) [0226.543] GetCurrentThreadId () returned 0x6f4 [0226.543] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xbaa7330, dwHighDateTime=0x1d6076d)) [0226.543] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xbaa7330, dwHighDateTime=0x1d6076d)) [0226.543] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0226.919] GetCurrentThreadId () returned 0x6f4 [0226.919] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0226.919] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0226.919] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xbe39430, dwHighDateTime=0x1d6076d)) [0226.919] Sleep (dwMilliseconds=0x151) [0227.291] GetCurrentThreadId () returned 0x6f4 [0227.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xc1cb530, dwHighDateTime=0x1d6076d)) [0227.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xc1cb530, dwHighDateTime=0x1d6076d)) [0227.291] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0227.635] GetCurrentThreadId () returned 0x6f4 [0227.635] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0227.635] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0227.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xc511370, dwHighDateTime=0x1d6076d)) [0227.635] Sleep (dwMilliseconds=0x151) [0228.011] GetCurrentThreadId () returned 0x6f4 [0228.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xc8a3470, dwHighDateTime=0x1d6076d)) [0228.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xc8a3470, dwHighDateTime=0x1d6076d)) [0228.011] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0228.367] GetCurrentThreadId () returned 0x6f4 [0228.367] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0228.368] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0228.368] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xcc0f410, dwHighDateTime=0x1d6076d)) [0228.368] Sleep (dwMilliseconds=0x151) [0228.758] GetCurrentThreadId () returned 0x6f4 [0228.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xcfc7670, dwHighDateTime=0x1d6076d)) [0228.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xcfc7670, dwHighDateTime=0x1d6076d)) [0228.758] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0229.132] GetCurrentThreadId () returned 0x6f4 [0229.132] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0229.132] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0229.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xd359770, dwHighDateTime=0x1d6076d)) [0229.133] Sleep (dwMilliseconds=0x151) [0229.506] GetCurrentThreadId () returned 0x6f4 [0229.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xd6eb870, dwHighDateTime=0x1d6076d)) [0229.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xd6eb870, dwHighDateTime=0x1d6076d)) [0229.506] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0229.866] GetCurrentThreadId () returned 0x6f4 [0229.866] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0229.866] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0229.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xda57810, dwHighDateTime=0x1d6076d)) [0229.866] Sleep (dwMilliseconds=0x151) [0230.225] GetCurrentThreadId () returned 0x6f4 [0230.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.225] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0230.583] GetCurrentThreadId () returned 0x6f4 [0230.583] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0230.583] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0230.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xe1095f0, dwHighDateTime=0x1d6076d)) [0230.583] Sleep (dwMilliseconds=0x151) [0230.957] GetCurrentThreadId () returned 0x6f4 [0230.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xe49b6f0, dwHighDateTime=0x1d6076d)) [0230.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xe49b6f0, dwHighDateTime=0x1d6076d)) [0230.958] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0231.331] GetCurrentThreadId () returned 0x6f4 [0231.331] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0231.331] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0231.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xe807690, dwHighDateTime=0x1d6076d)) [0231.331] Sleep (dwMilliseconds=0x151) [0231.676] GetCurrentThreadId () returned 0x6f4 [0231.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xeb73630, dwHighDateTime=0x1d6076d)) [0231.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xeb73630, dwHighDateTime=0x1d6076d)) [0231.676] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0232.034] GetCurrentThreadId () returned 0x6f4 [0232.034] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0232.034] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0232.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xeedf5d0, dwHighDateTime=0x1d6076d)) [0232.034] Sleep (dwMilliseconds=0x151) [0232.392] GetCurrentThreadId () returned 0x6f4 [0232.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf24b570, dwHighDateTime=0x1d6076d)) [0232.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf24b570, dwHighDateTime=0x1d6076d)) [0232.392] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0232.782] GetCurrentThreadId () returned 0x6f4 [0232.782] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0232.783] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0232.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xf6037d0, dwHighDateTime=0x1d6076d)) [0232.783] Sleep (dwMilliseconds=0x151) [0233.141] GetCurrentThreadId () returned 0x6f4 [0233.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf96f770, dwHighDateTime=0x1d6076d)) [0233.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0xf96f770, dwHighDateTime=0x1d6076d)) [0233.141] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0233.524] GetCurrentThreadId () returned 0x6f4 [0233.525] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0233.525] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0233.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0xfd01870, dwHighDateTime=0x1d6076d)) [0233.525] Sleep (dwMilliseconds=0x151) [0233.939] GetCurrentThreadId () returned 0x6f4 [0233.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x10105d90, dwHighDateTime=0x1d6076d)) [0233.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x10105d90, dwHighDateTime=0x1d6076d)) [0233.940] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0234.281] GetCurrentThreadId () returned 0x6f4 [0234.282] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0234.282] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0234.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1044bbd0, dwHighDateTime=0x1d6076d)) [0234.282] Sleep (dwMilliseconds=0x151) [0234.652] GetCurrentThreadId () returned 0x6f4 [0234.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x107b7b70, dwHighDateTime=0x1d6076d)) [0234.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x107b7b70, dwHighDateTime=0x1d6076d)) [0234.652] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0235.049] GetCurrentThreadId () returned 0x6f4 [0235.049] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0235.049] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0235.049] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x10b6fdd0, dwHighDateTime=0x1d6076d)) [0235.049] Sleep (dwMilliseconds=0x151) [0235.419] GetCurrentThreadId () returned 0x6f4 [0235.419] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x10f01ed0, dwHighDateTime=0x1d6076d)) [0235.419] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x10f01ed0, dwHighDateTime=0x1d6076d)) [0235.419] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0235.763] GetCurrentThreadId () returned 0x6f4 [0235.763] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0235.763] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0235.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x11247d10, dwHighDateTime=0x1d6076d)) [0235.764] Sleep (dwMilliseconds=0x151) [0236.107] GetCurrentThreadId () returned 0x6f4 [0236.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1158db50, dwHighDateTime=0x1d6076d)) [0236.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1158db50, dwHighDateTime=0x1d6076d)) [0236.107] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0236.495] GetCurrentThreadId () returned 0x6f4 [0236.496] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0236.496] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0236.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x11945db0, dwHighDateTime=0x1d6076d)) [0236.496] Sleep (dwMilliseconds=0x151) [0236.854] GetCurrentThreadId () returned 0x6f4 [0236.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x11cb1d50, dwHighDateTime=0x1d6076d)) [0236.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x11cb1d50, dwHighDateTime=0x1d6076d)) [0236.854] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0237.228] GetCurrentThreadId () returned 0x6f4 [0237.228] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0237.228] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0237.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x11ff7b90, dwHighDateTime=0x1d6076d)) [0237.229] Sleep (dwMilliseconds=0x151) [0237.589] GetCurrentThreadId () returned 0x6f4 [0237.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.589] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0237.977] GetCurrentThreadId () returned 0x6f4 [0237.977] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0237.977] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0237.977] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x126f5c30, dwHighDateTime=0x1d6076d)) [0237.977] Sleep (dwMilliseconds=0x151) [0238.348] GetCurrentThreadId () returned 0x6f4 [0238.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x12a61bd0, dwHighDateTime=0x1d6076d)) [0238.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x12a61bd0, dwHighDateTime=0x1d6076d)) [0238.348] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0238.699] GetCurrentThreadId () returned 0x6f4 [0238.699] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0238.699] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0238.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x12dcdb70, dwHighDateTime=0x1d6076d)) [0238.699] Sleep (dwMilliseconds=0x151) [0239.069] GetCurrentThreadId () returned 0x6f4 [0239.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1315fc70, dwHighDateTime=0x1d6076d)) [0239.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1315fc70, dwHighDateTime=0x1d6076d)) [0239.069] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0240.738] GetCurrentThreadId () returned 0x6f4 [0240.738] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0240.738] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0240.738] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x134a5ab0, dwHighDateTime=0x1d6076d)) [0240.738] Sleep (dwMilliseconds=0x151) [0242.376] GetCurrentThreadId () returned 0x6f4 [0242.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x137eb8f0, dwHighDateTime=0x1d6076d)) [0242.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x137eb8f0, dwHighDateTime=0x1d6076d)) [0242.377] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0242.831] GetCurrentThreadId () returned 0x6f4 [0242.831] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0242.831] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0242.832] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x13b31730, dwHighDateTime=0x1d6076d)) [0242.832] Sleep (dwMilliseconds=0x151) [0243.174] GetCurrentThreadId () returned 0x6f4 [0243.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x13e77570, dwHighDateTime=0x1d6076d)) [0243.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x13e77570, dwHighDateTime=0x1d6076d)) [0243.174] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0243.515] GetCurrentThreadId () returned 0x6f4 [0243.515] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0243.515] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0243.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x141bd3b0, dwHighDateTime=0x1d6076d)) [0243.515] Sleep (dwMilliseconds=0x151) [0244.077] GetCurrentThreadId () returned 0x6f4 [0244.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x145031f0, dwHighDateTime=0x1d6076d)) [0244.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x145031f0, dwHighDateTime=0x1d6076d)) [0244.077] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0244.420] GetCurrentThreadId () returned 0x6f4 [0244.420] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0244.420] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0244.420] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x14849030, dwHighDateTime=0x1d6076d)) [0244.420] Sleep (dwMilliseconds=0x151) [0244.763] GetCurrentThreadId () returned 0x6f4 [0244.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x14b8ee70, dwHighDateTime=0x1d6076d)) [0244.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x14b8ee70, dwHighDateTime=0x1d6076d)) [0244.763] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0245.106] GetCurrentThreadId () returned 0x6f4 [0245.106] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0245.106] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0245.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x14ed4cb0, dwHighDateTime=0x1d6076d)) [0245.107] Sleep (dwMilliseconds=0x151) [0245.450] GetCurrentThreadId () returned 0x6f4 [0245.450] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1521aaf0, dwHighDateTime=0x1d6076d)) [0245.450] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1521aaf0, dwHighDateTime=0x1d6076d)) [0245.450] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0245.793] GetCurrentThreadId () returned 0x6f4 [0245.793] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0245.793] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0245.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x15560930, dwHighDateTime=0x1d6076d)) [0245.793] Sleep (dwMilliseconds=0x151) [0246.136] GetCurrentThreadId () returned 0x6f4 [0246.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x158a6770, dwHighDateTime=0x1d6076d)) [0246.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x158a6770, dwHighDateTime=0x1d6076d)) [0246.136] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0246.479] GetCurrentThreadId () returned 0x6f4 [0246.480] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0246.480] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0246.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x15bec5b0, dwHighDateTime=0x1d6076d)) [0246.480] Sleep (dwMilliseconds=0x151) [0246.822] GetCurrentThreadId () returned 0x6f4 [0246.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x15f323f0, dwHighDateTime=0x1d6076d)) [0246.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x15f323f0, dwHighDateTime=0x1d6076d)) [0246.823] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0247.166] GetCurrentThreadId () returned 0x6f4 [0247.166] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0247.166] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0247.166] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x16278230, dwHighDateTime=0x1d6076d)) [0247.166] Sleep (dwMilliseconds=0x151) [0247.511] GetCurrentThreadId () returned 0x6f4 [0247.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x165be070, dwHighDateTime=0x1d6076d)) [0247.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x165be070, dwHighDateTime=0x1d6076d)) [0247.511] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0247.852] GetCurrentThreadId () returned 0x6f4 [0247.852] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0247.852] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0247.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x16903eb0, dwHighDateTime=0x1d6076d)) [0247.852] Sleep (dwMilliseconds=0x151) [0248.195] GetCurrentThreadId () returned 0x6f4 [0248.195] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x16c49cf0, dwHighDateTime=0x1d6076d)) [0248.195] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x16c49cf0, dwHighDateTime=0x1d6076d)) [0248.195] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0248.538] GetCurrentThreadId () returned 0x6f4 [0248.538] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0248.538] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0248.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x16f8fb30, dwHighDateTime=0x1d6076d)) [0248.539] Sleep (dwMilliseconds=0x151) [0248.882] GetCurrentThreadId () returned 0x6f4 [0248.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x172d5970, dwHighDateTime=0x1d6076d)) [0248.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x172d5970, dwHighDateTime=0x1d6076d)) [0248.882] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0249.225] GetCurrentThreadId () returned 0x6f4 [0249.225] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0249.225] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0249.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1761b7b0, dwHighDateTime=0x1d6076d)) [0249.225] Sleep (dwMilliseconds=0x151) [0249.571] GetCurrentThreadId () returned 0x6f4 [0249.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x179615f0, dwHighDateTime=0x1d6076d)) [0249.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x179615f0, dwHighDateTime=0x1d6076d)) [0249.571] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0249.912] GetCurrentThreadId () returned 0x6f4 [0249.912] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0249.912] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0249.912] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x17ca7430, dwHighDateTime=0x1d6076d)) [0249.912] Sleep (dwMilliseconds=0x151) [0250.255] GetCurrentThreadId () returned 0x6f4 [0250.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x17fed270, dwHighDateTime=0x1d6076d)) [0250.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x17fed270, dwHighDateTime=0x1d6076d)) [0250.255] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0250.598] GetCurrentThreadId () returned 0x6f4 [0250.598] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0250.598] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0250.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x183330b0, dwHighDateTime=0x1d6076d)) [0250.598] Sleep (dwMilliseconds=0x151) [0250.962] GetCurrentThreadId () returned 0x6f4 [0250.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x18678ef0, dwHighDateTime=0x1d6076d)) [0250.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x18678ef0, dwHighDateTime=0x1d6076d)) [0250.962] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0251.323] GetCurrentThreadId () returned 0x6f4 [0251.323] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0251.323] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0251.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x189e4e90, dwHighDateTime=0x1d6076d)) [0251.323] Sleep (dwMilliseconds=0x151) [0251.658] GetCurrentThreadId () returned 0x6f4 [0251.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x18d2acd0, dwHighDateTime=0x1d6076d)) [0251.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x18d2acd0, dwHighDateTime=0x1d6076d)) [0251.658] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0252.002] GetCurrentThreadId () returned 0x6f4 [0252.002] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0252.002] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0252.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x19070b10, dwHighDateTime=0x1d6076d)) [0252.002] Sleep (dwMilliseconds=0x151) [0252.345] GetCurrentThreadId () returned 0x6f4 [0252.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x193b6950, dwHighDateTime=0x1d6076d)) [0252.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x193b6950, dwHighDateTime=0x1d6076d)) [0252.345] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0252.688] GetCurrentThreadId () returned 0x6f4 [0252.688] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0252.688] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0252.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x196fc790, dwHighDateTime=0x1d6076d)) [0252.688] Sleep (dwMilliseconds=0x151) [0253.031] GetCurrentThreadId () returned 0x6f4 [0253.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x19a425d0, dwHighDateTime=0x1d6076d)) [0253.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x19a425d0, dwHighDateTime=0x1d6076d)) [0253.031] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0253.374] GetCurrentThreadId () returned 0x6f4 [0253.374] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0253.375] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0253.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x19d88410, dwHighDateTime=0x1d6076d)) [0253.375] Sleep (dwMilliseconds=0x151) [0253.718] GetCurrentThreadId () returned 0x6f4 [0253.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1a0ce250, dwHighDateTime=0x1d6076d)) [0253.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1a0ce250, dwHighDateTime=0x1d6076d)) [0253.718] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0254.061] GetCurrentThreadId () returned 0x6f4 [0254.061] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0254.061] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0254.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1a414090, dwHighDateTime=0x1d6076d)) [0254.061] Sleep (dwMilliseconds=0x151) [0254.405] GetCurrentThreadId () returned 0x6f4 [0254.405] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1a759ed0, dwHighDateTime=0x1d6076d)) [0254.405] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1a759ed0, dwHighDateTime=0x1d6076d)) [0254.405] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0254.747] GetCurrentThreadId () returned 0x6f4 [0254.747] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0254.747] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0254.747] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1aa9fd10, dwHighDateTime=0x1d6076d)) [0254.747] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1aa9fd10, dwHighDateTime=0x1d6076d)) [0254.748] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0x16 [0254.748] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0x20 [0254.748] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x0 [0254.748] Sleep (dwMilliseconds=0x151) [0255.090] GetCurrentThreadId () returned 0x6f4 [0255.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1ade5b50, dwHighDateTime=0x1d6076d)) [0255.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1ade5b50, dwHighDateTime=0x1d6076d)) [0255.090] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0255.434] GetCurrentThreadId () returned 0x6f4 [0255.434] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0255.434] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0255.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1b12b990, dwHighDateTime=0x1d6076d)) [0255.435] Sleep (dwMilliseconds=0x151) [0255.777] GetCurrentThreadId () returned 0x6f4 [0255.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1b4717d0, dwHighDateTime=0x1d6076d)) [0255.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1b4717d0, dwHighDateTime=0x1d6076d)) [0255.777] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0256.120] GetCurrentThreadId () returned 0x6f4 [0256.120] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0256.120] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0256.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1b7b7610, dwHighDateTime=0x1d6076d)) [0256.120] Sleep (dwMilliseconds=0x151) [0256.464] GetCurrentThreadId () returned 0x6f4 [0256.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1bafd450, dwHighDateTime=0x1d6076d)) [0256.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1bafd450, dwHighDateTime=0x1d6076d)) [0256.464] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0256.806] GetCurrentThreadId () returned 0x6f4 [0256.806] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0256.806] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0256.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1be43290, dwHighDateTime=0x1d6076d)) [0256.807] Sleep (dwMilliseconds=0x151) [0257.150] GetCurrentThreadId () returned 0x6f4 [0257.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1c1890d0, dwHighDateTime=0x1d6076d)) [0257.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1c1890d0, dwHighDateTime=0x1d6076d)) [0257.150] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0258.764] GetCurrentThreadId () returned 0x6f4 [0258.764] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0258.764] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0258.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1c4cef10, dwHighDateTime=0x1d6076d)) [0258.764] Sleep (dwMilliseconds=0x151) [0259.100] GetCurrentThreadId () returned 0x6f4 [0259.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1c814d50, dwHighDateTime=0x1d6076d)) [0259.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1c814d50, dwHighDateTime=0x1d6076d)) [0259.100] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0259.859] GetCurrentThreadId () returned 0x6f4 [0259.859] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0259.859] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0259.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1cb80cf0, dwHighDateTime=0x1d6076d)) [0259.859] Sleep (dwMilliseconds=0x151) [0260.222] GetCurrentThreadId () returned 0x6f4 [0260.222] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1ceecc90, dwHighDateTime=0x1d6076d)) [0260.222] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1ceecc90, dwHighDateTime=0x1d6076d)) [0260.222] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0260.551] GetCurrentThreadId () returned 0x6f4 [0260.551] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0260.551] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0260.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1d232ad0, dwHighDateTime=0x1d6076d)) [0260.551] Sleep (dwMilliseconds=0x151) [0260.895] GetCurrentThreadId () returned 0x6f4 [0260.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1d578910, dwHighDateTime=0x1d6076d)) [0260.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1d578910, dwHighDateTime=0x1d6076d)) [0260.895] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0261.237] GetCurrentThreadId () returned 0x6f4 [0261.237] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0261.237] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0261.237] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1d8be750, dwHighDateTime=0x1d6076d)) [0261.238] Sleep (dwMilliseconds=0x151) [0261.580] GetCurrentThreadId () returned 0x6f4 [0261.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1dc04590, dwHighDateTime=0x1d6076d)) [0261.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1dc04590, dwHighDateTime=0x1d6076d)) [0261.581] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0261.941] GetCurrentThreadId () returned 0x6f4 [0261.941] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0261.941] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0261.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1df70530, dwHighDateTime=0x1d6076d)) [0261.942] Sleep (dwMilliseconds=0x151) [0262.282] GetCurrentThreadId () returned 0x6f4 [0262.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1e2b6370, dwHighDateTime=0x1d6076d)) [0262.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1e2b6370, dwHighDateTime=0x1d6076d)) [0262.282] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0262.625] GetCurrentThreadId () returned 0x6f4 [0262.625] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0262.626] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0262.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1e5fc1b0, dwHighDateTime=0x1d6076d)) [0262.626] Sleep (dwMilliseconds=0x151) [0262.969] GetCurrentThreadId () returned 0x6f4 [0262.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1e941ff0, dwHighDateTime=0x1d6076d)) [0262.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1e941ff0, dwHighDateTime=0x1d6076d)) [0262.969] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0263.312] GetCurrentThreadId () returned 0x6f4 [0263.312] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0263.312] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0263.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1ec87e30, dwHighDateTime=0x1d6076d)) [0263.312] Sleep (dwMilliseconds=0x151) [0263.655] GetCurrentThreadId () returned 0x6f4 [0263.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1efcdc70, dwHighDateTime=0x1d6076d)) [0263.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1efcdc70, dwHighDateTime=0x1d6076d)) [0263.655] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0263.998] GetCurrentThreadId () returned 0x6f4 [0263.998] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0263.999] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0263.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1f313ab0, dwHighDateTime=0x1d6076d)) [0263.999] Sleep (dwMilliseconds=0x151) [0264.341] GetCurrentThreadId () returned 0x6f4 [0264.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1f6598f0, dwHighDateTime=0x1d6076d)) [0264.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1f6598f0, dwHighDateTime=0x1d6076d)) [0264.341] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0264.685] GetCurrentThreadId () returned 0x6f4 [0264.685] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0264.685] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0264.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x1f99f730, dwHighDateTime=0x1d6076d)) [0264.685] Sleep (dwMilliseconds=0x151) [0265.076] GetCurrentThreadId () returned 0x6f4 [0265.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1fd57990, dwHighDateTime=0x1d6076d)) [0265.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x1fd57990, dwHighDateTime=0x1d6076d)) [0265.076] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0265.430] GetCurrentThreadId () returned 0x6f4 [0265.430] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0265.430] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0265.430] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x2009d7d0, dwHighDateTime=0x1d6076d)) [0265.430] Sleep (dwMilliseconds=0x151) [0265.767] GetCurrentThreadId () returned 0x6f4 [0265.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x203e3610, dwHighDateTime=0x1d6076d)) [0265.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x203e3610, dwHighDateTime=0x1d6076d)) [0265.767] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0266.104] GetCurrentThreadId () returned 0x6f4 [0266.104] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0266.104] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0266.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x20729450, dwHighDateTime=0x1d6076d)) [0266.104] Sleep (dwMilliseconds=0x151) [0266.448] GetCurrentThreadId () returned 0x6f4 [0266.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x20a6f290, dwHighDateTime=0x1d6076d)) [0266.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x20a6f290, dwHighDateTime=0x1d6076d)) [0266.448] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0266.791] GetCurrentThreadId () returned 0x6f4 [0266.791] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0266.791] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0266.791] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x20db50d0, dwHighDateTime=0x1d6076d)) [0266.791] Sleep (dwMilliseconds=0x151) [0267.134] GetCurrentThreadId () returned 0x6f4 [0267.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x210faf10, dwHighDateTime=0x1d6076d)) [0267.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x210faf10, dwHighDateTime=0x1d6076d)) [0267.134] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0267.477] GetCurrentThreadId () returned 0x6f4 [0267.477] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0267.477] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0267.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x21440d50, dwHighDateTime=0x1d6076d)) [0267.478] Sleep (dwMilliseconds=0x151) [0267.820] GetCurrentThreadId () returned 0x6f4 [0267.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x21786b90, dwHighDateTime=0x1d6076d)) [0267.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x21786b90, dwHighDateTime=0x1d6076d)) [0267.820] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0268.163] GetCurrentThreadId () returned 0x6f4 [0268.163] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0268.163] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0268.163] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x21acc9d0, dwHighDateTime=0x1d6076d)) [0268.163] Sleep (dwMilliseconds=0x151) [0268.506] GetCurrentThreadId () returned 0x6f4 [0268.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x21e12810, dwHighDateTime=0x1d6076d)) [0268.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x21e12810, dwHighDateTime=0x1d6076d)) [0268.506] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0268.850] GetCurrentThreadId () returned 0x6f4 [0268.850] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0268.850] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0268.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x22158650, dwHighDateTime=0x1d6076d)) [0268.850] Sleep (dwMilliseconds=0x151) [0269.196] GetCurrentThreadId () returned 0x6f4 [0269.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x2249e490, dwHighDateTime=0x1d6076d)) [0269.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x2249e490, dwHighDateTime=0x1d6076d)) [0269.196] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0269.536] GetCurrentThreadId () returned 0x6f4 [0269.536] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0269.536] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0269.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x227e42d0, dwHighDateTime=0x1d6076d)) [0269.537] Sleep (dwMilliseconds=0x151) [0269.879] GetCurrentThreadId () returned 0x6f4 [0269.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x22b2a110, dwHighDateTime=0x1d6076d)) [0269.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x22b2a110, dwHighDateTime=0x1d6076d)) [0269.880] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0270.223] GetCurrentThreadId () returned 0x6f4 [0270.223] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0270.223] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0270.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x22e6ff50, dwHighDateTime=0x1d6076d)) [0270.223] Sleep (dwMilliseconds=0x151) [0270.566] GetCurrentThreadId () returned 0x6f4 [0270.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x231b5d90, dwHighDateTime=0x1d6076d)) [0270.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x231b5d90, dwHighDateTime=0x1d6076d)) [0270.566] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0270.909] GetCurrentThreadId () returned 0x6f4 [0270.909] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0270.910] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0270.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x234fbbd0, dwHighDateTime=0x1d6076d)) [0270.910] Sleep (dwMilliseconds=0x151) [0271.268] GetCurrentThreadId () returned 0x6f4 [0271.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x23841a10, dwHighDateTime=0x1d6076d)) [0271.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x23841a10, dwHighDateTime=0x1d6076d)) [0271.268] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0271.611] GetCurrentThreadId () returned 0x6f4 [0271.611] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0271.611] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0271.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x23b87850, dwHighDateTime=0x1d6076d)) [0271.611] Sleep (dwMilliseconds=0x151) [0271.954] GetCurrentThreadId () returned 0x6f4 [0271.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x23ecd690, dwHighDateTime=0x1d6076d)) [0271.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x23ecd690, dwHighDateTime=0x1d6076d)) [0271.954] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0272.298] GetCurrentThreadId () returned 0x6f4 [0272.298] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0272.298] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0272.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x242134d0, dwHighDateTime=0x1d6076d)) [0272.298] Sleep (dwMilliseconds=0x151) [0272.641] GetCurrentThreadId () returned 0x6f4 [0272.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x24559310, dwHighDateTime=0x1d6076d)) [0272.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x24559310, dwHighDateTime=0x1d6076d)) [0272.641] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0272.991] GetCurrentThreadId () returned 0x6f4 [0272.991] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0272.991] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0272.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x2489f150, dwHighDateTime=0x1d6076d)) [0272.991] Sleep (dwMilliseconds=0x151) [0273.327] GetCurrentThreadId () returned 0x6f4 [0273.327] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x24be4f90, dwHighDateTime=0x1d6076d)) [0273.327] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x24be4f90, dwHighDateTime=0x1d6076d)) [0273.327] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0273.673] GetCurrentThreadId () returned 0x6f4 [0273.673] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0273.673] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0273.673] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x24f2add0, dwHighDateTime=0x1d6076d)) [0273.673] Sleep (dwMilliseconds=0x151) [0274.013] GetCurrentThreadId () returned 0x6f4 [0274.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x25270c10, dwHighDateTime=0x1d6076d)) [0274.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x25270c10, dwHighDateTime=0x1d6076d)) [0274.013] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0274.356] GetCurrentThreadId () returned 0x6f4 [0274.356] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0274.356] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0274.356] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x255b6a50, dwHighDateTime=0x1d6076d)) [0274.357] Sleep (dwMilliseconds=0x151) [0274.700] GetCurrentThreadId () returned 0x6f4 [0274.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x258fc890, dwHighDateTime=0x1d6076d)) [0274.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x258fc890, dwHighDateTime=0x1d6076d)) [0274.700] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0275.043] GetCurrentThreadId () returned 0x6f4 [0275.043] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0275.043] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0275.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x25c426d0, dwHighDateTime=0x1d6076d)) [0275.043] Sleep (dwMilliseconds=0x151) [0275.386] GetCurrentThreadId () returned 0x6f4 [0275.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x25f88510, dwHighDateTime=0x1d6076d)) [0275.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x25f88510, dwHighDateTime=0x1d6076d)) [0275.386] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0275.729] GetCurrentThreadId () returned 0x6f4 [0275.729] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0275.730] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0275.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x262ce350, dwHighDateTime=0x1d6076d)) [0275.730] Sleep (dwMilliseconds=0x151) [0276.072] GetCurrentThreadId () returned 0x6f4 [0276.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x26614190, dwHighDateTime=0x1d6076d)) [0276.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x26614190, dwHighDateTime=0x1d6076d)) [0276.072] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0276.416] GetCurrentThreadId () returned 0x6f4 [0276.416] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0276.416] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0276.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x26959fd0, dwHighDateTime=0x1d6076d)) [0276.416] Sleep (dwMilliseconds=0x151) [0276.770] GetCurrentThreadId () returned 0x6f4 [0276.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x26c9fe10, dwHighDateTime=0x1d6076d)) [0276.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x26c9fe10, dwHighDateTime=0x1d6076d)) [0276.770] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0277.112] GetCurrentThreadId () returned 0x6f4 [0277.112] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0277.112] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0277.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x26fe5c50, dwHighDateTime=0x1d6076d)) [0277.112] Sleep (dwMilliseconds=0x151) [0277.455] GetCurrentThreadId () returned 0x6f4 [0277.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x2732ba90, dwHighDateTime=0x1d6076d)) [0277.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff44 | out: lpSystemTimeAsFileTime=0x4d0ff44*(dwLowDateTime=0x2732ba90, dwHighDateTime=0x1d6076d)) [0277.455] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x151) returned 0x102 [0277.808] GetCurrentThreadId () returned 0x6f4 [0277.808] FindWindowA (lpClassName=0x0, lpWindowName="YMIIsQMA.exe") returned 0x0 [0277.808] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0277.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d0ff78 | out: lpSystemTimeAsFileTime=0x4d0ff78*(dwLowDateTime=0x27697a30, dwHighDateTime=0x1d6076d)) [0277.808] Sleep (dwMilliseconds=0x151) Thread: id = 387 os_tid = 0x6f8 [0173.386] GetCurrentThreadId () returned 0x6f8 [0173.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff34 | out: lpSystemTimeAsFileTime=0x4e4ff34*(dwLowDateTime=0xedf1f5c0, dwHighDateTime=0x1d6076c)) [0173.416] GetCurrentThreadId () returned 0x6f8 [0173.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff64 | out: lpSystemTimeAsFileTime=0x4e4ff64*(dwLowDateTime=0xedf689a0, dwHighDateTime=0x1d6076c)) [0173.462] Sleep (dwMilliseconds=0x20eb) [0182.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff78 | out: lpSystemTimeAsFileTime=0x4e4ff78*(dwLowDateTime=0xf308d8d0, dwHighDateTime=0x1d6076c)) [0182.178] GetCurrentThreadId () returned 0x6f8 [0182.178] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0182.178] ReleaseMutex (hMutex=0x158) returned 1 [0182.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff50 | out: lpSystemTimeAsFileTime=0x4e4ff50*(dwLowDateTime=0xf308d8d0, dwHighDateTime=0x1d6076c)) [0182.178] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0x32) returned 0x0 [0182.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff50 | out: lpSystemTimeAsFileTime=0x4e4ff50*(dwLowDateTime=0xf308d8d0, dwHighDateTime=0x1d6076c)) [0182.178] GetCurrentThreadId () returned 0x6f8 [0182.185] CreateFileW (lpFileName="C:\\ProgramData\\vgYI.txt" (normalized: "c:\\programdata\\vgyi.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0182.275] SetFilePointer (in: hFile=0x23c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb0 [0182.276] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x5210000 [0182.276] GetCurrentThreadId () returned 0x6f8 [0182.276] VirtualAlloc (lpAddress=0x0, dwSize=0x1e00000, flAllocationType=0x3000, flProtect=0x40) returned 0x56a0000 [0182.278] GetCurrentThreadId () returned 0x6f8 [0182.278] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x5220000 [0182.279] GetCurrentThreadId () returned 0x6f8 [0182.279] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x5360000 [0182.282] GetCurrentThreadId () returned 0x6f8 [0182.282] GetCurrentThreadId () returned 0x6f8 [0182.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff3c | out: lpSystemTimeAsFileTime=0x4e4ff3c*(dwLowDateTime=0xf3172110, dwHighDateTime=0x1d6076c)) [0182.283] VirtualAlloc (lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x40) returned 0x5240000 [0182.283] GetCurrentThreadId () returned 0x6f8 [0182.283] GetLogicalDriveStringsW (in: nBufferLength=0x800, lpBuffer=0x5210000 | out: lpBuffer="C:\\") returned 0x4 [0182.287] GetCurrentThreadId () returned 0x6f8 [0182.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3198270, dwHighDateTime=0x1d6076c)) [0182.287] GetCurrentThreadId () returned 0x6f8 [0182.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3198270, dwHighDateTime=0x1d6076c)) [0182.288] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x5f5448 [0182.311] GetCurrentThreadId () returned 0x6f8 [0182.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.311] GetCurrentThreadId () returned 0x6f8 [0182.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.311] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f5488 [0182.311] GetCurrentThreadId () returned 0x6f8 [0182.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.312] FindNextFileW (in: hFindFile=0x5f5488, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.312] GetCurrentThreadId () returned 0x6f8 [0182.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.312] FindNextFileW (in: hFindFile=0x5f5488, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0182.312] GetCurrentThreadId () returned 0x6f8 [0182.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.312] GetCurrentThreadId () returned 0x6f8 [0182.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.312] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f64d0 [0182.312] GetCurrentThreadId () returned 0x6f8 [0182.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.312] FindNextFileW (in: hFindFile=0x5f64d0, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.312] GetCurrentThreadId () returned 0x6f8 [0182.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.313] FindNextFileW (in: hFindFile=0x5f64d0, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0182.313] GetCurrentThreadId () returned 0x6f8 [0182.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.313] FindNextFileW (in: hFindFile=0x5f64d0, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0182.313] GetCurrentThreadId () returned 0x6f8 [0182.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.313] FindNextFileW (in: hFindFile=0x5f5488, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0182.313] GetCurrentThreadId () returned 0x6f8 [0182.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.313] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0182.313] GetCurrentThreadId () returned 0x6f8 [0182.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.313] GetCurrentThreadId () returned 0x6f8 [0182.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.313] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8520 [0182.314] GetCurrentThreadId () returned 0x6f8 [0182.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.314] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.314] GetCurrentThreadId () returned 0x6f8 [0182.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.314] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0182.314] GetCurrentThreadId () returned 0x6f8 [0182.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.314] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0182.314] GetCurrentThreadId () returned 0x6f8 [0182.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.314] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0182.314] GetCurrentThreadId () returned 0x6f8 [0182.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.314] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0182.314] GetCurrentThreadId () returned 0x6f8 [0182.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.315] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0182.315] GetCurrentThreadId () returned 0x6f8 [0182.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.315] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0182.315] GetCurrentThreadId () returned 0x6f8 [0182.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.315] GetCurrentThreadId () returned 0x6f8 [0182.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf31be3d0, dwHighDateTime=0x1d6076c)) [0182.315] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f9568 [0182.334] GetCurrentThreadId () returned 0x6f8 [0182.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.334] FindNextFileW (in: hFindFile=0x5f9568, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.335] GetCurrentThreadId () returned 0x6f8 [0182.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.335] FindNextFileW (in: hFindFile=0x5f9568, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.335] GetCurrentThreadId () returned 0x6f8 [0182.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.335] FindNextFileW (in: hFindFile=0x5f9568, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.335] GetCurrentThreadId () returned 0x6f8 [0182.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.335] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0182.335] GetCurrentThreadId () returned 0x6f8 [0182.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.335] GetCurrentThreadId () returned 0x6f8 [0182.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.335] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fa5b0 [0182.336] GetCurrentThreadId () returned 0x6f8 [0182.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.336] FindNextFileW (in: hFindFile=0x5fa5b0, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.336] GetCurrentThreadId () returned 0x6f8 [0182.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.336] FindNextFileW (in: hFindFile=0x5fa5b0, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.336] GetCurrentThreadId () returned 0x6f8 [0182.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.336] FindNextFileW (in: hFindFile=0x5fa5b0, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.336] GetCurrentThreadId () returned 0x6f8 [0182.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.336] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0182.336] GetCurrentThreadId () returned 0x6f8 [0182.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.337] GetCurrentThreadId () returned 0x6f8 [0182.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf320a690, dwHighDateTime=0x1d6076c)) [0182.337] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fb5f8 [0182.385] GetCurrentThreadId () returned 0x6f8 [0182.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf327cab0, dwHighDateTime=0x1d6076c)) [0182.385] FindNextFileW (in: hFindFile=0x5fb5f8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.386] GetCurrentThreadId () returned 0x6f8 [0182.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf327cab0, dwHighDateTime=0x1d6076c)) [0182.389] FindNextFileW (in: hFindFile=0x5fb5f8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.389] GetCurrentThreadId () returned 0x6f8 [0182.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf327cab0, dwHighDateTime=0x1d6076c)) [0182.389] FindNextFileW (in: hFindFile=0x5fb5f8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.389] GetCurrentThreadId () returned 0x6f8 [0182.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf327cab0, dwHighDateTime=0x1d6076c)) [0182.389] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0182.389] GetCurrentThreadId () returned 0x6f8 [0182.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf327cab0, dwHighDateTime=0x1d6076c)) [0182.390] GetCurrentThreadId () returned 0x6f8 [0182.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf327cab0, dwHighDateTime=0x1d6076c)) [0182.390] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fc640 [0182.395] GetCurrentThreadId () returned 0x6f8 [0182.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32a2c10, dwHighDateTime=0x1d6076c)) [0182.395] FindNextFileW (in: hFindFile=0x5fc640, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.395] GetCurrentThreadId () returned 0x6f8 [0182.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32a2c10, dwHighDateTime=0x1d6076c)) [0182.395] FindNextFileW (in: hFindFile=0x5fc640, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.395] GetCurrentThreadId () returned 0x6f8 [0182.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32a2c10, dwHighDateTime=0x1d6076c)) [0182.395] FindNextFileW (in: hFindFile=0x5fc640, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.395] GetCurrentThreadId () returned 0x6f8 [0182.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf32a2c10, dwHighDateTime=0x1d6076c)) [0182.396] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0182.396] GetCurrentThreadId () returned 0x6f8 [0182.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32a2c10, dwHighDateTime=0x1d6076c)) [0182.396] GetCurrentThreadId () returned 0x6f8 [0182.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32a2c10, dwHighDateTime=0x1d6076c)) [0182.397] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fd688 [0182.416] GetCurrentThreadId () returned 0x6f8 [0182.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32c8d70, dwHighDateTime=0x1d6076c)) [0182.416] FindNextFileW (in: hFindFile=0x5fd688, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.416] GetCurrentThreadId () returned 0x6f8 [0182.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32c8d70, dwHighDateTime=0x1d6076c)) [0182.416] FindNextFileW (in: hFindFile=0x5fd688, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.417] GetCurrentThreadId () returned 0x6f8 [0182.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32c8d70, dwHighDateTime=0x1d6076c)) [0182.417] FindNextFileW (in: hFindFile=0x5fd688, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0182.417] GetCurrentThreadId () returned 0x6f8 [0182.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32c8d70, dwHighDateTime=0x1d6076c)) [0182.417] FindNextFileW (in: hFindFile=0x5fd688, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0182.417] GetCurrentThreadId () returned 0x6f8 [0182.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf32c8d70, dwHighDateTime=0x1d6076c)) [0182.417] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0182.417] GetCurrentThreadId () returned 0x6f8 [0182.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32c8d70, dwHighDateTime=0x1d6076c)) [0182.417] GetCurrentThreadId () returned 0x6f8 [0182.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf32c8d70, dwHighDateTime=0x1d6076c)) [0182.417] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe6e8 [0182.443] GetCurrentThreadId () returned 0x6f8 [0182.443] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.443] FindNextFileW (in: hFindFile=0x5fe6e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.444] GetCurrentThreadId () returned 0x6f8 [0182.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.444] FindNextFileW (in: hFindFile=0x5fe6e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.444] GetCurrentThreadId () returned 0x6f8 [0182.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.444] FindNextFileW (in: hFindFile=0x5fe6e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.444] GetCurrentThreadId () returned 0x6f8 [0182.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.444] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0182.445] GetCurrentThreadId () returned 0x6f8 [0182.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.445] GetCurrentThreadId () returned 0x6f8 [0182.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.445] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe728 [0182.445] GetCurrentThreadId () returned 0x6f8 [0182.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.445] FindNextFileW (in: hFindFile=0x5fe728, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.445] GetCurrentThreadId () returned 0x6f8 [0182.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.445] FindNextFileW (in: hFindFile=0x5fe728, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.445] GetCurrentThreadId () returned 0x6f8 [0182.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.445] FindNextFileW (in: hFindFile=0x5fe728, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.445] GetCurrentThreadId () returned 0x6f8 [0182.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.446] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0182.446] GetCurrentThreadId () returned 0x6f8 [0182.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.446] GetCurrentThreadId () returned 0x6f8 [0182.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3315030, dwHighDateTime=0x1d6076c)) [0182.446] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe768 [0182.463] GetCurrentThreadId () returned 0x6f8 [0182.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.463] FindNextFileW (in: hFindFile=0x5fe768, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.463] GetCurrentThreadId () returned 0x6f8 [0182.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.463] FindNextFileW (in: hFindFile=0x5fe768, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0182.464] GetCurrentThreadId () returned 0x6f8 [0182.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.464] FindNextFileW (in: hFindFile=0x5fe768, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0182.464] GetCurrentThreadId () returned 0x6f8 [0182.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.464] FindNextFileW (in: hFindFile=0x5fe768, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0182.464] GetCurrentThreadId () returned 0x6f8 [0182.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.464] FindNextFileW (in: hFindFile=0x5fe768, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0182.464] GetCurrentThreadId () returned 0x6f8 [0182.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.464] FindNextFileW (in: hFindFile=0x5fe768, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0182.464] GetCurrentThreadId () returned 0x6f8 [0182.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.464] FindNextFileW (in: hFindFile=0x5fe768, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0182.464] GetCurrentThreadId () returned 0x6f8 [0182.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.464] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0182.464] GetCurrentThreadId () returned 0x6f8 [0182.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.465] GetCurrentThreadId () returned 0x6f8 [0182.465] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.465] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe7a8 [0182.467] GetCurrentThreadId () returned 0x6f8 [0182.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.467] FindNextFileW (in: hFindFile=0x5fe7a8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.467] GetCurrentThreadId () returned 0x6f8 [0182.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.467] FindNextFileW (in: hFindFile=0x5fe7a8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.467] GetCurrentThreadId () returned 0x6f8 [0182.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.467] FindNextFileW (in: hFindFile=0x5fe7a8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.467] GetCurrentThreadId () returned 0x6f8 [0182.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.467] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0182.467] GetCurrentThreadId () returned 0x6f8 [0182.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.467] GetCurrentThreadId () returned 0x6f8 [0182.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.467] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe7e8 [0182.468] GetCurrentThreadId () returned 0x6f8 [0182.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.468] FindNextFileW (in: hFindFile=0x5fe7e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.468] GetCurrentThreadId () returned 0x6f8 [0182.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.468] FindNextFileW (in: hFindFile=0x5fe7e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.468] GetCurrentThreadId () returned 0x6f8 [0182.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.469] FindNextFileW (in: hFindFile=0x5fe7e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.469] GetCurrentThreadId () returned 0x6f8 [0182.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.469] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0182.469] GetCurrentThreadId () returned 0x6f8 [0182.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.469] GetCurrentThreadId () returned 0x6f8 [0182.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.469] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe828 [0182.472] GetCurrentThreadId () returned 0x6f8 [0182.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf333b190, dwHighDateTime=0x1d6076c)) [0182.472] FindNextFileW (in: hFindFile=0x5fe828, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.472] GetCurrentThreadId () returned 0x6f8 [0182.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.472] FindNextFileW (in: hFindFile=0x5fe828, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.473] GetCurrentThreadId () returned 0x6f8 [0182.473] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.473] FindNextFileW (in: hFindFile=0x5fe828, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.473] GetCurrentThreadId () returned 0x6f8 [0182.473] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.473] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0182.473] GetCurrentThreadId () returned 0x6f8 [0182.473] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.473] GetCurrentThreadId () returned 0x6f8 [0182.473] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.473] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe868 [0182.473] GetCurrentThreadId () returned 0x6f8 [0182.473] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.473] FindNextFileW (in: hFindFile=0x5fe868, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.474] GetCurrentThreadId () returned 0x6f8 [0182.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.474] FindNextFileW (in: hFindFile=0x5fe868, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.474] GetCurrentThreadId () returned 0x6f8 [0182.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.474] FindNextFileW (in: hFindFile=0x5fe868, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.474] GetCurrentThreadId () returned 0x6f8 [0182.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.474] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0182.474] GetCurrentThreadId () returned 0x6f8 [0182.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.474] GetCurrentThreadId () returned 0x6f8 [0182.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.475] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe8a8 [0182.478] GetCurrentThreadId () returned 0x6f8 [0182.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.478] FindNextFileW (in: hFindFile=0x5fe8a8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.478] GetCurrentThreadId () returned 0x6f8 [0182.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.478] FindNextFileW (in: hFindFile=0x5fe8a8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.478] GetCurrentThreadId () returned 0x6f8 [0182.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.478] FindNextFileW (in: hFindFile=0x5fe8a8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.478] GetCurrentThreadId () returned 0x6f8 [0182.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.478] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0182.478] GetCurrentThreadId () returned 0x6f8 [0182.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f73c | out: lpSystemTimeAsFileTime=0x4e4f73c*(dwLowDateTime=0xf33612f0, dwHighDateTime=0x1d6076c)) [0182.482] GetFileAttributesW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe")) returned 0x20 [0182.509] SetFileAttributesW (lpFileName="C:\\Boot\\memtest.exe", dwFileAttributes=0x80) returned 0 [0182.509] CreateFileW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0182.509] GetFileSize (in: hFile=0x284, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x76980 [0183.219] ReadFile (in: hFile=0x284, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x76980, lpNumberOfBytesRead=0x4e4f714, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f714*=0x76980, lpOverlapped=0x0) returned 1 [0183.437] GetCurrentThreadId () returned 0x6f8 [0183.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f69c | out: lpSystemTimeAsFileTime=0x4e4f69c*(dwLowDateTime=0xf3c746d0, dwHighDateTime=0x1d6076c)) [0183.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f69c | out: lpSystemTimeAsFileTime=0x4e4f69c*(dwLowDateTime=0xf3c746d0, dwHighDateTime=0x1d6076c)) [0183.440] GetCurrentThreadId () returned 0x6f8 [0183.444] ExtractIconExW (in: lpszFile="C:\\Boot\\memtest.exe", nIconIndex=0, phiconLarge=0x4e4f704, phiconSmall=0x4e4f700, nIcons=0x1 | out: phiconLarge=0x4e4f704, phiconSmall=0x4e4f700) returned 0x0 [0183.559] CloseHandle (hObject=0x284) returned 1 [0183.559] SetFileAttributesW (lpFileName="C:\\Boot\\memtest.exe", dwFileAttributes=0x20) returned 0 [0183.560] CloseHandle (hObject=0x4e4fa3c) returned 0 [0183.560] GetCurrentThreadId () returned 0x6f8 [0183.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f714 | out: lpSystemTimeAsFileTime=0x4e4f714*(dwLowDateTime=0xf3da51d0, dwHighDateTime=0x1d6076c)) [0183.560] GetCurrentThreadId () returned 0x6f8 [0183.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3da51d0, dwHighDateTime=0x1d6076c)) [0183.560] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0183.560] GetCurrentThreadId () returned 0x6f8 [0183.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3da51d0, dwHighDateTime=0x1d6076c)) [0183.560] GetCurrentThreadId () returned 0x6f8 [0183.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3da51d0, dwHighDateTime=0x1d6076c)) [0183.560] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe8e8 [0183.561] GetCurrentThreadId () returned 0x6f8 [0183.561] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3da51d0, dwHighDateTime=0x1d6076c)) [0183.561] FindNextFileW (in: hFindFile=0x5fe8e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.562] GetCurrentThreadId () returned 0x6f8 [0183.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3da51d0, dwHighDateTime=0x1d6076c)) [0183.562] FindNextFileW (in: hFindFile=0x5fe8e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.562] GetCurrentThreadId () returned 0x6f8 [0183.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3da51d0, dwHighDateTime=0x1d6076c)) [0183.562] FindNextFileW (in: hFindFile=0x5fe8e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.562] GetCurrentThreadId () returned 0x6f8 [0183.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3da51d0, dwHighDateTime=0x1d6076c)) [0183.563] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0183.563] GetCurrentThreadId () returned 0x6f8 [0183.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3da51d0, dwHighDateTime=0x1d6076c)) [0183.563] GetCurrentThreadId () returned 0x6f8 [0183.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3da51d0, dwHighDateTime=0x1d6076c)) [0183.563] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe928 [0183.565] GetCurrentThreadId () returned 0x6f8 [0183.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.565] FindNextFileW (in: hFindFile=0x5fe928, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.566] GetCurrentThreadId () returned 0x6f8 [0183.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.566] FindNextFileW (in: hFindFile=0x5fe928, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.566] GetCurrentThreadId () returned 0x6f8 [0183.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.566] FindNextFileW (in: hFindFile=0x5fe928, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.566] GetCurrentThreadId () returned 0x6f8 [0183.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.566] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0183.566] GetCurrentThreadId () returned 0x6f8 [0183.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.566] GetCurrentThreadId () returned 0x6f8 [0183.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.566] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe968 [0183.566] GetCurrentThreadId () returned 0x6f8 [0183.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.567] FindNextFileW (in: hFindFile=0x5fe968, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.567] GetCurrentThreadId () returned 0x6f8 [0183.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.567] FindNextFileW (in: hFindFile=0x5fe968, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.567] GetCurrentThreadId () returned 0x6f8 [0183.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.567] FindNextFileW (in: hFindFile=0x5fe968, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.567] GetCurrentThreadId () returned 0x6f8 [0183.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.567] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0183.567] GetCurrentThreadId () returned 0x6f8 [0183.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.567] GetCurrentThreadId () returned 0x6f8 [0183.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.567] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe9a8 [0183.570] GetCurrentThreadId () returned 0x6f8 [0183.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.570] FindNextFileW (in: hFindFile=0x5fe9a8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.571] GetCurrentThreadId () returned 0x6f8 [0183.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.571] FindNextFileW (in: hFindFile=0x5fe9a8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.571] GetCurrentThreadId () returned 0x6f8 [0183.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.571] FindNextFileW (in: hFindFile=0x5fe9a8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.571] GetCurrentThreadId () returned 0x6f8 [0183.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.571] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0183.571] GetCurrentThreadId () returned 0x6f8 [0183.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.571] GetCurrentThreadId () returned 0x6f8 [0183.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.571] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fe9e8 [0183.572] GetCurrentThreadId () returned 0x6f8 [0183.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.572] FindNextFileW (in: hFindFile=0x5fe9e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.572] GetCurrentThreadId () returned 0x6f8 [0183.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.572] FindNextFileW (in: hFindFile=0x5fe9e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.572] GetCurrentThreadId () returned 0x6f8 [0183.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.572] FindNextFileW (in: hFindFile=0x5fe9e8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.572] GetCurrentThreadId () returned 0x6f8 [0183.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.572] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0183.573] GetCurrentThreadId () returned 0x6f8 [0183.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.573] GetCurrentThreadId () returned 0x6f8 [0183.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.573] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fea28 [0183.575] GetCurrentThreadId () returned 0x6f8 [0183.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.575] FindNextFileW (in: hFindFile=0x5fea28, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.575] GetCurrentThreadId () returned 0x6f8 [0183.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.575] FindNextFileW (in: hFindFile=0x5fea28, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.575] GetCurrentThreadId () returned 0x6f8 [0183.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.575] FindNextFileW (in: hFindFile=0x5fea28, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.575] GetCurrentThreadId () returned 0x6f8 [0183.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.575] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0183.576] GetCurrentThreadId () returned 0x6f8 [0183.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.576] GetCurrentThreadId () returned 0x6f8 [0183.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.576] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fea68 [0183.576] GetCurrentThreadId () returned 0x6f8 [0183.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.576] FindNextFileW (in: hFindFile=0x5fea68, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.576] GetCurrentThreadId () returned 0x6f8 [0183.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.576] FindNextFileW (in: hFindFile=0x5fea68, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.576] GetCurrentThreadId () returned 0x6f8 [0183.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.576] FindNextFileW (in: hFindFile=0x5fea68, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.576] GetCurrentThreadId () returned 0x6f8 [0183.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.576] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0183.577] GetCurrentThreadId () returned 0x6f8 [0183.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.577] GetCurrentThreadId () returned 0x6f8 [0183.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.577] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5feaa8 [0183.579] GetCurrentThreadId () returned 0x6f8 [0183.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.579] FindNextFileW (in: hFindFile=0x5feaa8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.579] GetCurrentThreadId () returned 0x6f8 [0183.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.579] FindNextFileW (in: hFindFile=0x5feaa8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.579] GetCurrentThreadId () returned 0x6f8 [0183.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.579] FindNextFileW (in: hFindFile=0x5feaa8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.579] GetCurrentThreadId () returned 0x6f8 [0183.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.579] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0183.580] GetCurrentThreadId () returned 0x6f8 [0183.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3dcb330, dwHighDateTime=0x1d6076c)) [0183.580] GetCurrentThreadId () returned 0x6f8 [0183.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.580] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5feae8 [0183.580] GetCurrentThreadId () returned 0x6f8 [0183.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.580] FindNextFileW (in: hFindFile=0x5feae8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.580] GetCurrentThreadId () returned 0x6f8 [0183.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.580] FindNextFileW (in: hFindFile=0x5feae8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.581] GetCurrentThreadId () returned 0x6f8 [0183.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.581] FindNextFileW (in: hFindFile=0x5feae8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.581] GetCurrentThreadId () returned 0x6f8 [0183.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.581] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0183.581] GetCurrentThreadId () returned 0x6f8 [0183.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.581] GetCurrentThreadId () returned 0x6f8 [0183.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.581] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5feb28 [0183.583] GetCurrentThreadId () returned 0x6f8 [0183.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.583] FindNextFileW (in: hFindFile=0x5feb28, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.583] GetCurrentThreadId () returned 0x6f8 [0183.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.583] FindNextFileW (in: hFindFile=0x5feb28, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.583] GetCurrentThreadId () returned 0x6f8 [0183.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.583] FindNextFileW (in: hFindFile=0x5feb28, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.583] GetCurrentThreadId () returned 0x6f8 [0183.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.583] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0183.583] GetCurrentThreadId () returned 0x6f8 [0183.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.583] GetCurrentThreadId () returned 0x6f8 [0183.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.583] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5feb68 [0183.584] GetCurrentThreadId () returned 0x6f8 [0183.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.584] FindNextFileW (in: hFindFile=0x5feb68, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.584] GetCurrentThreadId () returned 0x6f8 [0183.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.584] FindNextFileW (in: hFindFile=0x5feb68, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0183.584] GetCurrentThreadId () returned 0x6f8 [0183.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.584] FindNextFileW (in: hFindFile=0x5feb68, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0183.584] GetCurrentThreadId () returned 0x6f8 [0183.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.584] FindNextFileW (in: hFindFile=0x5f8520, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0183.584] GetCurrentThreadId () returned 0x6f8 [0183.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.584] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0183.584] GetCurrentThreadId () returned 0x6f8 [0183.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.585] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0183.585] GetCurrentThreadId () returned 0x6f8 [0183.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.585] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0183.585] GetCurrentThreadId () returned 0x6f8 [0183.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.585] GetCurrentThreadId () returned 0x6f8 [0183.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.585] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0183.585] GetCurrentThreadId () returned 0x6f8 [0183.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.585] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0183.586] GetCurrentThreadId () returned 0x6f8 [0183.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.586] GetCurrentThreadId () returned 0x6f8 [0183.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.586] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0183.586] GetCurrentThreadId () returned 0x6f8 [0183.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.586] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xe1863620, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0183.586] GetCurrentThreadId () returned 0x6f8 [0183.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.586] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0183.587] GetCurrentThreadId () returned 0x6f8 [0183.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.587] GetCurrentThreadId () returned 0x6f8 [0183.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.587] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0183.587] GetCurrentThreadId () returned 0x6f8 [0183.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.587] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xe0f50240, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0183.587] GetCurrentThreadId () returned 0x6f8 [0183.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.587] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0183.587] GetCurrentThreadId () returned 0x6f8 [0183.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.587] GetCurrentThreadId () returned 0x6f8 [0183.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.588] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0183.588] GetCurrentThreadId () returned 0x6f8 [0183.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.588] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe1a6a920, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1a6a920, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0183.588] GetCurrentThreadId () returned 0x6f8 [0183.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.588] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0183.588] GetCurrentThreadId () returned 0x6f8 [0183.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.588] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa747c7d0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa747c7d0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0183.588] GetCurrentThreadId () returned 0x6f8 [0183.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.588] GetCurrentThreadId () returned 0x6f8 [0183.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.588] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa747c7d0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa747c7d0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5feba8 [0183.589] GetCurrentThreadId () returned 0x6f8 [0183.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.589] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa747c7d0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa747c7d0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.589] GetCurrentThreadId () returned 0x6f8 [0183.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.589] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0183.589] GetCurrentThreadId () returned 0x6f8 [0183.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.589] GetCurrentThreadId () returned 0x6f8 [0183.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3df1490, dwHighDateTime=0x1d6076c)) [0183.589] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5febe8 [0183.661] GetCurrentThreadId () returned 0x6f8 [0183.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.661] FindNextFileW (in: hFindFile=0x5febe8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.661] GetCurrentThreadId () returned 0x6f8 [0183.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.661] FindNextFileW (in: hFindFile=0x5febe8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0183.662] GetCurrentThreadId () returned 0x6f8 [0183.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.662] GetCurrentThreadId () returned 0x6f8 [0183.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.662] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fec28 [0183.662] GetCurrentThreadId () returned 0x6f8 [0183.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.662] FindNextFileW (in: hFindFile=0x5fec28, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.662] GetCurrentThreadId () returned 0x6f8 [0183.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.662] FindNextFileW (in: hFindFile=0x5fec28, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0183.663] GetCurrentThreadId () returned 0x6f8 [0183.663] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.663] GetCurrentThreadId () returned 0x6f8 [0183.663] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.663] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fec68 [0183.663] GetCurrentThreadId () returned 0x6f8 [0183.663] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.663] FindNextFileW (in: hFindFile=0x5fec68, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.663] GetCurrentThreadId () returned 0x6f8 [0183.663] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.663] FindNextFileW (in: hFindFile=0x5fec68, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0183.663] GetCurrentThreadId () returned 0x6f8 [0183.663] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.664] GetCurrentThreadId () returned 0x6f8 [0183.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf3eafb70, dwHighDateTime=0x1d6076c)) [0183.664] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5feca8 [0183.699] GetCurrentThreadId () returned 0x6f8 [0183.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf3efbe30, dwHighDateTime=0x1d6076c)) [0183.701] FindNextFileW (in: hFindFile=0x5feca8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.703] GetCurrentThreadId () returned 0x6f8 [0183.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf3efbe30, dwHighDateTime=0x1d6076c)) [0183.704] FindNextFileW (in: hFindFile=0x5feca8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0183.708] GetCurrentThreadId () returned 0x6f8 [0183.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf3f21f90, dwHighDateTime=0x1d6076c)) [0183.709] GetCurrentThreadId () returned 0x6f8 [0183.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf3f21f90, dwHighDateTime=0x1d6076c)) [0183.710] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fece8 [0183.722] GetCurrentThreadId () returned 0x6f8 [0183.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf3f480f0, dwHighDateTime=0x1d6076c)) [0183.722] FindNextFileW (in: hFindFile=0x5fece8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.722] GetCurrentThreadId () returned 0x6f8 [0183.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf3f480f0, dwHighDateTime=0x1d6076c)) [0183.722] FindNextFileW (in: hFindFile=0x5fece8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 1 [0183.722] GetCurrentThreadId () returned 0x6f8 [0183.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf3f480f0, dwHighDateTime=0x1d6076c)) [0183.722] FindNextFileW (in: hFindFile=0x5fece8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 0 [0183.722] GetCurrentThreadId () returned 0x6f8 [0183.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf3f480f0, dwHighDateTime=0x1d6076c)) [0183.723] FindNextFileW (in: hFindFile=0x5feca8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 0 [0183.723] GetCurrentThreadId () returned 0x6f8 [0183.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf3f480f0, dwHighDateTime=0x1d6076c)) [0183.723] FindNextFileW (in: hFindFile=0x5fec68, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 0 [0183.723] GetCurrentThreadId () returned 0x6f8 [0183.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf3f480f0, dwHighDateTime=0x1d6076c)) [0183.723] FindNextFileW (in: hFindFile=0x5fec28, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 0 [0183.723] GetCurrentThreadId () returned 0x6f8 [0183.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf3f480f0, dwHighDateTime=0x1d6076c)) [0183.723] FindNextFileW (in: hFindFile=0x5febe8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1 [0183.723] GetCurrentThreadId () returned 0x6f8 [0183.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf3f480f0, dwHighDateTime=0x1d6076c)) [0183.723] GetCurrentThreadId () returned 0x6f8 [0183.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf3f480f0, dwHighDateTime=0x1d6076c)) [0183.723] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fed28 [0183.795] GetCurrentThreadId () returned 0x6f8 [0183.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf3fe0670, dwHighDateTime=0x1d6076c)) [0183.796] FindNextFileW (in: hFindFile=0x5fed28, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.800] GetCurrentThreadId () returned 0x6f8 [0183.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf40067d0, dwHighDateTime=0x1d6076c)) [0183.801] FindNextFileW (in: hFindFile=0x5fed28, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0183.802] GetCurrentThreadId () returned 0x6f8 [0183.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40067d0, dwHighDateTime=0x1d6076c)) [0183.803] GetCurrentThreadId () returned 0x6f8 [0183.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40067d0, dwHighDateTime=0x1d6076c)) [0183.803] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fed68 [0183.891] GetCurrentThreadId () returned 0x6f8 [0183.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40c4eb0, dwHighDateTime=0x1d6076c)) [0183.891] FindNextFileW (in: hFindFile=0x5fed68, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.891] GetCurrentThreadId () returned 0x6f8 [0183.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40c4eb0, dwHighDateTime=0x1d6076c)) [0183.891] FindNextFileW (in: hFindFile=0x5fed68, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x7e186d00, ftLastWriteTime.dwHighDateTime=0x1cfb543, nFileSizeHigh=0x0, nFileSizeLow=0x3d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrSecUpd10111.msp", cAlternateFileName="ADBERD~2.MSP")) returned 1 [0183.891] GetCurrentThreadId () returned 0x6f8 [0183.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40c4eb0, dwHighDateTime=0x1d6076c)) [0183.891] FindNextFileW (in: hFindFile=0x5fed68, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10110_MUI.msp", cAlternateFileName="ADBERD~1.MSP")) returned 1 [0183.891] GetCurrentThreadId () returned 0x6f8 [0183.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40c4eb0, dwHighDateTime=0x1d6076c)) [0183.891] FindNextFileW (in: hFindFile=0x5fed68, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 1 [0183.891] GetCurrentThreadId () returned 0x6f8 [0183.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40c4eb0, dwHighDateTime=0x1d6076c)) [0183.892] FindNextFileW (in: hFindFile=0x5fed68, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 0 [0183.892] GetCurrentThreadId () returned 0x6f8 [0183.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf40c4eb0, dwHighDateTime=0x1d6076c)) [0183.892] FindNextFileW (in: hFindFile=0x5fed28, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 0 [0183.892] GetCurrentThreadId () returned 0x6f8 [0183.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.892] FindNextFileW (in: hFindFile=0x5febe8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 0 [0183.892] GetCurrentThreadId () returned 0x6f8 [0183.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.892] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0183.892] GetCurrentThreadId () returned 0x6f8 [0183.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.893] GetCurrentThreadId () returned 0x6f8 [0183.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.893] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Application Data\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0183.893] GetCurrentThreadId () returned 0x6f8 [0183.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.893] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0183.893] GetCurrentThreadId () returned 0x6f8 [0183.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.893] GetCurrentThreadId () returned 0x6f8 [0183.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.893] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Desktop\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0183.894] GetCurrentThreadId () returned 0x6f8 [0183.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.894] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0183.894] GetCurrentThreadId () returned 0x6f8 [0183.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.894] GetCurrentThreadId () returned 0x6f8 [0183.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.894] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Documents\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0183.894] GetCurrentThreadId () returned 0x6f8 [0183.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.894] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0183.894] GetCurrentThreadId () returned 0x6f8 [0183.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.894] GetCurrentThreadId () returned 0x6f8 [0183.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.894] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Favorites\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0183.895] GetCurrentThreadId () returned 0x6f8 [0183.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.895] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xa17ccf30, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0xa2e6a030, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa2e6a030, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GSogosQc", cAlternateFileName="")) returned 1 [0183.895] GetCurrentThreadId () returned 0x6f8 [0183.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.895] GetCurrentThreadId () returned 0x6f8 [0183.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.895] FindFirstFileW (in: lpFileName="C:\\ProgramData\\GSogosQc\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0183.895] GetCurrentThreadId () returned 0x6f8 [0183.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.895] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0183.895] GetCurrentThreadId () returned 0x6f8 [0183.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.895] GetCurrentThreadId () returned 0x6f8 [0183.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.895] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5feda8 [0183.896] GetCurrentThreadId () returned 0x6f8 [0183.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.896] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.896] GetCurrentThreadId () returned 0x6f8 [0183.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.896] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Assistance", cAlternateFileName="ASSIST~1")) returned 1 [0183.896] GetCurrentThreadId () returned 0x6f8 [0183.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.896] GetCurrentThreadId () returned 0x6f8 [0183.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.896] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fede8 [0183.896] GetCurrentThreadId () returned 0x6f8 [0183.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.897] FindNextFileW (in: hFindFile=0x5fede8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.897] GetCurrentThreadId () returned 0x6f8 [0183.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.897] FindNextFileW (in: hFindFile=0x5fede8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Client", cAlternateFileName="")) returned 1 [0183.897] GetCurrentThreadId () returned 0x6f8 [0183.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.897] GetCurrentThreadId () returned 0x6f8 [0183.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.897] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fee28 [0183.897] GetCurrentThreadId () returned 0x6f8 [0183.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.897] FindNextFileW (in: hFindFile=0x5fee28, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.897] GetCurrentThreadId () returned 0x6f8 [0183.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.897] FindNextFileW (in: hFindFile=0x5fee28, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0", cAlternateFileName="")) returned 1 [0183.898] GetCurrentThreadId () returned 0x6f8 [0183.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.898] GetCurrentThreadId () returned 0x6f8 [0183.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.898] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fee68 [0183.898] GetCurrentThreadId () returned 0x6f8 [0183.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.898] FindNextFileW (in: hFindFile=0x5fee68, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.898] GetCurrentThreadId () returned 0x6f8 [0183.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.898] FindNextFileW (in: hFindFile=0x5fee68, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0183.898] GetCurrentThreadId () returned 0x6f8 [0183.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.898] GetCurrentThreadId () returned 0x6f8 [0183.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf40eb010, dwHighDateTime=0x1d6076c)) [0183.899] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5feea8 [0184.009] GetCurrentThreadId () returned 0x6f8 [0184.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf41f59b0, dwHighDateTime=0x1d6076c)) [0184.015] FindNextFileW (in: hFindFile=0x5feea8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.016] GetCurrentThreadId () returned 0x6f8 [0184.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf41f59b0, dwHighDateTime=0x1d6076c)) [0184.022] FindNextFileW (in: hFindFile=0x5feea8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2436abaa, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xabde2c6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xa65a8bbf, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x2f22, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_CValidator.H1D", cAlternateFileName="HELP_C~1.H1D")) returned 1 [0184.023] GetCurrentThreadId () returned 0x6f8 [0184.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf421bb10, dwHighDateTime=0x1d6076c)) [0184.023] FindNextFileW (in: hFindFile=0x5feea8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae2660aa, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae2660aa, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x365fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MKWD_AssetId.H1W", cAlternateFileName="HELP_M~1.H1W")) returned 1 [0184.024] GetCurrentThreadId () returned 0x6f8 [0184.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf421bb10, dwHighDateTime=0x1d6076c)) [0184.025] FindNextFileW (in: hFindFile=0x5feea8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae409b6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae409b6f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x325ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MKWD_BestBet.H1W", cAlternateFileName="HELP_M~2.H1W")) returned 1 [0184.026] GetCurrentThreadId () returned 0x6f8 [0184.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf421bb10, dwHighDateTime=0x1d6076c)) [0184.027] FindNextFileW (in: hFindFile=0x5feea8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x79f1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MTOC_help.H1H", cAlternateFileName="HELP_M~1.H1H")) returned 1 [0184.029] GetCurrentThreadId () returned 0x6f8 [0184.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf421bb10, dwHighDateTime=0x1d6076c)) [0184.029] FindNextFileW (in: hFindFile=0x5feea8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x26353250, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x3944, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MValidator.H1D", cAlternateFileName="HELP_M~1.H1D")) returned 1 [0184.030] GetCurrentThreadId () returned 0x6f8 [0184.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf421bb10, dwHighDateTime=0x1d6076c)) [0184.031] FindNextFileW (in: hFindFile=0x5feea8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MValidator.Lck", cAlternateFileName="HELP_M~1.LCK")) returned 1 [0184.033] GetCurrentThreadId () returned 0x6f8 [0184.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf4241c70, dwHighDateTime=0x1d6076c)) [0184.033] FindNextFileW (in: hFindFile=0x5feea8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 1 [0184.033] GetCurrentThreadId () returned 0x6f8 [0184.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf4241c70, dwHighDateTime=0x1d6076c)) [0184.033] FindNextFileW (in: hFindFile=0x5feea8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 0 [0184.033] GetCurrentThreadId () returned 0x6f8 [0184.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4241c70, dwHighDateTime=0x1d6076c)) [0184.033] FindNextFileW (in: hFindFile=0x5fee68, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0184.033] GetCurrentThreadId () returned 0x6f8 [0184.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4241c70, dwHighDateTime=0x1d6076c)) [0184.033] FindNextFileW (in: hFindFile=0x5fee28, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0", cAlternateFileName="")) returned 0 [0184.033] GetCurrentThreadId () returned 0x6f8 [0184.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf4241c70, dwHighDateTime=0x1d6076c)) [0184.033] FindNextFileW (in: hFindFile=0x5fede8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Client", cAlternateFileName="")) returned 0 [0184.038] GetCurrentThreadId () returned 0x6f8 [0184.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf4241c70, dwHighDateTime=0x1d6076c)) [0184.038] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0184.057] GetCurrentThreadId () returned 0x6f8 [0184.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.057] GetCurrentThreadId () returned 0x6f8 [0184.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.057] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5feee8 [0184.057] GetCurrentThreadId () returned 0x6f8 [0184.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.057] FindNextFileW (in: hFindFile=0x5feee8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.057] GetCurrentThreadId () returned 0x6f8 [0184.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.057] FindNextFileW (in: hFindFile=0x5feee8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DSS", cAlternateFileName="")) returned 1 [0184.058] GetCurrentThreadId () returned 0x6f8 [0184.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.058] GetCurrentThreadId () returned 0x6f8 [0184.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.058] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fef28 [0184.058] GetCurrentThreadId () returned 0x6f8 [0184.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.058] FindNextFileW (in: hFindFile=0x5fef28, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.058] GetCurrentThreadId () returned 0x6f8 [0184.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.058] FindNextFileW (in: hFindFile=0x5fef28, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0184.058] GetCurrentThreadId () returned 0x6f8 [0184.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.058] GetCurrentThreadId () returned 0x6f8 [0184.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.059] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fef68 [0184.059] GetCurrentThreadId () returned 0x6f8 [0184.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.059] FindNextFileW (in: hFindFile=0x5fef68, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.059] GetCurrentThreadId () returned 0x6f8 [0184.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.059] FindNextFileW (in: hFindFile=0x5fef68, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0184.059] GetCurrentThreadId () returned 0x6f8 [0184.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.059] FindNextFileW (in: hFindFile=0x5fef28, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 0 [0184.059] GetCurrentThreadId () returned 0x6f8 [0184.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.059] FindNextFileW (in: hFindFile=0x5feee8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Keys", cAlternateFileName="")) returned 1 [0184.059] GetCurrentThreadId () returned 0x6f8 [0184.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.060] GetCurrentThreadId () returned 0x6f8 [0184.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.060] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fefa8 [0184.112] GetCurrentThreadId () returned 0x6f8 [0184.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.113] FindNextFileW (in: hFindFile=0x5fefa8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.114] GetCurrentThreadId () returned 0x6f8 [0184.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.114] FindNextFileW (in: hFindFile=0x5fefa8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0184.114] GetCurrentThreadId () returned 0x6f8 [0184.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.114] FindNextFileW (in: hFindFile=0x5feee8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0184.114] GetCurrentThreadId () returned 0x6f8 [0184.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.114] GetCurrentThreadId () returned 0x6f8 [0184.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.114] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5fefe8 [0184.115] GetCurrentThreadId () returned 0x6f8 [0184.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.115] FindNextFileW (in: hFindFile=0x5fefe8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.115] GetCurrentThreadId () returned 0x6f8 [0184.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.115] FindNextFileW (in: hFindFile=0x5fefe8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0184.115] GetCurrentThreadId () returned 0x6f8 [0184.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.115] GetCurrentThreadId () returned 0x6f8 [0184.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.115] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff028 [0184.116] GetCurrentThreadId () returned 0x6f8 [0184.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.116] FindNextFileW (in: hFindFile=0x5ff028, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.116] GetCurrentThreadId () returned 0x6f8 [0184.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.116] FindNextFileW (in: hFindFile=0x5ff028, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0184.116] GetCurrentThreadId () returned 0x6f8 [0184.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.116] FindNextFileW (in: hFindFile=0x5fefe8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0184.116] GetCurrentThreadId () returned 0x6f8 [0184.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.116] GetCurrentThreadId () returned 0x6f8 [0184.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.116] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0184.123] GetCurrentThreadId () returned 0x6f8 [0184.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf43264b0, dwHighDateTime=0x1d6076c)) [0184.132] FindNextFileW (in: hFindFile=0x5fefe8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 0 [0184.132] GetCurrentThreadId () returned 0x6f8 [0184.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf43264b0, dwHighDateTime=0x1d6076c)) [0184.134] FindNextFileW (in: hFindFile=0x5feee8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0184.135] GetCurrentThreadId () returned 0x6f8 [0184.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf43264b0, dwHighDateTime=0x1d6076c)) [0184.135] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0184.136] GetCurrentThreadId () returned 0x6f8 [0184.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf43264b0, dwHighDateTime=0x1d6076c)) [0184.137] GetCurrentThreadId () returned 0x6f8 [0184.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf43264b0, dwHighDateTime=0x1d6076c)) [0184.140] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff068 [0184.168] GetCurrentThreadId () returned 0x6f8 [0184.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf4372770, dwHighDateTime=0x1d6076c)) [0184.168] FindNextFileW (in: hFindFile=0x5ff068, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.168] GetCurrentThreadId () returned 0x6f8 [0184.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf4372770, dwHighDateTime=0x1d6076c)) [0184.168] FindNextFileW (in: hFindFile=0x5ff068, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device", cAlternateFileName="")) returned 1 [0184.168] GetCurrentThreadId () returned 0x6f8 [0184.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4372770, dwHighDateTime=0x1d6076c)) [0184.168] GetCurrentThreadId () returned 0x6f8 [0184.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf4372770, dwHighDateTime=0x1d6076c)) [0184.168] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff0a8 [0184.173] GetCurrentThreadId () returned 0x6f8 [0184.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf43988d0, dwHighDateTime=0x1d6076c)) [0184.173] FindNextFileW (in: hFindFile=0x5ff0a8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.175] GetCurrentThreadId () returned 0x6f8 [0184.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf43988d0, dwHighDateTime=0x1d6076c)) [0184.175] FindNextFileW (in: hFindFile=0x5ff0a8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{113527a4-45d4-4b6f-b567-97838f1b04b0}", cAlternateFileName="{11352~1")) returned 1 [0184.175] GetCurrentThreadId () returned 0x6f8 [0184.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf43988d0, dwHighDateTime=0x1d6076c)) [0184.175] GetCurrentThreadId () returned 0x6f8 [0184.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf43988d0, dwHighDateTime=0x1d6076c)) [0184.175] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff0e8 [0184.255] GetCurrentThreadId () returned 0x6f8 [0184.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4456fb0, dwHighDateTime=0x1d6076c)) [0184.255] FindNextFileW (in: hFindFile=0x5ff0e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.255] GetCurrentThreadId () returned 0x6f8 [0184.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4456fb0, dwHighDateTime=0x1d6076c)) [0184.255] FindNextFileW (in: hFindFile=0x5ff0e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0184.255] GetCurrentThreadId () returned 0x6f8 [0184.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf4456fb0, dwHighDateTime=0x1d6076c)) [0184.255] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png")) returned 0x20 [0184.256] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", dwFileAttributes=0x80) returned 0 [0184.256] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0184.256] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fad1 [0184.261] ReadFile (in: hFile=0x31c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1fad1, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0x1fad1, lpOverlapped=0x0) returned 1 [0184.264] GetCurrentThreadId () returned 0x6f8 [0184.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf4456fb0, dwHighDateTime=0x1d6076c)) [0184.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf4456fb0, dwHighDateTime=0x1d6076c)) [0184.264] GetCurrentThreadId () returned 0x6f8 [0184.265] CloseHandle (hObject=0x31c) returned 1 [0184.265] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", dwFileAttributes=0x20) returned 0 [0184.265] GetCurrentThreadId () returned 0x6f8 [0184.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf4456fb0, dwHighDateTime=0x1d6076c)) [0184.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf4456fb0, dwHighDateTime=0x1d6076c)) [0184.266] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", piIcon=0x4e4ed50 | out: pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", piIcon=0x4e4ed50) returned 0x10013f [0187.829] GetIconInfo (in: hIcon=0x10013f, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0187.829] CreateFileW (lpFileName="ggEI.ico" (normalized: "c:\\windows\\system32\\ggei.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x368 [0187.942] GetObjectA (in: h=0x170501e8, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0187.942] GetObjectA (in: h=0x120501e2, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0187.942] CreateCompatibleDC (hdc=0x0) returned 0x100101e0 [0187.942] GetDIBits (in: hdc=0x100101e0, hbm=0x170501e8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0187.968] GetDIBits (in: hdc=0x100101e0, hbm=0x170501e8, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0187.968] GetDIBits (in: hdc=0x100101e0, hbm=0x170501e8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0187.968] GetDIBits (in: hdc=0x100101e0, hbm=0x120501e2, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0187.968] WriteFile (in: hFile=0x368, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0187.969] WriteFile (in: hFile=0x368, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0187.970] WriteFile (in: hFile=0x368, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0187.970] WriteFile (in: hFile=0x368, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0187.970] WriteFile (in: hFile=0x368, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0187.971] DeleteDC (hdc=0x100101e0) returned 1 [0187.971] CloseHandle (hObject=0x368) returned 1 [0187.972] DeleteObject (ho=0x170501e8) returned 1 [0187.972] DeleteObject (ho=0x120501e2) returned 1 [0187.972] DestroyCursor (hCursor=0x10013f) returned 1 [0187.975] GetCurrentThreadId () returned 0x6f8 [0187.975] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x368 [0188.019] GetFileSize (in: hFile=0x368, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fad1 [0188.024] ReadFile (in: hFile=0x368, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1fad1, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0x1fad1, lpOverlapped=0x0) returned 1 [0188.025] CloseHandle (hObject=0x368) returned 1 [0188.028] GetCurrentThreadId () returned 0x6f8 [0188.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf586c950, dwHighDateTime=0x1d6076c)) [0188.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf586c950, dwHighDateTime=0x1d6076c)) [0188.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf586c950, dwHighDateTime=0x1d6076c)) [0189.177] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x5430000 [0189.177] VirtualAlloc (lpAddress=0x0, dwSize=0x600, flAllocationType=0x1000, flProtect=0x40) returned 0x5590000 [0189.182] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76d90000 [0189.186] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77330000 [0189.207] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x75c40000 [0189.518] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75590000 [0190.082] GetCurrentThreadId () returned 0x6f8 [0190.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf6be9d70, dwHighDateTime=0x1d6076c)) [0190.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf6be9d70, dwHighDateTime=0x1d6076c)) [0190.082] GetCurrentThreadId () returned 0x6f8 [0190.082] CreateFileW (lpFileName="sMYu.exe" (normalized: "c:\\windows\\system32\\smyu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0190.083] CreateFileW (lpFileName="sMYu.exe" (normalized: "c:\\windows\\system32\\smyu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0190.084] GetCurrentThreadId () returned 0x6f8 [0190.084] GetCurrentThreadId () returned 0x6f8 [0190.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf6be9d70, dwHighDateTime=0x1d6076c)) [0190.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf6be9d70, dwHighDateTime=0x1d6076c)) [0190.084] CreateFileW (lpFileName="sMYu.exe" (normalized: "c:\\windows\\system32\\smyu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0190.084] GetCurrentThreadId () returned 0x6f8 [0190.141] BeginUpdateResourceW (pFileName="sMYu.exe" (normalized: "c:\\windows\\system32\\smyu.exe"), bDeleteExistingResources=0) returned 0x0 [0190.170] CreateFileW (lpFileName="ggEI.ico" (normalized: "c:\\windows\\system32\\ggei.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0190.170] GetFileSize (in: hFile=0x368, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0190.200] ReadFile (in: hFile=0x368, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0190.201] CloseHandle (hObject=0x368) returned 1 [0190.201] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0190.201] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0190.201] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0190.202] CopyFileW (lpExistingFileName="sMYu.exe" (normalized: "c:\\windows\\system32\\smyu.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.exe" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.exe"), bFailIfExists=0) returned 0 [0190.202] SetNamedSecurityInfoW () returned 0x2 [0190.204] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png")) returned 0 [0190.205] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xc4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xc4, lpOverlapped=0x0) returned 1 [0190.206] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0190.206] DeleteFileW (lpFileName="ggEI.ico" (normalized: "c:\\windows\\system32\\ggei.ico")) returned 1 [0190.208] DeleteFileW (lpFileName="sMYu.exe" (normalized: "c:\\windows\\system32\\smyu.exe")) returned 0 [0190.208] GetCurrentThreadId () returned 0x6f8 [0190.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf6d1a870, dwHighDateTime=0x1d6076c)) [0190.208] GetCurrentThreadId () returned 0x6f8 [0190.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf6d1a870, dwHighDateTime=0x1d6076c)) [0190.209] FindNextFileW (in: hFindFile=0x5ff0e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7c5b0d9, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xc7c5b0d9, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xc7c5b0d9, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xb61, dwReserved0=0x0, dwReserved1=0x0, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0190.209] GetCurrentThreadId () returned 0x6f8 [0190.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf6d1a870, dwHighDateTime=0x1d6076c)) [0190.209] FindNextFileW (in: hFindFile=0x5ff0e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xadc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="device.png", cAlternateFileName="")) returned 1 [0190.209] GetCurrentThreadId () returned 0x6f8 [0190.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf6d1a870, dwHighDateTime=0x1d6076c)) [0190.209] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0x20 [0190.213] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", dwFileAttributes=0x80) returned 0 [0190.214] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x368 [0190.214] GetFileSize (in: hFile=0x368, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xadc8 [0190.291] ReadFile (in: hFile=0x368, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xadc8, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xadc8, lpOverlapped=0x0) returned 1 [0190.297] GetCurrentThreadId () returned 0x6f8 [0190.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf6dff0b0, dwHighDateTime=0x1d6076c)) [0190.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf6dff0b0, dwHighDateTime=0x1d6076c)) [0190.297] GetCurrentThreadId () returned 0x6f8 [0190.298] CloseHandle (hObject=0x368) returned 1 [0190.331] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", dwFileAttributes=0x20) returned 0 [0190.331] GetCurrentThreadId () returned 0x6f8 [0190.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf6e4b370, dwHighDateTime=0x1d6076c)) [0190.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf6e4b370, dwHighDateTime=0x1d6076c)) [0190.331] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", piIcon=0x4e4ed50 | out: pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", piIcon=0x4e4ed50) returned 0x40127 [0190.514] GetIconInfo (in: hIcon=0x40127, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0190.515] CreateFileW (lpFileName="qsoI.ico" (normalized: "c:\\windows\\system32\\qsoi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x368 [0190.527] GetObjectA (in: h=0x3d0501e2, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0190.528] GetObjectA (in: h=0x2c0501cc, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0190.528] CreateCompatibleDC (hdc=0x0) returned 0x590101e0 [0190.528] GetDIBits (in: hdc=0x590101e0, hbm=0x3d0501e2, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0190.528] GetDIBits (in: hdc=0x590101e0, hbm=0x3d0501e2, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0190.528] GetDIBits (in: hdc=0x590101e0, hbm=0x3d0501e2, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0190.528] GetDIBits (in: hdc=0x590101e0, hbm=0x2c0501cc, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0190.528] WriteFile (in: hFile=0x368, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0190.529] WriteFile (in: hFile=0x368, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0190.529] WriteFile (in: hFile=0x368, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0190.530] WriteFile (in: hFile=0x368, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0190.530] WriteFile (in: hFile=0x368, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0190.530] DeleteDC (hdc=0x590101e0) returned 1 [0190.530] CloseHandle (hObject=0x368) returned 1 [0190.531] DeleteObject (ho=0x3d0501e2) returned 1 [0190.531] DeleteObject (ho=0x2c0501cc) returned 1 [0190.531] DestroyCursor (hCursor=0x40127) returned 1 [0190.531] GetCurrentThreadId () returned 0x6f8 [0190.531] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x368 [0190.532] GetFileSize (in: hFile=0x368, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xadc8 [0190.581] ReadFile (in: hFile=0x368, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xadc8, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xadc8, lpOverlapped=0x0) returned 1 [0190.581] CloseHandle (hObject=0x368) returned 1 [0190.581] GetCurrentThreadId () returned 0x6f8 [0190.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf70ac970, dwHighDateTime=0x1d6076c)) [0190.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf70ac970, dwHighDateTime=0x1d6076c)) [0190.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf70ac970, dwHighDateTime=0x1d6076c)) [0190.598] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75a70000 [0190.778] GetCurrentThreadId () returned 0x6f8 [0190.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf729bb50, dwHighDateTime=0x1d6076c)) [0190.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf729bb50, dwHighDateTime=0x1d6076c)) [0190.779] GetCurrentThreadId () returned 0x6f8 [0190.779] CreateFileW (lpFileName="QgIo.exe" (normalized: "c:\\windows\\system32\\qgio.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0190.779] CreateFileW (lpFileName="QgIo.exe" (normalized: "c:\\windows\\system32\\qgio.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0190.780] GetCurrentThreadId () returned 0x6f8 [0190.780] GetCurrentThreadId () returned 0x6f8 [0190.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf729bb50, dwHighDateTime=0x1d6076c)) [0190.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf729bb50, dwHighDateTime=0x1d6076c)) [0190.780] CreateFileW (lpFileName="QgIo.exe" (normalized: "c:\\windows\\system32\\qgio.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0190.780] GetCurrentThreadId () returned 0x6f8 [0190.780] BeginUpdateResourceW (pFileName="QgIo.exe" (normalized: "c:\\windows\\system32\\qgio.exe"), bDeleteExistingResources=0) returned 0x0 [0190.780] CreateFileW (lpFileName="qsoI.ico" (normalized: "c:\\windows\\system32\\qsoi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0190.780] GetFileSize (in: hFile=0x368, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0190.780] ReadFile (in: hFile=0x368, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0190.781] CloseHandle (hObject=0x368) returned 1 [0190.781] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0190.781] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0190.781] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0190.781] CopyFileW (lpExistingFileName="QgIo.exe" (normalized: "c:\\windows\\system32\\qgio.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.exe" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.exe"), bFailIfExists=0) returned 0 [0190.781] SetNamedSecurityInfoW () returned 0x2 [0190.781] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0 [0190.782] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xbc, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xbc, lpOverlapped=0x0) returned 1 [0190.782] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0190.782] DeleteFileW (lpFileName="qsoI.ico" (normalized: "c:\\windows\\system32\\qsoi.ico")) returned 1 [0190.783] DeleteFileW (lpFileName="QgIo.exe" (normalized: "c:\\windows\\system32\\qgio.exe")) returned 0 [0190.783] GetCurrentThreadId () returned 0x6f8 [0190.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf729bb50, dwHighDateTime=0x1d6076c)) [0190.784] GetCurrentThreadId () returned 0x6f8 [0190.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf729bb50, dwHighDateTime=0x1d6076c)) [0190.784] FindNextFileW (in: hFindFile=0x5ff0e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0a07cc, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0a07cc, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="overlay.png", cAlternateFileName="")) returned 1 [0190.784] GetCurrentThreadId () returned 0x6f8 [0190.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf729bb50, dwHighDateTime=0x1d6076c)) [0190.784] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png")) returned 0x20 [0190.784] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", dwFileAttributes=0x80) returned 0 [0190.784] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x368 [0190.785] GetFileSize (in: hFile=0x368, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x70c1 [0190.790] ReadFile (in: hFile=0x368, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x70c1, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0x70c1, lpOverlapped=0x0) returned 1 [0190.795] GetCurrentThreadId () returned 0x6f8 [0190.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf72c1cb0, dwHighDateTime=0x1d6076c)) [0190.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf72c1cb0, dwHighDateTime=0x1d6076c)) [0190.795] GetCurrentThreadId () returned 0x6f8 [0190.796] CloseHandle (hObject=0x368) returned 1 [0190.796] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", dwFileAttributes=0x20) returned 0 [0190.796] GetCurrentThreadId () returned 0x6f8 [0190.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf72c1cb0, dwHighDateTime=0x1d6076c)) [0190.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf72c1cb0, dwHighDateTime=0x1d6076c)) [0190.796] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", piIcon=0x4e4ed50 | out: pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", piIcon=0x4e4ed50) returned 0x40141 [0190.802] GetIconInfo (in: hIcon=0x40141, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0190.802] CreateFileW (lpFileName="cAIY.ico" (normalized: "c:\\windows\\system32\\caiy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x378 [0190.835] GetObjectA (in: h=0x5b0501e0, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0190.869] GetObjectA (in: h=0x2e0501cc, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0190.869] CreateCompatibleDC (hdc=0x0) returned 0x3f0101e2 [0190.869] GetDIBits (in: hdc=0x3f0101e2, hbm=0x5b0501e0, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0190.869] GetDIBits (in: hdc=0x3f0101e2, hbm=0x5b0501e0, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0190.869] GetDIBits (in: hdc=0x3f0101e2, hbm=0x5b0501e0, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0190.869] GetDIBits (in: hdc=0x3f0101e2, hbm=0x2e0501cc, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0190.869] WriteFile (in: hFile=0x378, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0190.870] WriteFile (in: hFile=0x378, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0190.871] WriteFile (in: hFile=0x378, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0190.871] WriteFile (in: hFile=0x378, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0190.871] WriteFile (in: hFile=0x378, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0190.871] DeleteDC (hdc=0x3f0101e2) returned 1 [0190.871] CloseHandle (hObject=0x378) returned 1 [0190.871] DeleteObject (ho=0x5b0501e0) returned 1 [0190.871] DeleteObject (ho=0x2e0501cc) returned 1 [0190.872] DestroyCursor (hCursor=0x40141) returned 1 [0190.872] GetCurrentThreadId () returned 0x6f8 [0190.872] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x378 [0190.872] GetFileSize (in: hFile=0x378, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x70c1 [0190.877] ReadFile (in: hFile=0x378, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x70c1, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0x70c1, lpOverlapped=0x0) returned 1 [0190.877] CloseHandle (hObject=0x378) returned 1 [0190.877] GetCurrentThreadId () returned 0x6f8 [0190.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf7380390, dwHighDateTime=0x1d6076c)) [0190.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf7380390, dwHighDateTime=0x1d6076c)) [0190.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf7380390, dwHighDateTime=0x1d6076c)) [0191.085] GetCurrentThreadId () returned 0x6f8 [0191.085] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf756f570, dwHighDateTime=0x1d6076c)) [0191.085] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf756f570, dwHighDateTime=0x1d6076c)) [0191.085] GetCurrentThreadId () returned 0x6f8 [0191.085] CreateFileW (lpFileName="gocU.exe" (normalized: "c:\\windows\\system32\\gocu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0191.102] CreateFileW (lpFileName="gocU.exe" (normalized: "c:\\windows\\system32\\gocu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0191.102] GetCurrentThreadId () returned 0x6f8 [0191.102] GetCurrentThreadId () returned 0x6f8 [0191.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf75bb830, dwHighDateTime=0x1d6076c)) [0191.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf75bb830, dwHighDateTime=0x1d6076c)) [0191.102] CreateFileW (lpFileName="gocU.exe" (normalized: "c:\\windows\\system32\\gocu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0191.102] GetCurrentThreadId () returned 0x6f8 [0191.102] BeginUpdateResourceW (pFileName="gocU.exe" (normalized: "c:\\windows\\system32\\gocu.exe"), bDeleteExistingResources=0) returned 0x0 [0191.102] CreateFileW (lpFileName="cAIY.ico" (normalized: "c:\\windows\\system32\\caiy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x378 [0191.103] GetFileSize (in: hFile=0x378, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0191.110] ReadFile (in: hFile=0x378, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0191.123] CloseHandle (hObject=0x378) returned 1 [0191.126] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0191.126] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0191.126] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0191.134] CopyFileW (lpExistingFileName="gocU.exe" (normalized: "c:\\windows\\system32\\gocu.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.exe" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.exe"), bFailIfExists=0) returned 0 [0191.146] SetNamedSecurityInfoW () returned 0x2 [0191.146] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png")) returned 0 [0191.147] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xbe, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xbe, lpOverlapped=0x0) returned 1 [0191.147] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0191.147] DeleteFileW (lpFileName="cAIY.ico" (normalized: "c:\\windows\\system32\\caiy.ico")) returned 1 [0191.151] DeleteFileW (lpFileName="gocU.exe" (normalized: "c:\\windows\\system32\\gocu.exe")) returned 0 [0191.151] GetCurrentThreadId () returned 0x6f8 [0191.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf762dc50, dwHighDateTime=0x1d6076c)) [0191.151] GetCurrentThreadId () returned 0x6f8 [0191.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf762dc50, dwHighDateTime=0x1d6076c)) [0191.151] FindNextFileW (in: hFindFile=0x5ff0e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 1 [0191.151] GetCurrentThreadId () returned 0x6f8 [0191.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf762dc50, dwHighDateTime=0x1d6076c)) [0191.151] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png")) returned 0x20 [0191.173] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", dwFileAttributes=0x80) returned 0 [0191.174] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x378 [0191.174] GetFileSize (in: hFile=0x378, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x99d3 [0191.211] ReadFile (in: hFile=0x378, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x99d3, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0x99d3, lpOverlapped=0x0) returned 1 [0191.216] GetCurrentThreadId () returned 0x6f8 [0191.216] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf76c61d0, dwHighDateTime=0x1d6076c)) [0191.216] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf76c61d0, dwHighDateTime=0x1d6076c)) [0191.216] GetCurrentThreadId () returned 0x6f8 [0191.217] CloseHandle (hObject=0x378) returned 1 [0191.217] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", dwFileAttributes=0x20) returned 0 [0191.217] GetCurrentThreadId () returned 0x6f8 [0191.217] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf76c61d0, dwHighDateTime=0x1d6076c)) [0191.217] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf76c61d0, dwHighDateTime=0x1d6076c)) [0191.217] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", piIcon=0x4e4ed50 | out: pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", piIcon=0x4e4ed50) returned 0xe00ad [0191.223] GetIconInfo (in: hIcon=0xe00ad, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0191.223] CreateFileW (lpFileName="wYko.ico" (normalized: "c:\\windows\\system32\\wyko.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x368 [0191.224] GetObjectA (in: h=0x10050731, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0191.224] GetObjectA (in: h=0x10050734, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0191.224] CreateCompatibleDC (hdc=0x0) returned 0x410101ce [0191.224] GetDIBits (in: hdc=0x410101ce, hbm=0x10050731, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0191.224] GetDIBits (in: hdc=0x410101ce, hbm=0x10050731, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0191.224] GetDIBits (in: hdc=0x410101ce, hbm=0x10050731, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0191.224] GetDIBits (in: hdc=0x410101ce, hbm=0x10050734, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0191.224] WriteFile (in: hFile=0x368, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0191.225] WriteFile (in: hFile=0x368, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0191.225] WriteFile (in: hFile=0x368, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0191.226] WriteFile (in: hFile=0x368, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0191.226] WriteFile (in: hFile=0x368, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0191.226] DeleteDC (hdc=0x410101ce) returned 1 [0191.226] CloseHandle (hObject=0x368) returned 1 [0191.226] DeleteObject (ho=0x10050731) returned 1 [0191.226] DeleteObject (ho=0x10050734) returned 1 [0191.226] DestroyCursor (hCursor=0xe00ad) returned 1 [0191.226] GetCurrentThreadId () returned 0x6f8 [0191.226] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x368 [0191.227] GetFileSize (in: hFile=0x368, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x99d3 [0191.231] ReadFile (in: hFile=0x368, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x99d3, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0x99d3, lpOverlapped=0x0) returned 1 [0191.232] CloseHandle (hObject=0x368) returned 1 [0191.232] GetCurrentThreadId () returned 0x6f8 [0191.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf76ec330, dwHighDateTime=0x1d6076c)) [0191.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf76ec330, dwHighDateTime=0x1d6076c)) [0191.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf76ec330, dwHighDateTime=0x1d6076c)) [0191.411] GetCurrentThreadId () returned 0x6f8 [0191.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf788f250, dwHighDateTime=0x1d6076c)) [0191.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf788f250, dwHighDateTime=0x1d6076c)) [0191.411] GetCurrentThreadId () returned 0x6f8 [0191.411] CreateFileW (lpFileName="aQEk.exe" (normalized: "c:\\windows\\system32\\aqek.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0191.412] CreateFileW (lpFileName="aQEk.exe" (normalized: "c:\\windows\\system32\\aqek.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0191.412] GetCurrentThreadId () returned 0x6f8 [0191.412] GetCurrentThreadId () returned 0x6f8 [0191.412] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.412] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.412] CreateFileW (lpFileName="aQEk.exe" (normalized: "c:\\windows\\system32\\aqek.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0191.412] GetCurrentThreadId () returned 0x6f8 [0191.413] BeginUpdateResourceW (pFileName="aQEk.exe" (normalized: "c:\\windows\\system32\\aqek.exe"), bDeleteExistingResources=0) returned 0x0 [0191.413] CreateFileW (lpFileName="wYko.ico" (normalized: "c:\\windows\\system32\\wyko.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0191.413] GetFileSize (in: hFile=0x368, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0191.413] ReadFile (in: hFile=0x368, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0191.413] CloseHandle (hObject=0x368) returned 1 [0191.413] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0191.413] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0191.413] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0191.413] CopyFileW (lpExistingFileName="aQEk.exe" (normalized: "c:\\windows\\system32\\aqek.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.exe" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.exe"), bFailIfExists=0) returned 0 [0191.414] SetNamedSecurityInfoW () returned 0x2 [0191.414] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png")) returned 0 [0191.414] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xc0, lpOverlapped=0x0) returned 1 [0191.414] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0191.414] DeleteFileW (lpFileName="wYko.ico" (normalized: "c:\\windows\\system32\\wyko.ico")) returned 1 [0191.415] DeleteFileW (lpFileName="aQEk.exe" (normalized: "c:\\windows\\system32\\aqek.exe")) returned 0 [0191.415] GetCurrentThreadId () returned 0x6f8 [0191.415] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.415] GetCurrentThreadId () returned 0x6f8 [0191.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.416] FindNextFileW (in: hFindFile=0x5ff0e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 0 [0191.416] GetCurrentThreadId () returned 0x6f8 [0191.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.416] FindNextFileW (in: hFindFile=0x5ff0a8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 1 [0191.416] GetCurrentThreadId () returned 0x6f8 [0191.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.416] GetCurrentThreadId () returned 0x6f8 [0191.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.416] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff1e8 [0191.416] GetCurrentThreadId () returned 0x6f8 [0191.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.416] FindNextFileW (in: hFindFile=0x5ff1e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0191.416] GetCurrentThreadId () returned 0x6f8 [0191.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.416] FindNextFileW (in: hFindFile=0x5ff1e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0af2f7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x9c0af2f7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x9c0af2f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0191.417] GetCurrentThreadId () returned 0x6f8 [0191.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.417] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png")) returned 0x20 [0191.417] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", dwFileAttributes=0x80) returned 0 [0191.417] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x378 [0191.417] GetFileSize (in: hFile=0x378, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fad1 [0191.422] ReadFile (in: hFile=0x378, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1fad1, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0x1fad1, lpOverlapped=0x0) returned 1 [0191.426] GetCurrentThreadId () returned 0x6f8 [0191.426] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.426] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf78b53b0, dwHighDateTime=0x1d6076c)) [0191.426] GetCurrentThreadId () returned 0x6f8 [0191.426] CloseHandle (hObject=0x378) returned 1 [0191.426] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", dwFileAttributes=0x20) returned 0 [0191.427] GetCurrentThreadId () returned 0x6f8 [0191.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf78db510, dwHighDateTime=0x1d6076c)) [0191.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf78db510, dwHighDateTime=0x1d6076c)) [0191.427] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", piIcon=0x4e4ed50 | out: pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", piIcon=0x4e4ed50) returned 0xf00ad [0191.434] GetIconInfo (in: hIcon=0xf00ad, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0191.434] CreateFileW (lpFileName="ACoI.ico" (normalized: "c:\\windows\\system32\\acoi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380 [0191.435] GetObjectA (in: h=0x310501cc, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0191.435] GetObjectA (in: h=0x600501e0, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0191.435] CreateCompatibleDC (hdc=0x0) returned 0x610101e8 [0191.436] GetDIBits (in: hdc=0x610101e8, hbm=0x310501cc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0191.436] GetDIBits (in: hdc=0x610101e8, hbm=0x310501cc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0191.436] GetDIBits (in: hdc=0x610101e8, hbm=0x310501cc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0191.436] GetDIBits (in: hdc=0x610101e8, hbm=0x600501e0, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0191.436] WriteFile (in: hFile=0x380, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0191.437] WriteFile (in: hFile=0x380, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0191.437] WriteFile (in: hFile=0x380, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0191.437] WriteFile (in: hFile=0x380, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0191.437] WriteFile (in: hFile=0x380, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0191.437] DeleteDC (hdc=0x610101e8) returned 1 [0191.437] CloseHandle (hObject=0x380) returned 1 [0191.438] DeleteObject (ho=0x310501cc) returned 1 [0191.438] DeleteObject (ho=0x600501e0) returned 1 [0191.438] DestroyCursor (hCursor=0xf00ad) returned 1 [0191.438] GetCurrentThreadId () returned 0x6f8 [0191.438] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380 [0191.438] GetFileSize (in: hFile=0x380, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fad1 [0191.594] ReadFile (in: hFile=0x380, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1fad1, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0x1fad1, lpOverlapped=0x0) returned 1 [0191.595] CloseHandle (hObject=0x380) returned 1 [0191.595] GetCurrentThreadId () returned 0x6f8 [0191.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf7a582d0, dwHighDateTime=0x1d6076c)) [0191.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf7a582d0, dwHighDateTime=0x1d6076c)) [0191.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf7a582d0, dwHighDateTime=0x1d6076c)) [0191.946] GetCurrentThreadId () returned 0x6f8 [0191.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf7dc4270, dwHighDateTime=0x1d6076c)) [0191.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf7dc4270, dwHighDateTime=0x1d6076c)) [0191.946] GetCurrentThreadId () returned 0x6f8 [0191.946] CreateFileW (lpFileName="Esgi.exe" (normalized: "c:\\windows\\system32\\esgi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0191.947] CreateFileW (lpFileName="Esgi.exe" (normalized: "c:\\windows\\system32\\esgi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0191.948] GetCurrentThreadId () returned 0x6f8 [0191.948] GetCurrentThreadId () returned 0x6f8 [0191.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf7dc4270, dwHighDateTime=0x1d6076c)) [0191.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf7dc4270, dwHighDateTime=0x1d6076c)) [0191.948] CreateFileW (lpFileName="Esgi.exe" (normalized: "c:\\windows\\system32\\esgi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0191.948] GetCurrentThreadId () returned 0x6f8 [0191.948] BeginUpdateResourceW (pFileName="Esgi.exe" (normalized: "c:\\windows\\system32\\esgi.exe"), bDeleteExistingResources=0) returned 0x0 [0191.948] CreateFileW (lpFileName="ACoI.ico" (normalized: "c:\\windows\\system32\\acoi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x380 [0191.948] GetFileSize (in: hFile=0x380, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0191.949] ReadFile (in: hFile=0x380, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0191.949] CloseHandle (hObject=0x380) returned 1 [0191.949] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0191.949] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0191.949] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0191.949] CopyFileW (lpExistingFileName="Esgi.exe" (normalized: "c:\\windows\\system32\\esgi.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.exe" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.exe"), bFailIfExists=0) returned 0 [0191.949] SetNamedSecurityInfoW () returned 0x2 [0191.950] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png")) returned 0 [0191.950] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xc4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xc4, lpOverlapped=0x0) returned 1 [0191.950] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0191.950] DeleteFileW (lpFileName="ACoI.ico" (normalized: "c:\\windows\\system32\\acoi.ico")) returned 1 [0191.951] DeleteFileW (lpFileName="Esgi.exe" (normalized: "c:\\windows\\system32\\esgi.exe")) returned 0 [0191.951] GetCurrentThreadId () returned 0x6f8 [0191.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf7dc4270, dwHighDateTime=0x1d6076c)) [0191.951] GetCurrentThreadId () returned 0x6f8 [0191.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7dc4270, dwHighDateTime=0x1d6076c)) [0191.952] FindNextFileW (in: hFindFile=0x5ff1e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2feb941, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2feb941, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0191.952] GetCurrentThreadId () returned 0x6f8 [0191.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7dc4270, dwHighDateTime=0x1d6076c)) [0191.952] FindNextFileW (in: hFindFile=0x5ff1e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 1 [0191.952] GetCurrentThreadId () returned 0x6f8 [0191.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf7dc4270, dwHighDateTime=0x1d6076c)) [0191.952] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png")) returned 0x20 [0191.952] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", dwFileAttributes=0x80) returned 0 [0191.952] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380 [0191.952] GetFileSize (in: hFile=0x380, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x70c1 [0191.957] ReadFile (in: hFile=0x380, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x70c1, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0x70c1, lpOverlapped=0x0) returned 1 [0191.959] GetCurrentThreadId () returned 0x6f8 [0191.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf7dea3d0, dwHighDateTime=0x1d6076c)) [0191.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf7dea3d0, dwHighDateTime=0x1d6076c)) [0191.959] GetCurrentThreadId () returned 0x6f8 [0191.959] CloseHandle (hObject=0x380) returned 1 [0191.959] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", dwFileAttributes=0x20) returned 0 [0191.959] GetCurrentThreadId () returned 0x6f8 [0191.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf7dea3d0, dwHighDateTime=0x1d6076c)) [0191.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf7dea3d0, dwHighDateTime=0x1d6076c)) [0191.960] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", piIcon=0x4e4ed50 | out: pszIconPath="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", piIcon=0x4e4ed50) returned 0x1000ad [0191.965] GetIconInfo (in: hIcon=0x1000ad, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0191.965] CreateFileW (lpFileName="acss.ico" (normalized: "c:\\windows\\system32\\acss.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x378 [0191.966] GetObjectA (in: h=0x14050734, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0191.966] GetObjectA (in: h=0x460501ce, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0191.966] CreateCompatibleDC (hdc=0x0) returned 0x16010731 [0191.966] GetDIBits (in: hdc=0x16010731, hbm=0x14050734, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0191.966] GetDIBits (in: hdc=0x16010731, hbm=0x14050734, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0191.966] GetDIBits (in: hdc=0x16010731, hbm=0x14050734, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0191.966] GetDIBits (in: hdc=0x16010731, hbm=0x460501ce, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0191.966] WriteFile (in: hFile=0x378, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0191.967] WriteFile (in: hFile=0x378, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0191.967] WriteFile (in: hFile=0x378, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0191.967] WriteFile (in: hFile=0x378, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0191.967] WriteFile (in: hFile=0x378, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0191.967] DeleteDC (hdc=0x16010731) returned 1 [0191.968] CloseHandle (hObject=0x378) returned 1 [0191.968] DeleteObject (ho=0x14050734) returned 1 [0191.968] DeleteObject (ho=0x460501ce) returned 1 [0191.968] DestroyCursor (hCursor=0x1000ad) returned 1 [0191.968] GetCurrentThreadId () returned 0x6f8 [0191.968] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x378 [0191.968] GetFileSize (in: hFile=0x378, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x70c1 [0191.974] ReadFile (in: hFile=0x378, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x70c1, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0x70c1, lpOverlapped=0x0) returned 1 [0191.974] CloseHandle (hObject=0x378) returned 1 [0191.974] GetCurrentThreadId () returned 0x6f8 [0191.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf7e10530, dwHighDateTime=0x1d6076c)) [0191.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf7e10530, dwHighDateTime=0x1d6076c)) [0191.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf7e10530, dwHighDateTime=0x1d6076c)) [0191.987] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x75b80000 [0192.107] GetCurrentThreadId () returned 0x6f8 [0192.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.107] GetCurrentThreadId () returned 0x6f8 [0192.107] CreateFileW (lpFileName="wAwu.exe" (normalized: "c:\\windows\\system32\\wawu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0192.108] CreateFileW (lpFileName="wAwu.exe" (normalized: "c:\\windows\\system32\\wawu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0192.108] GetCurrentThreadId () returned 0x6f8 [0192.108] GetCurrentThreadId () returned 0x6f8 [0192.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.108] CreateFileW (lpFileName="wAwu.exe" (normalized: "c:\\windows\\system32\\wawu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0192.109] GetCurrentThreadId () returned 0x6f8 [0192.109] BeginUpdateResourceW (pFileName="wAwu.exe" (normalized: "c:\\windows\\system32\\wawu.exe"), bDeleteExistingResources=0) returned 0x0 [0192.109] CreateFileW (lpFileName="acss.ico" (normalized: "c:\\windows\\system32\\acss.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x378 [0192.109] GetFileSize (in: hFile=0x378, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0192.109] ReadFile (in: hFile=0x378, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0192.109] CloseHandle (hObject=0x378) returned 1 [0192.109] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0192.109] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0192.109] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0192.110] CopyFileW (lpExistingFileName="wAwu.exe" (normalized: "c:\\windows\\system32\\wawu.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.exe" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.exe"), bFailIfExists=0) returned 0 [0192.110] SetNamedSecurityInfoW () returned 0x2 [0192.110] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png")) returned 0 [0192.110] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xc2, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xc2, lpOverlapped=0x0) returned 1 [0192.110] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0192.110] DeleteFileW (lpFileName="acss.ico" (normalized: "c:\\windows\\system32\\acss.ico")) returned 1 [0192.111] DeleteFileW (lpFileName="wAwu.exe" (normalized: "c:\\windows\\system32\\wawu.exe")) returned 0 [0192.111] GetCurrentThreadId () returned 0x6f8 [0192.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.111] GetCurrentThreadId () returned 0x6f8 [0192.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.111] FindNextFileW (in: hFindFile=0x5ff1e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 0 [0192.112] GetCurrentThreadId () returned 0x6f8 [0192.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.112] FindNextFileW (in: hFindFile=0x5ff0a8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 0 [0192.112] GetCurrentThreadId () returned 0x6f8 [0192.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.112] FindNextFileW (in: hFindFile=0x5ff068, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 1 [0192.112] GetCurrentThreadId () returned 0x6f8 [0192.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.112] GetCurrentThreadId () returned 0x6f8 [0192.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.112] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff228 [0192.112] GetCurrentThreadId () returned 0x6f8 [0192.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.112] FindNextFileW (in: hFindFile=0x5ff228, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.112] GetCurrentThreadId () returned 0x6f8 [0192.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.112] FindNextFileW (in: hFindFile=0x5ff228, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", cAlternateFileName="{07DEB~1")) returned 1 [0192.112] GetCurrentThreadId () returned 0x6f8 [0192.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.112] GetCurrentThreadId () returned 0x6f8 [0192.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7f41030, dwHighDateTime=0x1d6076c)) [0192.112] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff268 [0192.143] GetCurrentThreadId () returned 0x6f8 [0192.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7f8d2f0, dwHighDateTime=0x1d6076c)) [0192.143] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.143] GetCurrentThreadId () returned 0x6f8 [0192.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7f8d2f0, dwHighDateTime=0x1d6076c)) [0192.143] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0192.143] GetCurrentThreadId () returned 0x6f8 [0192.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf7f8d2f0, dwHighDateTime=0x1d6076c)) [0192.143] GetCurrentThreadId () returned 0x6f8 [0192.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf7f8d2f0, dwHighDateTime=0x1d6076c)) [0192.143] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff2a8 [0192.144] GetCurrentThreadId () returned 0x6f8 [0192.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf7f8d2f0, dwHighDateTime=0x1d6076c)) [0192.144] FindNextFileW (in: hFindFile=0x5ff2a8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.144] GetCurrentThreadId () returned 0x6f8 [0192.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf7f8d2f0, dwHighDateTime=0x1d6076c)) [0192.144] FindNextFileW (in: hFindFile=0x5ff2a8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0192.144] GetCurrentThreadId () returned 0x6f8 [0192.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf7f8d2f0, dwHighDateTime=0x1d6076c)) [0192.144] FindNextFileW (in: hFindFile=0x5ff2a8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0192.144] GetCurrentThreadId () returned 0x6f8 [0192.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7f8d2f0, dwHighDateTime=0x1d6076c)) [0192.144] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c7f9e6, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c7f9e6, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0192.144] GetCurrentThreadId () returned 0x6f8 [0192.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.144] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2db04ce, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2db04ce, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x72ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfol.ico", cAlternateFileName="")) returned 1 [0192.144] GetCurrentThreadId () returned 0x6f8 [0192.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.144] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2ca5b43, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2ca5b43, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c10f535, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x14668, dwReserved0=0x0, dwReserved1=0x0, cFileName="pictures.ico", cAlternateFileName="")) returned 1 [0192.144] GetCurrentThreadId () returned 0x6f8 [0192.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.145] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c59889, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c59889, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1cdc0b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0192.145] GetCurrentThreadId () returned 0x6f8 [0192.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.145] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2cf1dfd, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2cf1dfd, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xcaa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ringtones.ico", cAlternateFileName="")) returned 1 [0192.145] GetCurrentThreadId () returned 0x6f8 [0192.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.145] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d17f5a, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d17f5a, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10850, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.ico", cAlternateFileName="")) returned 1 [0192.145] GetCurrentThreadId () returned 0x6f8 [0192.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.145] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d3e0b7, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d3e0b7, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xc04b, dwReserved0=0x0, dwReserved1=0x0, cFileName="sync.ico", cAlternateFileName="")) returned 1 [0192.145] GetCurrentThreadId () returned 0x6f8 [0192.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.145] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c219ec7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x7c219ec7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x3473, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0192.145] GetCurrentThreadId () returned 0x6f8 [0192.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.145] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 1 [0192.145] GetCurrentThreadId () returned 0x6f8 [0192.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.145] FindNextFileW (in: hFindFile=0x5ff268, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 0 [0192.145] GetCurrentThreadId () returned 0x6f8 [0192.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.145] FindNextFileW (in: hFindFile=0x5ff228, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 1 [0192.145] GetCurrentThreadId () returned 0x6f8 [0192.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.146] GetCurrentThreadId () returned 0x6f8 [0192.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7fb3450, dwHighDateTime=0x1d6076c)) [0192.146] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff2e8 [0192.356] GetCurrentThreadId () returned 0x6f8 [0192.356] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.356] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.356] GetCurrentThreadId () returned 0x6f8 [0192.356] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.356] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0192.356] GetCurrentThreadId () returned 0x6f8 [0192.356] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.356] GetCurrentThreadId () returned 0x6f8 [0192.356] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.356] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff328 [0192.358] GetCurrentThreadId () returned 0x6f8 [0192.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.358] FindNextFileW (in: hFindFile=0x5ff328, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.358] GetCurrentThreadId () returned 0x6f8 [0192.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.358] FindNextFileW (in: hFindFile=0x5ff328, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0192.358] GetCurrentThreadId () returned 0x6f8 [0192.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.358] FindNextFileW (in: hFindFile=0x5ff328, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0192.358] GetCurrentThreadId () returned 0x6f8 [0192.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.358] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78a2eab, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0192.358] GetCurrentThreadId () returned 0x6f8 [0192.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.359] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xe3c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_pref.ico", cAlternateFileName="")) returned 1 [0192.359] GetCurrentThreadId () returned 0x6f8 [0192.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.359] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xebb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_property.ico", cAlternateFileName="")) returned 1 [0192.359] GetCurrentThreadId () returned 0x6f8 [0192.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.359] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f112be3, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f112be3, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7be8cbf, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xdff5, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_queue.ico", cAlternateFileName="")) returned 1 [0192.359] GetCurrentThreadId () returned 0x6f8 [0192.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.359] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xec75, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_.ico", cAlternateFileName="")) returned 1 [0192.359] GetCurrentThreadId () returned 0x6f8 [0192.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.359] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10654, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_property.ico", cAlternateFileName="")) returned 1 [0192.359] GetCurrentThreadId () returned 0x6f8 [0192.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.359] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xf8c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_settings.ico", cAlternateFileName="")) returned 1 [0192.359] GetCurrentThreadId () returned 0x6f8 [0192.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.359] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0192.359] GetCurrentThreadId () returned 0x6f8 [0192.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.359] FindNextFileW (in: hFindFile=0x5ff2e8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 0 [0192.360] GetCurrentThreadId () returned 0x6f8 [0192.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.360] FindNextFileW (in: hFindFile=0x5ff228, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 0 [0192.360] GetCurrentThreadId () returned 0x6f8 [0192.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.360] FindNextFileW (in: hFindFile=0x5ff068, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 0 [0192.360] GetCurrentThreadId () returned 0x6f8 [0192.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.360] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0192.360] GetCurrentThreadId () returned 0x6f8 [0192.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.360] GetCurrentThreadId () returned 0x6f8 [0192.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.360] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\DeviceSync\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff368 [0192.502] GetCurrentThreadId () returned 0x6f8 [0192.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.502] FindNextFileW (in: hFindFile=0x5ff368, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.502] GetCurrentThreadId () returned 0x6f8 [0192.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.502] FindNextFileW (in: hFindFile=0x5ff368, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0192.502] GetCurrentThreadId () returned 0x6f8 [0192.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.502] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DRM", cAlternateFileName="")) returned 1 [0192.502] GetCurrentThreadId () returned 0x6f8 [0192.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.502] GetCurrentThreadId () returned 0x6f8 [0192.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.502] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff3a8 [0192.503] GetCurrentThreadId () returned 0x6f8 [0192.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.503] FindNextFileW (in: hFindFile=0x5ff3a8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.503] GetCurrentThreadId () returned 0x6f8 [0192.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.503] FindNextFileW (in: hFindFile=0x5ff3a8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 1 [0192.503] GetCurrentThreadId () returned 0x6f8 [0192.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf82f9290, dwHighDateTime=0x1d6076c)) [0192.503] GetCurrentThreadId () returned 0x6f8 [0192.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.503] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff3e8 [0192.503] GetCurrentThreadId () returned 0x6f8 [0192.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.503] FindNextFileW (in: hFindFile=0x5ff3e8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.504] GetCurrentThreadId () returned 0x6f8 [0192.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.504] FindNextFileW (in: hFindFile=0x5ff3e8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0192.504] GetCurrentThreadId () returned 0x6f8 [0192.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.504] FindNextFileW (in: hFindFile=0x5ff3a8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 0 [0192.504] GetCurrentThreadId () returned 0x6f8 [0192.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.504] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eHome", cAlternateFileName="")) returned 1 [0192.504] GetCurrentThreadId () returned 0x6f8 [0192.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.504] GetCurrentThreadId () returned 0x6f8 [0192.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.504] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff428 [0192.504] GetCurrentThreadId () returned 0x6f8 [0192.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.504] FindNextFileW (in: hFindFile=0x5ff428, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.504] GetCurrentThreadId () returned 0x6f8 [0192.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.505] FindNextFileW (in: hFindFile=0x5ff428, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 1 [0192.505] GetCurrentThreadId () returned 0x6f8 [0192.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.505] GetCurrentThreadId () returned 0x6f8 [0192.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.505] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff468 [0192.505] GetCurrentThreadId () returned 0x6f8 [0192.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.505] FindNextFileW (in: hFindFile=0x5ff468, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.505] GetCurrentThreadId () returned 0x6f8 [0192.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.505] FindNextFileW (in: hFindFile=0x5ff468, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0192.505] GetCurrentThreadId () returned 0x6f8 [0192.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.505] FindNextFileW (in: hFindFile=0x5ff428, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 0 [0192.505] GetCurrentThreadId () returned 0x6f8 [0192.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.506] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0192.506] GetCurrentThreadId () returned 0x6f8 [0192.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.506] GetCurrentThreadId () returned 0x6f8 [0192.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.506] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff4a8 [0192.510] GetCurrentThreadId () returned 0x6f8 [0192.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.510] FindNextFileW (in: hFindFile=0x5ff4a8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.510] GetCurrentThreadId () returned 0x6f8 [0192.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.510] FindNextFileW (in: hFindFile=0x5ff4a8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Views", cAlternateFileName="")) returned 1 [0192.510] GetCurrentThreadId () returned 0x6f8 [0192.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.510] GetCurrentThreadId () returned 0x6f8 [0192.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.510] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff4e8 [0193.479] GetCurrentThreadId () returned 0x6f8 [0193.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.479] FindNextFileW (in: hFindFile=0x5ff4e8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.479] GetCurrentThreadId () returned 0x6f8 [0193.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.480] FindNextFileW (in: hFindFile=0x5ff4e8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 1 [0193.480] GetCurrentThreadId () returned 0x6f8 [0193.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.480] GetCurrentThreadId () returned 0x6f8 [0193.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.480] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff528 [0193.480] GetCurrentThreadId () returned 0x6f8 [0193.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.480] FindNextFileW (in: hFindFile=0x5ff528, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.480] GetCurrentThreadId () returned 0x6f8 [0193.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.480] FindNextFileW (in: hFindFile=0x5ff528, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0193.480] GetCurrentThreadId () returned 0x6f8 [0193.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.480] FindNextFileW (in: hFindFile=0x5ff4e8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 0 [0193.481] GetCurrentThreadId () returned 0x6f8 [0193.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.481] FindNextFileW (in: hFindFile=0x5ff4a8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Views", cAlternateFileName="")) returned 0 [0193.481] GetCurrentThreadId () returned 0x6f8 [0193.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.481] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0193.481] GetCurrentThreadId () returned 0x6f8 [0193.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.481] GetCurrentThreadId () returned 0x6f8 [0193.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.481] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff568 [0193.481] GetCurrentThreadId () returned 0x6f8 [0193.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.481] FindNextFileW (in: hFindFile=0x5ff568, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.481] GetCurrentThreadId () returned 0x6f8 [0193.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.481] FindNextFileW (in: hFindFile=0x5ff568, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd591378b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd591378b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac29de1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3d00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlconfig.dll", cAlternateFileName="PPCRLC~1.DLL")) returned 1 [0193.481] GetCurrentThreadId () returned 0x6f8 [0193.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.482] FindNextFileW (in: hFindFile=0x5ff568, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 1 [0193.482] GetCurrentThreadId () returned 0x6f8 [0193.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.482] FindNextFileW (in: hFindFile=0x5ff568, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 0 [0193.482] GetCurrentThreadId () returned 0x6f8 [0193.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.482] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0193.482] GetCurrentThreadId () returned 0x6f8 [0193.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.482] GetCurrentThreadId () returned 0x6f8 [0193.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.482] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Media Player\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff5a8 [0193.482] GetCurrentThreadId () returned 0x6f8 [0193.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.482] FindNextFileW (in: hFindFile=0x5ff5a8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.482] GetCurrentThreadId () returned 0x6f8 [0193.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.483] FindNextFileW (in: hFindFile=0x5ff5a8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0193.483] GetCurrentThreadId () returned 0x6f8 [0193.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.483] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MF", cAlternateFileName="")) returned 1 [0193.483] GetCurrentThreadId () returned 0x6f8 [0193.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.483] GetCurrentThreadId () returned 0x6f8 [0193.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.483] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\MF\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff5e8 [0193.483] GetCurrentThreadId () returned 0x6f8 [0193.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.483] FindNextFileW (in: hFindFile=0x5ff5e8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.483] GetCurrentThreadId () returned 0x6f8 [0193.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.483] FindNextFileW (in: hFindFile=0x5ff5e8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Active.GRL", cAlternateFileName="")) returned 1 [0193.483] GetCurrentThreadId () returned 0x6f8 [0193.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.483] FindNextFileW (in: hFindFile=0x5ff5e8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pending.GRL", cAlternateFileName="")) returned 1 [0193.483] GetCurrentThreadId () returned 0x6f8 [0193.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.483] FindNextFileW (in: hFindFile=0x5ff5e8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pending.GRL", cAlternateFileName="")) returned 0 [0193.484] GetCurrentThreadId () returned 0x6f8 [0193.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.484] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSDN", cAlternateFileName="")) returned 1 [0193.484] GetCurrentThreadId () returned 0x6f8 [0193.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.484] GetCurrentThreadId () returned 0x6f8 [0193.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.484] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff628 [0193.485] GetCurrentThreadId () returned 0x6f8 [0193.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.485] FindNextFileW (in: hFindFile=0x5ff628, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.485] GetCurrentThreadId () returned 0x6f8 [0193.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.485] FindNextFileW (in: hFindFile=0x5ff628, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8.0", cAlternateFileName="")) returned 1 [0193.485] GetCurrentThreadId () returned 0x6f8 [0193.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.485] GetCurrentThreadId () returned 0x6f8 [0193.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.485] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff668 [0193.485] GetCurrentThreadId () returned 0x6f8 [0193.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.485] FindNextFileW (in: hFindFile=0x5ff668, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.485] GetCurrentThreadId () returned 0x6f8 [0193.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.485] FindNextFileW (in: hFindFile=0x5ff668, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0193.485] GetCurrentThreadId () returned 0x6f8 [0193.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.486] FindNextFileW (in: hFindFile=0x5ff628, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8.0", cAlternateFileName="")) returned 0 [0193.486] GetCurrentThreadId () returned 0x6f8 [0193.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf8c58930, dwHighDateTime=0x1d6076c)) [0193.486] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFramework", cAlternateFileName="NETFRA~1")) returned 1 [0193.486] GetCurrentThreadId () returned 0x6f8 [0193.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.486] GetCurrentThreadId () returned 0x6f8 [0193.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.486] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6676c8 [0193.487] GetCurrentThreadId () returned 0x6f8 [0193.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.487] FindNextFileW (in: hFindFile=0x6676c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.487] GetCurrentThreadId () returned 0x6f8 [0193.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.487] FindNextFileW (in: hFindFile=0x6676c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 1 [0193.487] GetCurrentThreadId () returned 0x6f8 [0193.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.487] GetCurrentThreadId () returned 0x6f8 [0193.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.488] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0193.488] GetCurrentThreadId () returned 0x6f8 [0193.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.488] FindNextFileW (in: hFindFile=0x6676c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 0 [0193.488] GetCurrentThreadId () returned 0x6f8 [0193.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.488] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0193.488] GetCurrentThreadId () returned 0x6f8 [0193.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.488] GetCurrentThreadId () returned 0x6f8 [0193.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.488] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667708 [0193.489] GetCurrentThreadId () returned 0x6f8 [0193.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.489] FindNextFileW (in: hFindFile=0x667708, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.489] GetCurrentThreadId () returned 0x6f8 [0193.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.489] FindNextFileW (in: hFindFile=0x667708, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0193.489] GetCurrentThreadId () returned 0x6f8 [0193.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.489] GetCurrentThreadId () returned 0x6f8 [0193.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.489] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667748 [0193.489] GetCurrentThreadId () returned 0x6f8 [0193.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.489] FindNextFileW (in: hFindFile=0x667748, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.489] GetCurrentThreadId () returned 0x6f8 [0193.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.489] FindNextFileW (in: hFindFile=0x667748, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0193.489] GetCurrentThreadId () returned 0x6f8 [0193.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.490] FindNextFileW (in: hFindFile=0x667708, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 1 [0193.490] GetCurrentThreadId () returned 0x6f8 [0193.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.490] GetCurrentThreadId () returned 0x6f8 [0193.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.490] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0193.490] GetCurrentThreadId () returned 0x6f8 [0193.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.490] FindNextFileW (in: hFindFile=0x667708, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 0 [0193.490] GetCurrentThreadId () returned 0x6f8 [0193.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.490] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OFFICE", cAlternateFileName="")) returned 1 [0193.490] GetCurrentThreadId () returned 0x6f8 [0193.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.490] GetCurrentThreadId () returned 0x6f8 [0193.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8c7ea90, dwHighDateTime=0x1d6076c)) [0193.490] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667788 [0193.607] GetCurrentThreadId () returned 0x6f8 [0193.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.607] FindNextFileW (in: hFindFile=0x667788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.607] GetCurrentThreadId () returned 0x6f8 [0193.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.607] FindNextFileW (in: hFindFile=0x667788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetLibrary.ico", cAlternateFileName="ASSETL~1.ICO")) returned 1 [0193.608] GetCurrentThreadId () returned 0x6f8 [0193.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.608] FindNextFileW (in: hFindFile=0x667788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="DocumentRepository.ico", cAlternateFileName="DOCUME~1.ICO")) returned 1 [0193.608] GetCurrentThreadId () returned 0x6f8 [0193.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.608] FindNextFileW (in: hFindFile=0x667788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySharePoints.ico", cAlternateFileName="MYSHAR~1.ICO")) returned 1 [0193.608] GetCurrentThreadId () returned 0x6f8 [0193.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.608] FindNextFileW (in: hFindFile=0x667788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySite.ico", cAlternateFileName="")) returned 1 [0193.608] GetCurrentThreadId () returned 0x6f8 [0193.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.608] FindNextFileW (in: hFindFile=0x667788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointPortalSite.ico", cAlternateFileName="SHAREP~1.ICO")) returned 1 [0193.608] GetCurrentThreadId () returned 0x6f8 [0193.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.608] FindNextFileW (in: hFindFile=0x667788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointTeamSite.ico", cAlternateFileName="SHAREP~2.ICO")) returned 1 [0193.608] GetCurrentThreadId () returned 0x6f8 [0193.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.608] FindNextFileW (in: hFindFile=0x667788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 1 [0193.608] GetCurrentThreadId () returned 0x6f8 [0193.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.608] GetCurrentThreadId () returned 0x6f8 [0193.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.608] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6677c8 [0193.610] GetCurrentThreadId () returned 0x6f8 [0193.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.610] FindNextFileW (in: hFindFile=0x6677c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.610] GetCurrentThreadId () returned 0x6f8 [0193.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.610] FindNextFileW (in: hFindFile=0x6677c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1036", cAlternateFileName="")) returned 1 [0193.610] GetCurrentThreadId () returned 0x6f8 [0193.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.610] GetCurrentThreadId () returned 0x6f8 [0193.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf8d89430, dwHighDateTime=0x1d6076c)) [0193.610] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667808 [0194.549] GetCurrentThreadId () returned 0x6f8 [0194.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf969c810, dwHighDateTime=0x1d6076c)) [0194.549] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.752] GetCurrentThreadId () returned 0x6f8 [0194.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.752] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0194.752] GetCurrentThreadId () returned 0x6f8 [0194.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.752] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0194.752] GetCurrentThreadId () returned 0x6f8 [0194.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.752] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0194.752] GetCurrentThreadId () returned 0x6f8 [0194.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.752] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x49f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0194.752] GetCurrentThreadId () returned 0x6f8 [0194.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.752] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0194.752] GetCurrentThreadId () returned 0x6f8 [0194.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.752] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x17960, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0194.752] GetCurrentThreadId () returned 0x6f8 [0194.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.753] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2ced60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0194.753] GetCurrentThreadId () returned 0x6f8 [0194.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.753] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa381000, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xaa381000, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0194.753] GetCurrentThreadId () returned 0x6f8 [0194.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.753] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0194.753] GetCurrentThreadId () returned 0x6f8 [0194.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.753] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3fb60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0194.753] GetCurrentThreadId () returned 0x6f8 [0194.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.753] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x37560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0194.753] GetCurrentThreadId () returned 0x6f8 [0194.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.753] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0xa6560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0194.753] GetCurrentThreadId () returned 0x6f8 [0194.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.753] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0194.753] GetCurrentThreadId () returned 0x6f8 [0194.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.753] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0xcd60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0194.753] GetCurrentThreadId () returned 0x6f8 [0194.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.753] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0x45f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0194.753] GetCurrentThreadId () returned 0x6f8 [0194.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.753] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3b09500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa3b09500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a360, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.754] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x8e160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.754] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749d2200, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x749d2200, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x5ab60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.754] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d7a1200, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6d7a1200, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.754] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8e7d800, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xc8e7d800, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4160, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.754] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.754] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a315700, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a315700, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x77560, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.754] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x25b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.754] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x115b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.754] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b688100, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6b688100, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x25360, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.754] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a375400, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a375400, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x137960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0194.754] GetCurrentThreadId () returned 0x6f8 [0194.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.755] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0194.755] GetCurrentThreadId () returned 0x6f8 [0194.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.755] FindNextFileW (in: hFindFile=0x667808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0194.755] GetCurrentThreadId () returned 0x6f8 [0194.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.755] FindNextFileW (in: hFindFile=0x6677c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 1 [0194.755] GetCurrentThreadId () returned 0x6f8 [0194.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.755] GetCurrentThreadId () returned 0x6f8 [0194.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf97cd310, dwHighDateTime=0x1d6076c)) [0194.755] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667848 [0194.793] GetCurrentThreadId () returned 0x6f8 [0194.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf98195d0, dwHighDateTime=0x1d6076c)) [0194.793] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.796] GetCurrentThreadId () returned 0x6f8 [0194.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.796] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0194.796] GetCurrentThreadId () returned 0x6f8 [0194.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.796] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xb960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0194.796] GetCurrentThreadId () returned 0x6f8 [0194.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.797] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x39960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0194.797] GetCurrentThreadId () returned 0x6f8 [0194.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.797] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x47d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0194.797] GetCurrentThreadId () returned 0x6f8 [0194.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.797] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0194.797] GetCurrentThreadId () returned 0x6f8 [0194.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.797] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x248aaf00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x248aaf00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x16f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0194.797] GetCurrentThreadId () returned 0x6f8 [0194.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.797] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x25bbdc00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x25bbdc00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2b2560, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0194.797] GetCurrentThreadId () returned 0x6f8 [0194.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.797] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3564d600, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3564d600, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0194.797] GetCurrentThreadId () returned 0x6f8 [0194.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.797] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63b88300, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63b88300, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0194.797] GetCurrentThreadId () returned 0x6f8 [0194.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.798] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62875600, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x62875600, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0194.798] GetCurrentThreadId () returned 0x6f8 [0194.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.798] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x35960, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0194.798] GetCurrentThreadId () returned 0x6f8 [0194.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.798] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x9f560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0194.798] GetCurrentThreadId () returned 0x6f8 [0194.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.798] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x315ed100, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x315ed100, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0194.798] GetCurrentThreadId () returned 0x6f8 [0194.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.798] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a4a9400, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1a4a9400, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0xd160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0194.798] GetCurrentThreadId () returned 0x6f8 [0194.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.798] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19196700, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x19196700, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0x43560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0194.798] GetCurrentThreadId () returned 0x6f8 [0194.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.798] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0194.798] GetCurrentThreadId () returned 0x6f8 [0194.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.798] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57655500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x57655500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x87f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0194.798] GetCurrentThreadId () returned 0x6f8 [0194.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.798] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2720b500, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2720b500, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x57f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0194.798] GetCurrentThreadId () returned 0x6f8 [0194.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.798] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94d0df00, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x94d0df00, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0194.798] GetCurrentThreadId () returned 0x6f8 [0194.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.799] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca190500, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xca190500, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0194.799] GetCurrentThreadId () returned 0x6f8 [0194.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.799] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0194.799] GetCurrentThreadId () returned 0x6f8 [0194.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.799] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70273800, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x70273800, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x73960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0194.799] GetCurrentThreadId () returned 0x6f8 [0194.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.799] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1789a00, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa1789a00, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x24360, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0194.799] GetCurrentThreadId () returned 0x6f8 [0194.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.799] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2a9c700, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa2a9c700, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x110b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0194.799] GetCurrentThreadId () returned 0x6f8 [0194.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.799] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x23960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0194.799] GetCurrentThreadId () returned 0x6f8 [0194.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.799] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x126760, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0194.799] GetCurrentThreadId () returned 0x6f8 [0194.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.799] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0194.799] GetCurrentThreadId () returned 0x6f8 [0194.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.799] FindNextFileW (in: hFindFile=0x667848, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0194.799] GetCurrentThreadId () returned 0x6f8 [0194.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.800] FindNextFileW (in: hFindFile=0x6677c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 0 [0194.800] GetCurrentThreadId () returned 0x6f8 [0194.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.800] FindNextFileW (in: hFindFile=0x667788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 0 [0194.800] GetCurrentThreadId () returned 0x6f8 [0194.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.800] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0194.800] GetCurrentThreadId () returned 0x6f8 [0194.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.800] GetCurrentThreadId () returned 0x6f8 [0194.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.800] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667888 [0194.802] GetCurrentThreadId () returned 0x6f8 [0194.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.802] FindNextFileW (in: hFindFile=0x667888, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.802] GetCurrentThreadId () returned 0x6f8 [0194.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.802] FindNextFileW (in: hFindFile=0x667888, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0194.802] GetCurrentThreadId () returned 0x6f8 [0194.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.803] GetCurrentThreadId () returned 0x6f8 [0194.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.803] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6678c8 [0194.806] GetCurrentThreadId () returned 0x6f8 [0194.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.806] FindNextFileW (in: hFindFile=0x6678c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.806] GetCurrentThreadId () returned 0x6f8 [0194.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.807] FindNextFileW (in: hFindFile=0x6678c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 1 [0194.807] GetCurrentThreadId () returned 0x6f8 [0194.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.807] FindNextFileW (in: hFindFile=0x6678c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 0 [0194.807] GetCurrentThreadId () returned 0x6f8 [0194.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.807] FindNextFileW (in: hFindFile=0x667888, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 1 [0194.807] GetCurrentThreadId () returned 0x6f8 [0194.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.807] FindNextFileW (in: hFindFile=0x667888, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 0 [0194.807] GetCurrentThreadId () returned 0x6f8 [0194.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.807] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RAC", cAlternateFileName="")) returned 1 [0194.807] GetCurrentThreadId () returned 0x6f8 [0194.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.807] GetCurrentThreadId () returned 0x6f8 [0194.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.807] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\RAC\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667908 [0194.808] GetCurrentThreadId () returned 0x6f8 [0194.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.808] FindNextFileW (in: hFindFile=0x667908, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.808] GetCurrentThreadId () returned 0x6f8 [0194.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.808] FindNextFileW (in: hFindFile=0x667908, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outbound", cAlternateFileName="")) returned 1 [0194.808] GetCurrentThreadId () returned 0x6f8 [0194.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.808] GetCurrentThreadId () returned 0x6f8 [0194.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf983f730, dwHighDateTime=0x1d6076c)) [0194.808] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667948 [0194.837] GetCurrentThreadId () returned 0x6f8 [0194.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.837] FindNextFileW (in: hFindFile=0x667948, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.839] GetCurrentThreadId () returned 0x6f8 [0194.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.839] FindNextFileW (in: hFindFile=0x667948, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0194.839] GetCurrentThreadId () returned 0x6f8 [0194.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.839] FindNextFileW (in: hFindFile=0x667908, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublishedData", cAlternateFileName="PUBLIS~1")) returned 1 [0194.839] GetCurrentThreadId () returned 0x6f8 [0194.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.839] GetCurrentThreadId () returned 0x6f8 [0194.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.839] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667988 [0194.840] GetCurrentThreadId () returned 0x6f8 [0194.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.840] FindNextFileW (in: hFindFile=0x667988, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.840] GetCurrentThreadId () returned 0x6f8 [0194.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.840] FindNextFileW (in: hFindFile=0x667988, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x964d9ea0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 1 [0194.840] GetCurrentThreadId () returned 0x6f8 [0194.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.840] FindNextFileW (in: hFindFile=0x667988, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x964d9ea0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0194.840] GetCurrentThreadId () returned 0x6f8 [0194.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.840] FindNextFileW (in: hFindFile=0x667908, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StateData", cAlternateFileName="STATED~1")) returned 1 [0194.840] GetCurrentThreadId () returned 0x6f8 [0194.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.840] GetCurrentThreadId () returned 0x6f8 [0194.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9865890, dwHighDateTime=0x1d6076c)) [0194.840] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6679c8 [0194.846] GetCurrentThreadId () returned 0x6f8 [0194.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.846] FindNextFileW (in: hFindFile=0x6679c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.846] GetCurrentThreadId () returned 0x6f8 [0194.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.846] FindNextFileW (in: hFindFile=0x6679c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb35800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xecb35800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xbddb7d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacDatabase.sdf", cAlternateFileName="RACDAT~1.SDF")) returned 1 [0194.846] GetCurrentThreadId () returned 0x6f8 [0194.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.846] FindNextFileW (in: hFindFile=0x6679c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0194.846] GetCurrentThreadId () returned 0x6f8 [0194.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.846] FindNextFileW (in: hFindFile=0x6679c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0194.847] GetCurrentThreadId () returned 0x6f8 [0194.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.847] FindNextFileW (in: hFindFile=0x667908, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x96715340, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x96715340, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0194.847] GetCurrentThreadId () returned 0x6f8 [0194.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.847] FindNextFileW (in: hFindFile=0x667908, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x96715340, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x96715340, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0 [0194.847] GetCurrentThreadId () returned 0x6f8 [0194.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.847] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0194.847] GetCurrentThreadId () returned 0x6f8 [0194.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.847] GetCurrentThreadId () returned 0x6f8 [0194.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.847] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Search\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667a08 [0194.850] GetCurrentThreadId () returned 0x6f8 [0194.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.850] FindNextFileW (in: hFindFile=0x667a08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.850] GetCurrentThreadId () returned 0x6f8 [0194.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.850] FindNextFileW (in: hFindFile=0x667a08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0194.851] GetCurrentThreadId () returned 0x6f8 [0194.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.851] GetCurrentThreadId () returned 0x6f8 [0194.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.851] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Search\\Data\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0194.851] GetCurrentThreadId () returned 0x6f8 [0194.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.851] FindNextFileW (in: hFindFile=0x667a08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 0 [0194.851] GetCurrentThreadId () returned 0x6f8 [0194.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.851] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Account Pictures", cAlternateFileName="USERAC~1")) returned 1 [0194.851] GetCurrentThreadId () returned 0x6f8 [0194.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.851] GetCurrentThreadId () returned 0x6f8 [0194.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.851] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667a48 [0194.852] GetCurrentThreadId () returned 0x6f8 [0194.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.852] FindNextFileW (in: hFindFile=0x667a48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.852] GetCurrentThreadId () returned 0x6f8 [0194.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.852] FindNextFileW (in: hFindFile=0x667a48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29423840, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz.dat", cAlternateFileName="5P5NRG~1.DAT")) returned 1 [0194.852] GetCurrentThreadId () returned 0x6f8 [0194.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.852] FindNextFileW (in: hFindFile=0x667a48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default Pictures", cAlternateFileName="DEFAUL~1")) returned 1 [0194.852] GetCurrentThreadId () returned 0x6f8 [0194.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.852] GetCurrentThreadId () returned 0x6f8 [0194.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.852] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667a88 [0194.855] GetCurrentThreadId () returned 0x6f8 [0194.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.855] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.855] GetCurrentThreadId () returned 0x6f8 [0194.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.855] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xda0a8861, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile10.bmp", cAlternateFileName="")) returned 1 [0194.855] GetCurrentThreadId () returned 0x6f8 [0194.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.855] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp")) returned 0x20 [0194.856] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp", dwFileAttributes=0x80) returned 0 [0194.856] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0194.856] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0194.862] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0194.882] GetCurrentThreadId () returned 0x6f8 [0194.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xf98d7cb0, dwHighDateTime=0x1d6076c)) [0194.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xf98d7cb0, dwHighDateTime=0x1d6076c)) [0194.882] GetCurrentThreadId () returned 0x6f8 [0194.883] CloseHandle (hObject=0x408) returned 1 [0194.883] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp", dwFileAttributes=0x20) returned 0 [0194.883] GetCurrentThreadId () returned 0x6f8 [0194.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xf98d7cb0, dwHighDateTime=0x1d6076c)) [0194.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xf98d7cb0, dwHighDateTime=0x1d6076c)) [0194.883] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp", piIcon=0x4e4efc4) returned 0x2010f [0194.896] GetIconInfo (in: hIcon=0x2010f, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0194.896] CreateFileW (lpFileName="eKAo.ico" (normalized: "c:\\windows\\system32\\ekao.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0194.897] GetObjectA (in: h=0x31050730, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0194.897] GetObjectA (in: h=0x240506a7, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0194.897] CreateCompatibleDC (hdc=0x0) returned 0x3a010731 [0194.897] GetDIBits (in: hdc=0x3a010731, hbm=0x31050730, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0194.897] GetDIBits (in: hdc=0x3a010731, hbm=0x31050730, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0194.897] GetDIBits (in: hdc=0x3a010731, hbm=0x31050730, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0194.897] GetDIBits (in: hdc=0x3a010731, hbm=0x240506a7, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0194.897] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0194.898] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0194.898] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0194.898] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0194.898] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0194.898] DeleteDC (hdc=0x3a010731) returned 1 [0194.899] CloseHandle (hObject=0x408) returned 1 [0194.900] DeleteObject (ho=0x31050730) returned 1 [0194.900] DeleteObject (ho=0x240506a7) returned 1 [0194.900] DestroyCursor (hCursor=0x2010f) returned 1 [0194.900] GetCurrentThreadId () returned 0x6f8 [0194.901] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0194.901] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0194.905] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0194.905] CloseHandle (hObject=0x408) returned 1 [0194.906] GetCurrentThreadId () returned 0x6f8 [0194.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xf9923f70, dwHighDateTime=0x1d6076c)) [0194.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xf9923f70, dwHighDateTime=0x1d6076c)) [0194.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xf9923f70, dwHighDateTime=0x1d6076c)) [0194.924] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x75200000 [0194.978] GetCurrentThreadId () returned 0x6f8 [0194.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xf99bc4f0, dwHighDateTime=0x1d6076c)) [0194.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xf99bc4f0, dwHighDateTime=0x1d6076c)) [0194.978] GetCurrentThreadId () returned 0x6f8 [0194.978] CreateFileW (lpFileName="iAsS.exe" (normalized: "c:\\windows\\system32\\iass.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0194.979] CreateFileW (lpFileName="iAsS.exe" (normalized: "c:\\windows\\system32\\iass.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0194.980] GetCurrentThreadId () returned 0x6f8 [0194.980] GetCurrentThreadId () returned 0x6f8 [0194.980] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xf99bc4f0, dwHighDateTime=0x1d6076c)) [0194.980] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xf99bc4f0, dwHighDateTime=0x1d6076c)) [0194.980] CreateFileW (lpFileName="iAsS.exe" (normalized: "c:\\windows\\system32\\iass.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0194.980] GetCurrentThreadId () returned 0x6f8 [0194.980] BeginUpdateResourceW (pFileName="iAsS.exe" (normalized: "c:\\windows\\system32\\iass.exe"), bDeleteExistingResources=0) returned 0x0 [0194.980] CreateFileW (lpFileName="eKAo.ico" (normalized: "c:\\windows\\system32\\ekao.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0194.980] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0194.981] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0194.981] CloseHandle (hObject=0x408) returned 1 [0194.981] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0194.981] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0194.981] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0194.981] CopyFileW (lpExistingFileName="iAsS.exe" (normalized: "c:\\windows\\system32\\iass.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp.exe"), bFailIfExists=0) returned 0 [0194.981] SetNamedSecurityInfoW () returned 0x2 [0194.982] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp")) returned 0 [0194.982] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0194.982] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0194.982] DeleteFileW (lpFileName="eKAo.ico" (normalized: "c:\\windows\\system32\\ekao.ico")) returned 1 [0194.988] DeleteFileW (lpFileName="iAsS.exe" (normalized: "c:\\windows\\system32\\iass.exe")) returned 0 [0194.988] GetCurrentThreadId () returned 0x6f8 [0194.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xf99e2650, dwHighDateTime=0x1d6076c)) [0194.988] GetCurrentThreadId () returned 0x6f8 [0194.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf99e2650, dwHighDateTime=0x1d6076c)) [0194.988] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb5a2927, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile11.bmp", cAlternateFileName="")) returned 1 [0194.988] GetCurrentThreadId () returned 0x6f8 [0194.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xf99e2650, dwHighDateTime=0x1d6076c)) [0194.988] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp")) returned 0x20 [0194.989] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp", dwFileAttributes=0x80) returned 0 [0194.989] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0194.989] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0194.993] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0194.996] GetCurrentThreadId () returned 0x6f8 [0194.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xf99e2650, dwHighDateTime=0x1d6076c)) [0194.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xf99e2650, dwHighDateTime=0x1d6076c)) [0194.996] GetCurrentThreadId () returned 0x6f8 [0194.996] CloseHandle (hObject=0x408) returned 1 [0194.996] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp", dwFileAttributes=0x20) returned 0 [0194.996] GetCurrentThreadId () returned 0x6f8 [0194.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xf99e2650, dwHighDateTime=0x1d6076c)) [0194.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xf99e2650, dwHighDateTime=0x1d6076c)) [0194.996] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp", piIcon=0x4e4efc4) returned 0x3010f [0195.002] GetIconInfo (in: hIcon=0x3010f, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0195.002] CreateFileW (lpFileName="ywks.ico" (normalized: "c:\\windows\\system32\\ywks.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.003] GetObjectA (in: h=0x35050734, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0195.003] GetObjectA (in: h=0x840501e0, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0195.003] CreateCompatibleDC (hdc=0x0) returned 0xb20101d0 [0195.003] GetDIBits (in: hdc=0xb20101d0, hbm=0x35050734, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0195.003] GetDIBits (in: hdc=0xb20101d0, hbm=0x35050734, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0195.003] GetDIBits (in: hdc=0xb20101d0, hbm=0x35050734, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0195.003] GetDIBits (in: hdc=0xb20101d0, hbm=0x840501e0, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0195.003] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0195.004] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0195.005] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0195.005] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0195.005] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0195.005] DeleteDC (hdc=0xb20101d0) returned 1 [0195.005] CloseHandle (hObject=0x408) returned 1 [0195.014] DeleteObject (ho=0x35050734) returned 1 [0195.014] DeleteObject (ho=0x840501e0) returned 1 [0195.014] DestroyCursor (hCursor=0x3010f) returned 1 [0195.014] GetCurrentThreadId () returned 0x6f8 [0195.014] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.018] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0195.023] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0195.024] CloseHandle (hObject=0x408) returned 1 [0195.024] GetCurrentThreadId () returned 0x6f8 [0195.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xf9a2e910, dwHighDateTime=0x1d6076c)) [0195.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xf9a2e910, dwHighDateTime=0x1d6076c)) [0195.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xf9a2e910, dwHighDateTime=0x1d6076c)) [0195.127] GetCurrentThreadId () returned 0x6f8 [0195.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xf9b392b0, dwHighDateTime=0x1d6076c)) [0195.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xf9b392b0, dwHighDateTime=0x1d6076c)) [0195.127] GetCurrentThreadId () returned 0x6f8 [0195.127] CreateFileW (lpFileName="UoMm.exe" (normalized: "c:\\windows\\system32\\uomm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.128] CreateFileW (lpFileName="UoMm.exe" (normalized: "c:\\windows\\system32\\uomm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.128] GetCurrentThreadId () returned 0x6f8 [0195.128] GetCurrentThreadId () returned 0x6f8 [0195.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xf9b392b0, dwHighDateTime=0x1d6076c)) [0195.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xf9b392b0, dwHighDateTime=0x1d6076c)) [0195.128] CreateFileW (lpFileName="UoMm.exe" (normalized: "c:\\windows\\system32\\uomm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.129] GetCurrentThreadId () returned 0x6f8 [0195.129] BeginUpdateResourceW (pFileName="UoMm.exe" (normalized: "c:\\windows\\system32\\uomm.exe"), bDeleteExistingResources=0) returned 0x0 [0195.129] CreateFileW (lpFileName="ywks.ico" (normalized: "c:\\windows\\system32\\ywks.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0195.129] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0195.129] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0195.129] CloseHandle (hObject=0x408) returned 1 [0195.129] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0195.129] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0195.129] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0195.130] CopyFileW (lpExistingFileName="UoMm.exe" (normalized: "c:\\windows\\system32\\uomm.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp.exe"), bFailIfExists=0) returned 0 [0195.130] SetNamedSecurityInfoW () returned 0x2 [0195.130] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp")) returned 0 [0195.130] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0195.130] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0195.130] DeleteFileW (lpFileName="ywks.ico" (normalized: "c:\\windows\\system32\\ywks.ico")) returned 1 [0195.132] DeleteFileW (lpFileName="UoMm.exe" (normalized: "c:\\windows\\system32\\uomm.exe")) returned 0 [0195.132] GetCurrentThreadId () returned 0x6f8 [0195.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xf9b392b0, dwHighDateTime=0x1d6076c)) [0195.132] GetCurrentThreadId () returned 0x6f8 [0195.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9b392b0, dwHighDateTime=0x1d6076c)) [0195.132] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2755d1, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2755d1, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb6d3417, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile12.bmp", cAlternateFileName="")) returned 1 [0195.132] GetCurrentThreadId () returned 0x6f8 [0195.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xf9b392b0, dwHighDateTime=0x1d6076c)) [0195.132] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp")) returned 0x20 [0195.132] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp", dwFileAttributes=0x80) returned 0 [0195.133] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.133] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0195.137] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0195.218] GetCurrentThreadId () returned 0x6f8 [0195.218] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xf9c1daf0, dwHighDateTime=0x1d6076c)) [0195.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xf9c1daf0, dwHighDateTime=0x1d6076c)) [0195.219] GetCurrentThreadId () returned 0x6f8 [0195.219] CloseHandle (hObject=0x408) returned 1 [0195.219] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp", dwFileAttributes=0x20) returned 0 [0195.219] GetCurrentThreadId () returned 0x6f8 [0195.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xf9c1daf0, dwHighDateTime=0x1d6076c)) [0195.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xf9c1daf0, dwHighDateTime=0x1d6076c)) [0195.219] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp", piIcon=0x4e4efc4) returned 0x8008b [0195.224] GetIconInfo (in: hIcon=0x8008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0195.224] CreateFileW (lpFileName="CCsw.ico" (normalized: "c:\\windows\\system32\\ccsw.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.224] GetObjectA (in: h=0xe0501b3, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0195.224] GetObjectA (in: h=0x90501b8, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0195.225] CreateCompatibleDC (hdc=0x0) returned 0x60101a4 [0195.225] GetDIBits (in: hdc=0x60101a4, hbm=0xe0501b3, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0195.225] GetDIBits (in: hdc=0x60101a4, hbm=0xe0501b3, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0195.225] GetDIBits (in: hdc=0x60101a4, hbm=0xe0501b3, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0195.225] GetDIBits (in: hdc=0x60101a4, hbm=0x90501b8, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0195.225] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0195.226] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0195.226] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0195.226] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0195.226] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0195.226] DeleteDC (hdc=0x60101a4) returned 1 [0195.226] CloseHandle (hObject=0x408) returned 1 [0195.227] DeleteObject (ho=0xe0501b3) returned 1 [0195.227] DeleteObject (ho=0x90501b8) returned 1 [0195.227] DestroyCursor (hCursor=0x8008b) returned 1 [0195.227] GetCurrentThreadId () returned 0x6f8 [0195.227] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.228] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0195.233] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0195.233] CloseHandle (hObject=0x408) returned 1 [0195.233] GetCurrentThreadId () returned 0x6f8 [0195.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xf9c43c50, dwHighDateTime=0x1d6076c)) [0195.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xf9c43c50, dwHighDateTime=0x1d6076c)) [0195.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xf9c43c50, dwHighDateTime=0x1d6076c)) [0195.239] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x76010000 [0195.319] GetCurrentThreadId () returned 0x6f8 [0195.319] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xf9d02330, dwHighDateTime=0x1d6076c)) [0195.319] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xf9d02330, dwHighDateTime=0x1d6076c)) [0195.319] GetCurrentThreadId () returned 0x6f8 [0195.319] CreateFileW (lpFileName="OgAC.exe" (normalized: "c:\\windows\\system32\\ogac.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.321] CreateFileW (lpFileName="OgAC.exe" (normalized: "c:\\windows\\system32\\ogac.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.321] GetCurrentThreadId () returned 0x6f8 [0195.321] GetCurrentThreadId () returned 0x6f8 [0195.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xf9d02330, dwHighDateTime=0x1d6076c)) [0195.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xf9d02330, dwHighDateTime=0x1d6076c)) [0195.322] CreateFileW (lpFileName="OgAC.exe" (normalized: "c:\\windows\\system32\\ogac.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.322] GetCurrentThreadId () returned 0x6f8 [0195.322] BeginUpdateResourceW (pFileName="OgAC.exe" (normalized: "c:\\windows\\system32\\ogac.exe"), bDeleteExistingResources=0) returned 0x0 [0195.322] CreateFileW (lpFileName="CCsw.ico" (normalized: "c:\\windows\\system32\\ccsw.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0195.322] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0195.322] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0195.322] CloseHandle (hObject=0x408) returned 1 [0195.323] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0195.323] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0195.323] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0195.323] CopyFileW (lpExistingFileName="OgAC.exe" (normalized: "c:\\windows\\system32\\ogac.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp.exe"), bFailIfExists=0) returned 0 [0195.323] SetNamedSecurityInfoW () returned 0x2 [0195.323] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp")) returned 0 [0195.324] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0195.324] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0195.324] DeleteFileW (lpFileName="CCsw.ico" (normalized: "c:\\windows\\system32\\ccsw.ico")) returned 1 [0195.326] DeleteFileW (lpFileName="OgAC.exe" (normalized: "c:\\windows\\system32\\ogac.exe")) returned 0 [0195.326] GetCurrentThreadId () returned 0x6f8 [0195.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xf9d02330, dwHighDateTime=0x1d6076c)) [0195.326] GetCurrentThreadId () returned 0x6f8 [0195.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9d02330, dwHighDateTime=0x1d6076c)) [0195.326] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae29b72e, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae29b72e, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb76b98f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xbeb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile13.bmp", cAlternateFileName="")) returned 1 [0195.326] GetCurrentThreadId () returned 0x6f8 [0195.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xf9d02330, dwHighDateTime=0x1d6076c)) [0195.326] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp")) returned 0x20 [0195.326] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp", dwFileAttributes=0x80) returned 0 [0195.326] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.327] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbeb8 [0195.332] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbeb8, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xbeb8, lpOverlapped=0x0) returned 1 [0195.335] GetCurrentThreadId () returned 0x6f8 [0195.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xf9d28490, dwHighDateTime=0x1d6076c)) [0195.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xf9d28490, dwHighDateTime=0x1d6076c)) [0195.335] GetCurrentThreadId () returned 0x6f8 [0195.336] CloseHandle (hObject=0x408) returned 1 [0195.336] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp", dwFileAttributes=0x20) returned 0 [0195.336] GetCurrentThreadId () returned 0x6f8 [0195.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xf9d28490, dwHighDateTime=0x1d6076c)) [0195.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xf9d28490, dwHighDateTime=0x1d6076c)) [0195.336] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp", piIcon=0x4e4efc4) returned 0x9008b [0195.342] GetIconInfo (in: hIcon=0x9008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0195.342] CreateFileW (lpFileName="GCgI.ico" (normalized: "c:\\windows\\system32\\gcgi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.343] GetObjectA (in: h=0x90501a0, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0195.343] GetObjectA (in: h=0xd0501a2, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0195.343] CreateCompatibleDC (hdc=0x0) returned 0xb01019e [0195.343] GetDIBits (in: hdc=0xb01019e, hbm=0x90501a0, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0195.343] GetDIBits (in: hdc=0xb01019e, hbm=0x90501a0, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0195.343] GetDIBits (in: hdc=0xb01019e, hbm=0x90501a0, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0195.343] GetDIBits (in: hdc=0xb01019e, hbm=0xd0501a2, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0195.343] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0195.345] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0195.345] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0195.345] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0195.345] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0195.345] DeleteDC (hdc=0xb01019e) returned 1 [0195.345] CloseHandle (hObject=0x408) returned 1 [0195.357] DeleteObject (ho=0x90501a0) returned 1 [0195.357] DeleteObject (ho=0xd0501a2) returned 1 [0195.357] DestroyCursor (hCursor=0x9008b) returned 1 [0195.357] GetCurrentThreadId () returned 0x6f8 [0195.357] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.357] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbeb8 [0195.364] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbeb8, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xbeb8, lpOverlapped=0x0) returned 1 [0195.364] CloseHandle (hObject=0x408) returned 1 [0195.364] GetCurrentThreadId () returned 0x6f8 [0195.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.483] GetCurrentThreadId () returned 0x6f8 [0195.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xf9ea5250, dwHighDateTime=0x1d6076c)) [0195.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xf9ea5250, dwHighDateTime=0x1d6076c)) [0195.484] GetCurrentThreadId () returned 0x6f8 [0195.484] CreateFileW (lpFileName="akIm.exe" (normalized: "c:\\windows\\system32\\akim.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.485] CreateFileW (lpFileName="akIm.exe" (normalized: "c:\\windows\\system32\\akim.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.486] GetCurrentThreadId () returned 0x6f8 [0195.486] GetCurrentThreadId () returned 0x6f8 [0195.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xf9ea5250, dwHighDateTime=0x1d6076c)) [0195.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xf9ea5250, dwHighDateTime=0x1d6076c)) [0195.486] CreateFileW (lpFileName="akIm.exe" (normalized: "c:\\windows\\system32\\akim.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.486] GetCurrentThreadId () returned 0x6f8 [0195.486] BeginUpdateResourceW (pFileName="akIm.exe" (normalized: "c:\\windows\\system32\\akim.exe"), bDeleteExistingResources=0) returned 0x0 [0195.486] CreateFileW (lpFileName="GCgI.ico" (normalized: "c:\\windows\\system32\\gcgi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0195.486] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0195.487] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0195.487] CloseHandle (hObject=0x408) returned 1 [0195.487] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0195.487] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0195.487] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0195.487] CopyFileW (lpExistingFileName="akIm.exe" (normalized: "c:\\windows\\system32\\akim.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp.exe"), bFailIfExists=0) returned 0 [0195.487] SetNamedSecurityInfoW () returned 0x2 [0195.488] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp")) returned 0 [0195.488] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0195.488] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0195.488] DeleteFileW (lpFileName="GCgI.ico" (normalized: "c:\\windows\\system32\\gcgi.ico")) returned 1 [0195.489] DeleteFileW (lpFileName="akIm.exe" (normalized: "c:\\windows\\system32\\akim.exe")) returned 0 [0195.490] GetCurrentThreadId () returned 0x6f8 [0195.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xf9ea5250, dwHighDateTime=0x1d6076c)) [0195.490] GetCurrentThreadId () returned 0x6f8 [0195.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9ea5250, dwHighDateTime=0x1d6076c)) [0195.490] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb82a065, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile14.bmp", cAlternateFileName="")) returned 1 [0195.490] GetCurrentThreadId () returned 0x6f8 [0195.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xf9ea5250, dwHighDateTime=0x1d6076c)) [0195.490] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp")) returned 0x20 [0195.491] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp", dwFileAttributes=0x80) returned 0 [0195.491] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.491] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0195.497] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0195.500] GetCurrentThreadId () returned 0x6f8 [0195.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xf9ecb3b0, dwHighDateTime=0x1d6076c)) [0195.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xf9ecb3b0, dwHighDateTime=0x1d6076c)) [0195.500] GetCurrentThreadId () returned 0x6f8 [0195.500] CloseHandle (hObject=0x408) returned 1 [0195.500] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp", dwFileAttributes=0x20) returned 0 [0195.501] GetCurrentThreadId () returned 0x6f8 [0195.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xf9ecb3b0, dwHighDateTime=0x1d6076c)) [0195.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xf9ecb3b0, dwHighDateTime=0x1d6076c)) [0195.501] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp", piIcon=0x4e4efc4) returned 0xa008b [0195.506] GetIconInfo (in: hIcon=0xa008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0195.506] CreateFileW (lpFileName="ugow.ico" (normalized: "c:\\windows\\system32\\ugow.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.507] GetObjectA (in: h=0x190501b1, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0195.507] GetObjectA (in: h=0x120501b3, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0195.507] CreateCompatibleDC (hdc=0x0) returned 0xb0101a4 [0195.507] GetDIBits (in: hdc=0xb0101a4, hbm=0x190501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0195.507] GetDIBits (in: hdc=0xb0101a4, hbm=0x190501b1, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0195.507] GetDIBits (in: hdc=0xb0101a4, hbm=0x190501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0195.507] GetDIBits (in: hdc=0xb0101a4, hbm=0x120501b3, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0195.507] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0195.508] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0195.508] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0195.509] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0195.509] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0195.509] DeleteDC (hdc=0xb0101a4) returned 1 [0195.509] CloseHandle (hObject=0x408) returned 1 [0195.513] DeleteObject (ho=0x190501b1) returned 1 [0195.513] DeleteObject (ho=0x120501b3) returned 1 [0195.513] DestroyCursor (hCursor=0xa008b) returned 1 [0195.513] GetCurrentThreadId () returned 0x6f8 [0195.513] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.513] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0195.518] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0195.518] CloseHandle (hObject=0x408) returned 1 [0195.519] GetCurrentThreadId () returned 0x6f8 [0195.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xf9ef1510, dwHighDateTime=0x1d6076c)) [0195.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xf9ef1510, dwHighDateTime=0x1d6076c)) [0195.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xf9ef1510, dwHighDateTime=0x1d6076c)) [0195.621] GetCurrentThreadId () returned 0x6f8 [0195.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xf9fd5d50, dwHighDateTime=0x1d6076c)) [0195.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xf9fd5d50, dwHighDateTime=0x1d6076c)) [0195.622] GetCurrentThreadId () returned 0x6f8 [0195.622] CreateFileW (lpFileName="uQQI.exe" (normalized: "c:\\windows\\system32\\uqqi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.622] CreateFileW (lpFileName="uQQI.exe" (normalized: "c:\\windows\\system32\\uqqi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.622] GetCurrentThreadId () returned 0x6f8 [0195.623] GetCurrentThreadId () returned 0x6f8 [0195.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xf9fd5d50, dwHighDateTime=0x1d6076c)) [0195.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xf9fd5d50, dwHighDateTime=0x1d6076c)) [0195.623] CreateFileW (lpFileName="uQQI.exe" (normalized: "c:\\windows\\system32\\uqqi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.623] GetCurrentThreadId () returned 0x6f8 [0195.623] BeginUpdateResourceW (pFileName="uQQI.exe" (normalized: "c:\\windows\\system32\\uqqi.exe"), bDeleteExistingResources=0) returned 0x0 [0195.623] CreateFileW (lpFileName="ugow.ico" (normalized: "c:\\windows\\system32\\ugow.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0195.624] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0195.624] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0195.624] CloseHandle (hObject=0x408) returned 1 [0195.624] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0195.625] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0195.625] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0195.625] CopyFileW (lpExistingFileName="uQQI.exe" (normalized: "c:\\windows\\system32\\uqqi.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp.exe"), bFailIfExists=0) returned 0 [0195.625] SetNamedSecurityInfoW () returned 0x2 [0195.625] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp")) returned 0 [0195.625] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0195.625] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0195.626] DeleteFileW (lpFileName="ugow.ico" (normalized: "c:\\windows\\system32\\ugow.ico")) returned 1 [0195.627] DeleteFileW (lpFileName="uQQI.exe" (normalized: "c:\\windows\\system32\\uqqi.exe")) returned 0 [0195.627] GetCurrentThreadId () returned 0x6f8 [0195.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xf9ffbeb0, dwHighDateTime=0x1d6076c)) [0195.627] GetCurrentThreadId () returned 0x6f8 [0195.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xf9ffbeb0, dwHighDateTime=0x1d6076c)) [0195.627] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdbb95fd7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile15.bmp", cAlternateFileName="")) returned 1 [0195.627] GetCurrentThreadId () returned 0x6f8 [0195.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xf9ffbeb0, dwHighDateTime=0x1d6076c)) [0195.627] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp")) returned 0x20 [0195.628] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp", dwFileAttributes=0x80) returned 0 [0195.628] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.628] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0195.632] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0195.678] GetCurrentThreadId () returned 0x6f8 [0195.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa06e2d0, dwHighDateTime=0x1d6076c)) [0195.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa06e2d0, dwHighDateTime=0x1d6076c)) [0195.678] GetCurrentThreadId () returned 0x6f8 [0195.678] CloseHandle (hObject=0x408) returned 1 [0195.678] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp", dwFileAttributes=0x20) returned 0 [0195.678] GetCurrentThreadId () returned 0x6f8 [0195.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa06e2d0, dwHighDateTime=0x1d6076c)) [0195.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa06e2d0, dwHighDateTime=0x1d6076c)) [0195.679] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp", piIcon=0x4e4efc4) returned 0xb008b [0195.684] GetIconInfo (in: hIcon=0xb008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0195.684] CreateFileW (lpFileName="cAIs.ico" (normalized: "c:\\windows\\system32\\cais.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.685] GetObjectA (in: h=0x100501b8, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0195.685] GetObjectA (in: h=0xd0501a0, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0195.685] CreateCompatibleDC (hdc=0x0) returned 0x1001019e [0195.685] GetDIBits (in: hdc=0x1001019e, hbm=0x100501b8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0195.685] GetDIBits (in: hdc=0x1001019e, hbm=0x100501b8, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0195.685] GetDIBits (in: hdc=0x1001019e, hbm=0x100501b8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0195.686] GetDIBits (in: hdc=0x1001019e, hbm=0xd0501a0, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0195.686] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0195.687] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0195.688] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0195.688] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0195.688] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0195.688] DeleteDC (hdc=0x1001019e) returned 1 [0195.688] CloseHandle (hObject=0x408) returned 1 [0195.689] DeleteObject (ho=0x100501b8) returned 1 [0195.689] DeleteObject (ho=0xd0501a0) returned 1 [0195.689] DestroyCursor (hCursor=0xb008b) returned 1 [0195.689] GetCurrentThreadId () returned 0x6f8 [0195.689] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.689] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0195.694] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0195.694] CloseHandle (hObject=0x408) returned 1 [0195.694] GetCurrentThreadId () returned 0x6f8 [0195.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa094430, dwHighDateTime=0x1d6076c)) [0195.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa094430, dwHighDateTime=0x1d6076c)) [0195.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfa094430, dwHighDateTime=0x1d6076c)) [0195.902] GetCurrentThreadId () returned 0x6f8 [0195.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfa283610, dwHighDateTime=0x1d6076c)) [0195.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfa283610, dwHighDateTime=0x1d6076c)) [0195.903] GetCurrentThreadId () returned 0x6f8 [0195.903] CreateFileW (lpFileName="mUQY.exe" (normalized: "c:\\windows\\system32\\muqy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.903] CreateFileW (lpFileName="mUQY.exe" (normalized: "c:\\windows\\system32\\muqy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.904] GetCurrentThreadId () returned 0x6f8 [0195.904] GetCurrentThreadId () returned 0x6f8 [0195.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfa2a9770, dwHighDateTime=0x1d6076c)) [0195.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfa2a9770, dwHighDateTime=0x1d6076c)) [0195.904] CreateFileW (lpFileName="mUQY.exe" (normalized: "c:\\windows\\system32\\muqy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0195.904] GetCurrentThreadId () returned 0x6f8 [0195.904] BeginUpdateResourceW (pFileName="mUQY.exe" (normalized: "c:\\windows\\system32\\muqy.exe"), bDeleteExistingResources=0) returned 0x0 [0195.904] CreateFileW (lpFileName="cAIs.ico" (normalized: "c:\\windows\\system32\\cais.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0195.905] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0195.905] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0195.905] CloseHandle (hObject=0x408) returned 1 [0195.905] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0195.905] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0195.905] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0195.905] CopyFileW (lpExistingFileName="mUQY.exe" (normalized: "c:\\windows\\system32\\muqy.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp.exe"), bFailIfExists=0) returned 0 [0195.906] SetNamedSecurityInfoW () returned 0x2 [0195.906] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp")) returned 0 [0195.906] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0195.906] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0195.906] DeleteFileW (lpFileName="cAIs.ico" (normalized: "c:\\windows\\system32\\cais.ico")) returned 1 [0195.907] DeleteFileW (lpFileName="mUQY.exe" (normalized: "c:\\windows\\system32\\muqy.exe")) returned 0 [0195.908] GetCurrentThreadId () returned 0x6f8 [0195.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfa2a9770, dwHighDateTime=0x1d6076c)) [0195.908] GetCurrentThreadId () returned 0x6f8 [0195.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfa2a9770, dwHighDateTime=0x1d6076c)) [0195.908] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae30db45, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae30db45, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdca9c9ed, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile16.bmp", cAlternateFileName="")) returned 1 [0195.908] GetCurrentThreadId () returned 0x6f8 [0195.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfa2a9770, dwHighDateTime=0x1d6076c)) [0195.908] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp")) returned 0x20 [0195.908] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp", dwFileAttributes=0x80) returned 0 [0195.908] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.908] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0195.913] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0195.915] GetCurrentThreadId () returned 0x6f8 [0195.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa2a9770, dwHighDateTime=0x1d6076c)) [0195.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa2a9770, dwHighDateTime=0x1d6076c)) [0195.915] GetCurrentThreadId () returned 0x6f8 [0195.916] CloseHandle (hObject=0x408) returned 1 [0195.916] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp", dwFileAttributes=0x20) returned 0 [0195.916] GetCurrentThreadId () returned 0x6f8 [0195.916] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa2a9770, dwHighDateTime=0x1d6076c)) [0195.916] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa2a9770, dwHighDateTime=0x1d6076c)) [0195.916] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp", piIcon=0x4e4efc4) returned 0xc008b [0195.922] GetIconInfo (in: hIcon=0xc008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0195.922] CreateFileW (lpFileName="YgMU.ico" (normalized: "c:\\windows\\system32\\ygmu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.925] GetObjectA (in: h=0x140501a2, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0195.925] GetObjectA (in: h=0x1d0501b1, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0195.925] CreateCompatibleDC (hdc=0x0) returned 0x100101a4 [0195.925] GetDIBits (in: hdc=0x100101a4, hbm=0x140501a2, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0195.925] GetDIBits (in: hdc=0x100101a4, hbm=0x140501a2, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0195.925] GetDIBits (in: hdc=0x100101a4, hbm=0x140501a2, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0195.925] GetDIBits (in: hdc=0x100101a4, hbm=0x1d0501b1, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0195.925] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0195.926] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0195.927] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0195.927] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0195.927] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0195.927] DeleteDC (hdc=0x100101a4) returned 1 [0195.927] CloseHandle (hObject=0x408) returned 1 [0195.931] DeleteObject (ho=0x140501a2) returned 1 [0195.931] DeleteObject (ho=0x1d0501b1) returned 1 [0195.931] DestroyCursor (hCursor=0xc008b) returned 1 [0195.931] GetCurrentThreadId () returned 0x6f8 [0195.932] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0195.932] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0195.952] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0195.952] CloseHandle (hObject=0x408) returned 1 [0195.953] GetCurrentThreadId () returned 0x6f8 [0195.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa31bb90, dwHighDateTime=0x1d6076c)) [0195.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa31bb90, dwHighDateTime=0x1d6076c)) [0195.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfa31bb90, dwHighDateTime=0x1d6076c)) [0196.066] GetCurrentThreadId () returned 0x6f8 [0196.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfa426530, dwHighDateTime=0x1d6076c)) [0196.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfa426530, dwHighDateTime=0x1d6076c)) [0196.066] GetCurrentThreadId () returned 0x6f8 [0196.066] CreateFileW (lpFileName="IAQK.exe" (normalized: "c:\\windows\\system32\\iaqk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.067] CreateFileW (lpFileName="IAQK.exe" (normalized: "c:\\windows\\system32\\iaqk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.067] GetCurrentThreadId () returned 0x6f8 [0196.067] GetCurrentThreadId () returned 0x6f8 [0196.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfa426530, dwHighDateTime=0x1d6076c)) [0196.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfa426530, dwHighDateTime=0x1d6076c)) [0196.067] CreateFileW (lpFileName="IAQK.exe" (normalized: "c:\\windows\\system32\\iaqk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.068] GetCurrentThreadId () returned 0x6f8 [0196.068] BeginUpdateResourceW (pFileName="IAQK.exe" (normalized: "c:\\windows\\system32\\iaqk.exe"), bDeleteExistingResources=0) returned 0x0 [0196.068] CreateFileW (lpFileName="YgMU.ico" (normalized: "c:\\windows\\system32\\ygmu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0196.068] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0196.068] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0196.068] CloseHandle (hObject=0x408) returned 1 [0196.068] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0196.068] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0196.068] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0196.069] CopyFileW (lpExistingFileName="IAQK.exe" (normalized: "c:\\windows\\system32\\iaqk.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp.exe"), bFailIfExists=0) returned 0 [0196.069] SetNamedSecurityInfoW () returned 0x2 [0196.069] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp")) returned 0 [0196.069] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0196.069] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0196.069] DeleteFileW (lpFileName="YgMU.ico" (normalized: "c:\\windows\\system32\\ygmu.ico")) returned 1 [0196.071] DeleteFileW (lpFileName="IAQK.exe" (normalized: "c:\\windows\\system32\\iaqk.exe")) returned 0 [0196.071] GetCurrentThreadId () returned 0x6f8 [0196.071] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfa426530, dwHighDateTime=0x1d6076c)) [0196.071] GetCurrentThreadId () returned 0x6f8 [0196.071] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfa426530, dwHighDateTime=0x1d6076c)) [0196.071] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc3f8f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile17.bmp", cAlternateFileName="")) returned 1 [0196.071] GetCurrentThreadId () returned 0x6f8 [0196.071] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfa426530, dwHighDateTime=0x1d6076c)) [0196.071] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp")) returned 0x20 [0196.071] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp", dwFileAttributes=0x80) returned 0 [0196.072] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.072] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.076] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0196.105] GetCurrentThreadId () returned 0x6f8 [0196.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa4727f0, dwHighDateTime=0x1d6076c)) [0196.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa4727f0, dwHighDateTime=0x1d6076c)) [0196.105] GetCurrentThreadId () returned 0x6f8 [0196.105] CloseHandle (hObject=0x408) returned 1 [0196.105] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp", dwFileAttributes=0x20) returned 0 [0196.106] GetCurrentThreadId () returned 0x6f8 [0196.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa4727f0, dwHighDateTime=0x1d6076c)) [0196.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa4727f0, dwHighDateTime=0x1d6076c)) [0196.106] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp", piIcon=0x4e4efc4) returned 0xd008b [0196.112] GetIconInfo (in: hIcon=0xd008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0196.112] CreateFileW (lpFileName="OAkA.ico" (normalized: "c:\\windows\\system32\\oaka.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.112] GetObjectA (in: h=0x190501b3, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0196.113] GetObjectA (in: h=0x140501b8, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0196.113] CreateCompatibleDC (hdc=0x0) returned 0x1501019e [0196.113] GetDIBits (in: hdc=0x1501019e, hbm=0x190501b3, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0196.113] GetDIBits (in: hdc=0x1501019e, hbm=0x190501b3, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0196.113] GetDIBits (in: hdc=0x1501019e, hbm=0x190501b3, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0196.113] GetDIBits (in: hdc=0x1501019e, hbm=0x140501b8, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0196.113] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0196.114] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0196.114] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0196.114] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0196.115] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0196.115] DeleteDC (hdc=0x1501019e) returned 1 [0196.115] CloseHandle (hObject=0x408) returned 1 [0196.116] DeleteObject (ho=0x190501b3) returned 1 [0196.116] DeleteObject (ho=0x140501b8) returned 1 [0196.116] DestroyCursor (hCursor=0xd008b) returned 1 [0196.116] GetCurrentThreadId () returned 0x6f8 [0196.116] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.116] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.121] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0196.121] CloseHandle (hObject=0x408) returned 1 [0196.121] GetCurrentThreadId () returned 0x6f8 [0196.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa498950, dwHighDateTime=0x1d6076c)) [0196.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa498950, dwHighDateTime=0x1d6076c)) [0196.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfa498950, dwHighDateTime=0x1d6076c)) [0196.304] GetCurrentThreadId () returned 0x6f8 [0196.304] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfa6619d0, dwHighDateTime=0x1d6076c)) [0196.304] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfa6619d0, dwHighDateTime=0x1d6076c)) [0196.304] GetCurrentThreadId () returned 0x6f8 [0196.304] CreateFileW (lpFileName="sYIe.exe" (normalized: "c:\\windows\\system32\\syie.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.306] CreateFileW (lpFileName="sYIe.exe" (normalized: "c:\\windows\\system32\\syie.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.306] GetCurrentThreadId () returned 0x6f8 [0196.306] GetCurrentThreadId () returned 0x6f8 [0196.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfa6619d0, dwHighDateTime=0x1d6076c)) [0196.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfa6619d0, dwHighDateTime=0x1d6076c)) [0196.306] CreateFileW (lpFileName="sYIe.exe" (normalized: "c:\\windows\\system32\\syie.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.306] GetCurrentThreadId () returned 0x6f8 [0196.306] BeginUpdateResourceW (pFileName="sYIe.exe" (normalized: "c:\\windows\\system32\\syie.exe"), bDeleteExistingResources=0) returned 0x0 [0196.307] CreateFileW (lpFileName="OAkA.ico" (normalized: "c:\\windows\\system32\\oaka.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0196.307] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0196.307] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0196.308] CloseHandle (hObject=0x408) returned 1 [0196.308] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0196.308] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0196.308] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0196.308] CopyFileW (lpExistingFileName="sYIe.exe" (normalized: "c:\\windows\\system32\\syie.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp.exe"), bFailIfExists=0) returned 0 [0196.309] SetNamedSecurityInfoW () returned 0x2 [0196.309] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp")) returned 0 [0196.309] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0196.309] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0196.309] DeleteFileW (lpFileName="OAkA.ico" (normalized: "c:\\windows\\system32\\oaka.ico")) returned 1 [0196.311] DeleteFileW (lpFileName="sYIe.exe" (normalized: "c:\\windows\\system32\\syie.exe")) returned 0 [0196.311] GetCurrentThreadId () returned 0x6f8 [0196.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfa687b30, dwHighDateTime=0x1d6076c)) [0196.311] GetCurrentThreadId () returned 0x6f8 [0196.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfa687b30, dwHighDateTime=0x1d6076c)) [0196.311] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc65a55, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile18.bmp", cAlternateFileName="")) returned 1 [0196.311] GetCurrentThreadId () returned 0x6f8 [0196.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfa687b30, dwHighDateTime=0x1d6076c)) [0196.311] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp")) returned 0x20 [0196.312] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp", dwFileAttributes=0x80) returned 0 [0196.312] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.313] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.318] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0196.321] GetCurrentThreadId () returned 0x6f8 [0196.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa687b30, dwHighDateTime=0x1d6076c)) [0196.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa687b30, dwHighDateTime=0x1d6076c)) [0196.321] GetCurrentThreadId () returned 0x6f8 [0196.321] CloseHandle (hObject=0x408) returned 1 [0196.321] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp", dwFileAttributes=0x20) returned 0 [0196.321] GetCurrentThreadId () returned 0x6f8 [0196.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa687b30, dwHighDateTime=0x1d6076c)) [0196.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa687b30, dwHighDateTime=0x1d6076c)) [0196.321] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp", piIcon=0x4e4efc4) returned 0xe008b [0196.326] GetIconInfo (in: hIcon=0xe008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0196.327] CreateFileW (lpFileName="wGMY.ico" (normalized: "c:\\windows\\system32\\wgmy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.327] GetObjectA (in: h=0x140501a0, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0196.327] GetObjectA (in: h=0x180501a2, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0196.327] CreateCompatibleDC (hdc=0x0) returned 0x150101a4 [0196.327] GetDIBits (in: hdc=0x150101a4, hbm=0x140501a0, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0196.327] GetDIBits (in: hdc=0x150101a4, hbm=0x140501a0, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0196.327] GetDIBits (in: hdc=0x150101a4, hbm=0x140501a0, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0196.327] GetDIBits (in: hdc=0x150101a4, hbm=0x180501a2, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0196.328] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0196.329] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0196.329] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0196.329] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0196.329] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0196.329] DeleteDC (hdc=0x150101a4) returned 1 [0196.329] CloseHandle (hObject=0x408) returned 1 [0196.330] DeleteObject (ho=0x140501a0) returned 1 [0196.330] DeleteObject (ho=0x180501a2) returned 1 [0196.330] DestroyCursor (hCursor=0xe008b) returned 1 [0196.330] GetCurrentThreadId () returned 0x6f8 [0196.330] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.330] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.336] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0196.336] CloseHandle (hObject=0x408) returned 1 [0196.336] GetCurrentThreadId () returned 0x6f8 [0196.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa6adc90, dwHighDateTime=0x1d6076c)) [0196.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa6adc90, dwHighDateTime=0x1d6076c)) [0196.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfa6adc90, dwHighDateTime=0x1d6076c)) [0196.422] GetCurrentThreadId () returned 0x6f8 [0196.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfa7924d0, dwHighDateTime=0x1d6076c)) [0196.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfa7924d0, dwHighDateTime=0x1d6076c)) [0196.422] GetCurrentThreadId () returned 0x6f8 [0196.423] CreateFileW (lpFileName="qAkG.exe" (normalized: "c:\\windows\\system32\\qakg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.423] CreateFileW (lpFileName="qAkG.exe" (normalized: "c:\\windows\\system32\\qakg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.424] GetCurrentThreadId () returned 0x6f8 [0196.424] GetCurrentThreadId () returned 0x6f8 [0196.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfa7924d0, dwHighDateTime=0x1d6076c)) [0196.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfa7924d0, dwHighDateTime=0x1d6076c)) [0196.424] CreateFileW (lpFileName="qAkG.exe" (normalized: "c:\\windows\\system32\\qakg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.424] GetCurrentThreadId () returned 0x6f8 [0196.424] BeginUpdateResourceW (pFileName="qAkG.exe" (normalized: "c:\\windows\\system32\\qakg.exe"), bDeleteExistingResources=0) returned 0x0 [0196.425] CreateFileW (lpFileName="wGMY.ico" (normalized: "c:\\windows\\system32\\wgmy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0196.425] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0196.425] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0196.425] CloseHandle (hObject=0x408) returned 1 [0196.425] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0196.425] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0196.425] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0196.425] CopyFileW (lpExistingFileName="qAkG.exe" (normalized: "c:\\windows\\system32\\qakg.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp.exe"), bFailIfExists=0) returned 0 [0196.425] SetNamedSecurityInfoW () returned 0x2 [0196.426] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp")) returned 0 [0196.426] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0196.426] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0196.426] DeleteFileW (lpFileName="wGMY.ico" (normalized: "c:\\windows\\system32\\wgmy.ico")) returned 1 [0196.427] DeleteFileW (lpFileName="qAkG.exe" (normalized: "c:\\windows\\system32\\qakg.exe")) returned 0 [0196.427] GetCurrentThreadId () returned 0x6f8 [0196.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfa7924d0, dwHighDateTime=0x1d6076c)) [0196.427] GetCurrentThreadId () returned 0x6f8 [0196.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfa7924d0, dwHighDateTime=0x1d6076c)) [0196.427] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae359dff, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae359dff, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc8bbb3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile19.bmp", cAlternateFileName="")) returned 1 [0196.427] GetCurrentThreadId () returned 0x6f8 [0196.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfa7924d0, dwHighDateTime=0x1d6076c)) [0196.427] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp")) returned 0x20 [0196.428] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp", dwFileAttributes=0x80) returned 0 [0196.428] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.428] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.432] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0196.434] GetCurrentThreadId () returned 0x6f8 [0196.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa7b8630, dwHighDateTime=0x1d6076c)) [0196.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa7b8630, dwHighDateTime=0x1d6076c)) [0196.435] GetCurrentThreadId () returned 0x6f8 [0196.435] CloseHandle (hObject=0x408) returned 1 [0196.435] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp", dwFileAttributes=0x20) returned 0 [0196.435] GetCurrentThreadId () returned 0x6f8 [0196.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa7b8630, dwHighDateTime=0x1d6076c)) [0196.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa7b8630, dwHighDateTime=0x1d6076c)) [0196.435] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp", piIcon=0x4e4efc4) returned 0xf008b [0196.440] GetIconInfo (in: hIcon=0xf008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0196.440] CreateFileW (lpFileName="OUYk.ico" (normalized: "c:\\windows\\system32\\ouyk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.441] GetObjectA (in: h=0x240501b1, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0196.441] GetObjectA (in: h=0x1d0501b3, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0196.441] CreateCompatibleDC (hdc=0x0) returned 0x1a01019e [0196.441] GetDIBits (in: hdc=0x1a01019e, hbm=0x240501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0196.441] GetDIBits (in: hdc=0x1a01019e, hbm=0x240501b1, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0196.441] GetDIBits (in: hdc=0x1a01019e, hbm=0x240501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0196.441] GetDIBits (in: hdc=0x1a01019e, hbm=0x1d0501b3, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0196.441] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0196.442] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0196.442] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0196.442] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0196.443] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0196.443] DeleteDC (hdc=0x1a01019e) returned 1 [0196.443] CloseHandle (hObject=0x408) returned 1 [0196.446] DeleteObject (ho=0x240501b1) returned 1 [0196.446] DeleteObject (ho=0x1d0501b3) returned 1 [0196.446] DestroyCursor (hCursor=0xf008b) returned 1 [0196.446] GetCurrentThreadId () returned 0x6f8 [0196.446] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.447] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.451] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0196.451] CloseHandle (hObject=0x408) returned 1 [0196.452] GetCurrentThreadId () returned 0x6f8 [0196.452] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa7de790, dwHighDateTime=0x1d6076c)) [0196.452] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa7de790, dwHighDateTime=0x1d6076c)) [0196.452] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfa7de790, dwHighDateTime=0x1d6076c)) [0196.561] GetCurrentThreadId () returned 0x6f8 [0196.561] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfa8e9130, dwHighDateTime=0x1d6076c)) [0196.561] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfa8e9130, dwHighDateTime=0x1d6076c)) [0196.561] GetCurrentThreadId () returned 0x6f8 [0196.561] CreateFileW (lpFileName="MIYi.exe" (normalized: "c:\\windows\\system32\\miyi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.562] CreateFileW (lpFileName="MIYi.exe" (normalized: "c:\\windows\\system32\\miyi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.562] GetCurrentThreadId () returned 0x6f8 [0196.562] GetCurrentThreadId () returned 0x6f8 [0196.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfa8e9130, dwHighDateTime=0x1d6076c)) [0196.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfa8e9130, dwHighDateTime=0x1d6076c)) [0196.562] CreateFileW (lpFileName="MIYi.exe" (normalized: "c:\\windows\\system32\\miyi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.562] GetCurrentThreadId () returned 0x6f8 [0196.562] BeginUpdateResourceW (pFileName="MIYi.exe" (normalized: "c:\\windows\\system32\\miyi.exe"), bDeleteExistingResources=0) returned 0x0 [0196.562] CreateFileW (lpFileName="OUYk.ico" (normalized: "c:\\windows\\system32\\ouyk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0196.563] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0196.563] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0196.563] CloseHandle (hObject=0x408) returned 1 [0196.563] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0196.563] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0196.563] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0196.563] CopyFileW (lpExistingFileName="MIYi.exe" (normalized: "c:\\windows\\system32\\miyi.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp.exe"), bFailIfExists=0) returned 0 [0196.564] SetNamedSecurityInfoW () returned 0x2 [0196.564] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp")) returned 0 [0196.564] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0196.564] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0196.564] DeleteFileW (lpFileName="OUYk.ico" (normalized: "c:\\windows\\system32\\ouyk.ico")) returned 1 [0196.566] DeleteFileW (lpFileName="MIYi.exe" (normalized: "c:\\windows\\system32\\miyi.exe")) returned 0 [0196.566] GetCurrentThreadId () returned 0x6f8 [0196.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfa8e9130, dwHighDateTime=0x1d6076c)) [0196.566] GetCurrentThreadId () returned 0x6f8 [0196.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfa8e9130, dwHighDateTime=0x1d6076c)) [0196.566] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae37ff5c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae37ff5c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdccb1d11, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile20.bmp", cAlternateFileName="")) returned 1 [0196.566] GetCurrentThreadId () returned 0x6f8 [0196.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfa8e9130, dwHighDateTime=0x1d6076c)) [0196.566] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp")) returned 0x20 [0196.566] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp", dwFileAttributes=0x80) returned 0 [0196.566] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.566] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.571] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0196.574] GetCurrentThreadId () returned 0x6f8 [0196.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa8e9130, dwHighDateTime=0x1d6076c)) [0196.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfa8e9130, dwHighDateTime=0x1d6076c)) [0196.574] GetCurrentThreadId () returned 0x6f8 [0196.575] CloseHandle (hObject=0x408) returned 1 [0196.575] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp", dwFileAttributes=0x20) returned 0 [0196.575] GetCurrentThreadId () returned 0x6f8 [0196.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa90f290, dwHighDateTime=0x1d6076c)) [0196.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfa90f290, dwHighDateTime=0x1d6076c)) [0196.575] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp", piIcon=0x4e4efc4) returned 0x10008b [0196.581] GetIconInfo (in: hIcon=0x10008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0196.581] CreateFileW (lpFileName="WWIM.ico" (normalized: "c:\\windows\\system32\\wwim.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.582] GetObjectA (in: h=0x1b0501b8, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0196.582] GetObjectA (in: h=0x180501a0, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0196.582] CreateCompatibleDC (hdc=0x0) returned 0x1a0101a4 [0196.582] GetDIBits (in: hdc=0x1a0101a4, hbm=0x1b0501b8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0196.582] GetDIBits (in: hdc=0x1a0101a4, hbm=0x1b0501b8, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0196.582] GetDIBits (in: hdc=0x1a0101a4, hbm=0x1b0501b8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0196.582] GetDIBits (in: hdc=0x1a0101a4, hbm=0x180501a0, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0196.582] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0196.584] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0196.584] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0196.584] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0196.584] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0196.584] DeleteDC (hdc=0x1a0101a4) returned 1 [0196.584] CloseHandle (hObject=0x408) returned 1 [0196.588] DeleteObject (ho=0x1b0501b8) returned 1 [0196.588] DeleteObject (ho=0x180501a0) returned 1 [0196.588] DestroyCursor (hCursor=0x10008b) returned 1 [0196.588] GetCurrentThreadId () returned 0x6f8 [0196.588] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.588] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.593] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0196.593] CloseHandle (hObject=0x408) returned 1 [0196.594] GetCurrentThreadId () returned 0x6f8 [0196.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa9353f0, dwHighDateTime=0x1d6076c)) [0196.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfa9353f0, dwHighDateTime=0x1d6076c)) [0196.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfa9353f0, dwHighDateTime=0x1d6076c)) [0196.728] GetCurrentThreadId () returned 0x6f8 [0196.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfaa65ef0, dwHighDateTime=0x1d6076c)) [0196.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfaa65ef0, dwHighDateTime=0x1d6076c)) [0196.728] GetCurrentThreadId () returned 0x6f8 [0196.728] CreateFileW (lpFileName="igYm.exe" (normalized: "c:\\windows\\system32\\igym.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.729] CreateFileW (lpFileName="igYm.exe" (normalized: "c:\\windows\\system32\\igym.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.729] GetCurrentThreadId () returned 0x6f8 [0196.729] GetCurrentThreadId () returned 0x6f8 [0196.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfaa65ef0, dwHighDateTime=0x1d6076c)) [0196.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfaa65ef0, dwHighDateTime=0x1d6076c)) [0196.729] CreateFileW (lpFileName="igYm.exe" (normalized: "c:\\windows\\system32\\igym.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.729] GetCurrentThreadId () returned 0x6f8 [0196.729] BeginUpdateResourceW (pFileName="igYm.exe" (normalized: "c:\\windows\\system32\\igym.exe"), bDeleteExistingResources=0) returned 0x0 [0196.730] CreateFileW (lpFileName="WWIM.ico" (normalized: "c:\\windows\\system32\\wwim.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0196.730] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0196.730] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0196.730] CloseHandle (hObject=0x408) returned 1 [0196.730] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0196.730] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0196.730] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0196.730] CopyFileW (lpExistingFileName="igYm.exe" (normalized: "c:\\windows\\system32\\igym.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp.exe"), bFailIfExists=0) returned 0 [0196.732] SetNamedSecurityInfoW () returned 0x2 [0196.732] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp")) returned 0 [0196.733] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0196.733] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0196.733] DeleteFileW (lpFileName="WWIM.ico" (normalized: "c:\\windows\\system32\\wwim.ico")) returned 1 [0196.734] DeleteFileW (lpFileName="igYm.exe" (normalized: "c:\\windows\\system32\\igym.exe")) returned 0 [0196.734] GetCurrentThreadId () returned 0x6f8 [0196.734] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfaa8c050, dwHighDateTime=0x1d6076c)) [0196.734] GetCurrentThreadId () returned 0x6f8 [0196.734] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfaa8c050, dwHighDateTime=0x1d6076c)) [0196.735] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd069f3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile21.bmp", cAlternateFileName="")) returned 1 [0196.735] GetCurrentThreadId () returned 0x6f8 [0196.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfaa8c050, dwHighDateTime=0x1d6076c)) [0196.735] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp")) returned 0x20 [0196.735] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp", dwFileAttributes=0x80) returned 0 [0196.735] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.736] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.741] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0196.743] GetCurrentThreadId () returned 0x6f8 [0196.743] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfaa8c050, dwHighDateTime=0x1d6076c)) [0196.743] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfaa8c050, dwHighDateTime=0x1d6076c)) [0196.743] GetCurrentThreadId () returned 0x6f8 [0196.744] CloseHandle (hObject=0x408) returned 1 [0196.744] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp", dwFileAttributes=0x20) returned 0 [0196.744] GetCurrentThreadId () returned 0x6f8 [0196.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfaa8c050, dwHighDateTime=0x1d6076c)) [0196.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfaa8c050, dwHighDateTime=0x1d6076c)) [0196.744] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp", piIcon=0x4e4efc4) returned 0x11008b [0196.750] GetIconInfo (in: hIcon=0x11008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0196.750] CreateFileW (lpFileName="aogg.ico" (normalized: "c:\\windows\\system32\\aogg.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.751] GetObjectA (in: h=0x1f0501a2, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0196.751] GetObjectA (in: h=0x280501b1, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0196.751] CreateCompatibleDC (hdc=0x0) returned 0x1f01019e [0196.751] GetDIBits (in: hdc=0x1f01019e, hbm=0x1f0501a2, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0196.751] GetDIBits (in: hdc=0x1f01019e, hbm=0x1f0501a2, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0196.751] GetDIBits (in: hdc=0x1f01019e, hbm=0x1f0501a2, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0196.751] GetDIBits (in: hdc=0x1f01019e, hbm=0x280501b1, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0196.751] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0196.754] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0196.755] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0196.755] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0196.755] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0196.755] DeleteDC (hdc=0x1f01019e) returned 1 [0196.755] CloseHandle (hObject=0x408) returned 1 [0196.760] DeleteObject (ho=0x1f0501a2) returned 1 [0196.760] DeleteObject (ho=0x280501b1) returned 1 [0196.760] DestroyCursor (hCursor=0x11008b) returned 1 [0196.760] GetCurrentThreadId () returned 0x6f8 [0196.760] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.760] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.768] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0196.768] CloseHandle (hObject=0x408) returned 1 [0196.768] GetCurrentThreadId () returned 0x6f8 [0196.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfaad8310, dwHighDateTime=0x1d6076c)) [0196.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfaad8310, dwHighDateTime=0x1d6076c)) [0196.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfaad8310, dwHighDateTime=0x1d6076c)) [0196.910] GetCurrentThreadId () returned 0x6f8 [0196.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfac2ef70, dwHighDateTime=0x1d6076c)) [0196.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfac2ef70, dwHighDateTime=0x1d6076c)) [0196.910] GetCurrentThreadId () returned 0x6f8 [0196.910] CreateFileW (lpFileName="awUo.exe" (normalized: "c:\\windows\\system32\\awuo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.923] CreateFileW (lpFileName="awUo.exe" (normalized: "c:\\windows\\system32\\awuo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.924] GetCurrentThreadId () returned 0x6f8 [0196.924] GetCurrentThreadId () returned 0x6f8 [0196.924] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfac550d0, dwHighDateTime=0x1d6076c)) [0196.924] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfac550d0, dwHighDateTime=0x1d6076c)) [0196.924] CreateFileW (lpFileName="awUo.exe" (normalized: "c:\\windows\\system32\\awuo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.924] GetCurrentThreadId () returned 0x6f8 [0196.924] BeginUpdateResourceW (pFileName="awUo.exe" (normalized: "c:\\windows\\system32\\awuo.exe"), bDeleteExistingResources=0) returned 0x0 [0196.924] CreateFileW (lpFileName="aogg.ico" (normalized: "c:\\windows\\system32\\aogg.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0196.924] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0196.925] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0196.925] CloseHandle (hObject=0x408) returned 1 [0196.925] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0196.925] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0196.925] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0196.925] CopyFileW (lpExistingFileName="awUo.exe" (normalized: "c:\\windows\\system32\\awuo.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp.exe"), bFailIfExists=0) returned 0 [0196.925] SetNamedSecurityInfoW () returned 0x2 [0196.925] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp")) returned 0 [0196.926] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0196.926] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0196.926] DeleteFileW (lpFileName="aogg.ico" (normalized: "c:\\windows\\system32\\aogg.ico")) returned 1 [0196.927] DeleteFileW (lpFileName="awUo.exe" (normalized: "c:\\windows\\system32\\awuo.exe")) returned 0 [0196.927] GetCurrentThreadId () returned 0x6f8 [0196.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfac550d0, dwHighDateTime=0x1d6076c)) [0196.927] GetCurrentThreadId () returned 0x6f8 [0196.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfac550d0, dwHighDateTime=0x1d6076c)) [0196.928] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd09009d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile22.bmp", cAlternateFileName="")) returned 1 [0196.928] GetCurrentThreadId () returned 0x6f8 [0196.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfac550d0, dwHighDateTime=0x1d6076c)) [0196.928] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp")) returned 0x20 [0196.936] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp", dwFileAttributes=0x80) returned 0 [0196.937] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.937] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.942] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0196.944] GetCurrentThreadId () returned 0x6f8 [0196.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfac7b230, dwHighDateTime=0x1d6076c)) [0196.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfac7b230, dwHighDateTime=0x1d6076c)) [0196.944] GetCurrentThreadId () returned 0x6f8 [0196.945] CloseHandle (hObject=0x408) returned 1 [0196.945] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp", dwFileAttributes=0x20) returned 0 [0196.945] GetCurrentThreadId () returned 0x6f8 [0196.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfac7b230, dwHighDateTime=0x1d6076c)) [0196.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfac7b230, dwHighDateTime=0x1d6076c)) [0196.945] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp", piIcon=0x4e4efc4) returned 0x12008b [0196.951] GetIconInfo (in: hIcon=0x12008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0196.951] CreateFileW (lpFileName="gWIw.ico" (normalized: "c:\\windows\\system32\\gwiw.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.952] GetObjectA (in: h=0x240501b3, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0196.952] GetObjectA (in: h=0x1f0501b8, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0196.952] CreateCompatibleDC (hdc=0x0) returned 0x1f0101a4 [0196.952] GetDIBits (in: hdc=0x1f0101a4, hbm=0x240501b3, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0196.952] GetDIBits (in: hdc=0x1f0101a4, hbm=0x240501b3, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0196.952] GetDIBits (in: hdc=0x1f0101a4, hbm=0x240501b3, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0196.952] GetDIBits (in: hdc=0x1f0101a4, hbm=0x1f0501b8, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0196.952] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0196.953] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0196.954] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0196.954] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0196.954] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0196.954] DeleteDC (hdc=0x1f0101a4) returned 1 [0196.954] CloseHandle (hObject=0x408) returned 1 [0196.955] DeleteObject (ho=0x240501b3) returned 1 [0196.955] DeleteObject (ho=0x1f0501b8) returned 1 [0196.955] DestroyCursor (hCursor=0x12008b) returned 1 [0196.956] GetCurrentThreadId () returned 0x6f8 [0196.956] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0196.956] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0196.961] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0196.962] CloseHandle (hObject=0x408) returned 1 [0196.962] GetCurrentThreadId () returned 0x6f8 [0196.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfaca1390, dwHighDateTime=0x1d6076c)) [0196.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfaca1390, dwHighDateTime=0x1d6076c)) [0196.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfaca1390, dwHighDateTime=0x1d6076c)) [0197.082] GetCurrentThreadId () returned 0x6f8 [0197.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfadd1e90, dwHighDateTime=0x1d6076c)) [0197.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfadd1e90, dwHighDateTime=0x1d6076c)) [0197.082] GetCurrentThreadId () returned 0x6f8 [0197.083] CreateFileW (lpFileName="IwES.exe" (normalized: "c:\\windows\\system32\\iwes.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.086] CreateFileW (lpFileName="IwES.exe" (normalized: "c:\\windows\\system32\\iwes.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.086] GetCurrentThreadId () returned 0x6f8 [0197.086] GetCurrentThreadId () returned 0x6f8 [0197.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfadd1e90, dwHighDateTime=0x1d6076c)) [0197.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfadd1e90, dwHighDateTime=0x1d6076c)) [0197.087] CreateFileW (lpFileName="IwES.exe" (normalized: "c:\\windows\\system32\\iwes.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.087] GetCurrentThreadId () returned 0x6f8 [0197.087] BeginUpdateResourceW (pFileName="IwES.exe" (normalized: "c:\\windows\\system32\\iwes.exe"), bDeleteExistingResources=0) returned 0x0 [0197.087] CreateFileW (lpFileName="gWIw.ico" (normalized: "c:\\windows\\system32\\gwiw.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.087] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0197.087] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0197.088] CloseHandle (hObject=0x408) returned 1 [0197.088] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0197.088] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0197.088] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0197.088] CopyFileW (lpExistingFileName="IwES.exe" (normalized: "c:\\windows\\system32\\iwes.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp.exe"), bFailIfExists=0) returned 0 [0197.088] SetNamedSecurityInfoW () returned 0x2 [0197.088] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp")) returned 0 [0197.089] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0197.089] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0197.089] DeleteFileW (lpFileName="gWIw.ico" (normalized: "c:\\windows\\system32\\gwiw.ico")) returned 1 [0197.090] DeleteFileW (lpFileName="IwES.exe" (normalized: "c:\\windows\\system32\\iwes.exe")) returned 0 [0197.090] GetCurrentThreadId () returned 0x6f8 [0197.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfadf7ff0, dwHighDateTime=0x1d6076c)) [0197.091] GetCurrentThreadId () returned 0x6f8 [0197.091] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfadf7ff0, dwHighDateTime=0x1d6076c)) [0197.091] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3cc216, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3cc216, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd0b61fb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile23.bmp", cAlternateFileName="")) returned 1 [0197.091] GetCurrentThreadId () returned 0x6f8 [0197.091] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfadf7ff0, dwHighDateTime=0x1d6076c)) [0197.091] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp")) returned 0x20 [0197.091] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp", dwFileAttributes=0x80) returned 0 [0197.091] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.091] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.097] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0197.108] GetCurrentThreadId () returned 0x6f8 [0197.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfae1e150, dwHighDateTime=0x1d6076c)) [0197.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfae1e150, dwHighDateTime=0x1d6076c)) [0197.109] GetCurrentThreadId () returned 0x6f8 [0197.109] CloseHandle (hObject=0x408) returned 1 [0197.109] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp", dwFileAttributes=0x20) returned 0 [0197.109] GetCurrentThreadId () returned 0x6f8 [0197.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfae1e150, dwHighDateTime=0x1d6076c)) [0197.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfae1e150, dwHighDateTime=0x1d6076c)) [0197.109] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp", piIcon=0x4e4efc4) returned 0x13008b [0197.115] GetIconInfo (in: hIcon=0x13008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0197.115] CreateFileW (lpFileName="kyQc.ico" (normalized: "c:\\windows\\system32\\kyqc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.116] GetObjectA (in: h=0x1f0501a0, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0197.116] GetObjectA (in: h=0x230501a2, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0197.116] CreateCompatibleDC (hdc=0x0) returned 0x2401019e [0197.116] GetDIBits (in: hdc=0x2401019e, hbm=0x1f0501a0, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0197.116] GetDIBits (in: hdc=0x2401019e, hbm=0x1f0501a0, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0197.116] GetDIBits (in: hdc=0x2401019e, hbm=0x1f0501a0, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0197.116] GetDIBits (in: hdc=0x2401019e, hbm=0x230501a2, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0197.116] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0197.117] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0197.118] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0197.118] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0197.118] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0197.118] DeleteDC (hdc=0x2401019e) returned 1 [0197.118] CloseHandle (hObject=0x408) returned 1 [0197.119] DeleteObject (ho=0x1f0501a0) returned 1 [0197.119] DeleteObject (ho=0x230501a2) returned 1 [0197.119] DestroyCursor (hCursor=0x13008b) returned 1 [0197.119] GetCurrentThreadId () returned 0x6f8 [0197.120] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.120] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.125] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0197.126] CloseHandle (hObject=0x408) returned 1 [0197.126] GetCurrentThreadId () returned 0x6f8 [0197.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfae442b0, dwHighDateTime=0x1d6076c)) [0197.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfae442b0, dwHighDateTime=0x1d6076c)) [0197.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfae442b0, dwHighDateTime=0x1d6076c)) [0197.214] GetCurrentThreadId () returned 0x6f8 [0197.214] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfaf28af0, dwHighDateTime=0x1d6076c)) [0197.214] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfaf28af0, dwHighDateTime=0x1d6076c)) [0197.214] GetCurrentThreadId () returned 0x6f8 [0197.214] CreateFileW (lpFileName="QEEc.exe" (normalized: "c:\\windows\\system32\\qeec.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.215] CreateFileW (lpFileName="QEEc.exe" (normalized: "c:\\windows\\system32\\qeec.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.215] GetCurrentThreadId () returned 0x6f8 [0197.215] GetCurrentThreadId () returned 0x6f8 [0197.215] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfaf28af0, dwHighDateTime=0x1d6076c)) [0197.215] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfaf28af0, dwHighDateTime=0x1d6076c)) [0197.216] CreateFileW (lpFileName="QEEc.exe" (normalized: "c:\\windows\\system32\\qeec.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.216] GetCurrentThreadId () returned 0x6f8 [0197.216] BeginUpdateResourceW (pFileName="QEEc.exe" (normalized: "c:\\windows\\system32\\qeec.exe"), bDeleteExistingResources=0) returned 0x0 [0197.216] CreateFileW (lpFileName="kyQc.ico" (normalized: "c:\\windows\\system32\\kyqc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.216] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0197.216] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0197.216] CloseHandle (hObject=0x408) returned 1 [0197.217] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0197.217] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0197.217] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0197.217] CopyFileW (lpExistingFileName="QEEc.exe" (normalized: "c:\\windows\\system32\\qeec.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp.exe"), bFailIfExists=0) returned 0 [0197.217] SetNamedSecurityInfoW () returned 0x2 [0197.217] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp")) returned 0 [0197.217] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0197.218] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0197.218] DeleteFileW (lpFileName="kyQc.ico" (normalized: "c:\\windows\\system32\\kyqc.ico")) returned 1 [0197.219] DeleteFileW (lpFileName="QEEc.exe" (normalized: "c:\\windows\\system32\\qeec.exe")) returned 0 [0197.219] GetCurrentThreadId () returned 0x6f8 [0197.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfaf28af0, dwHighDateTime=0x1d6076c)) [0197.219] GetCurrentThreadId () returned 0x6f8 [0197.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfaf28af0, dwHighDateTime=0x1d6076c)) [0197.219] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd232fa7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile24.bmp", cAlternateFileName="")) returned 1 [0197.219] GetCurrentThreadId () returned 0x6f8 [0197.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfaf28af0, dwHighDateTime=0x1d6076c)) [0197.219] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp")) returned 0x20 [0197.220] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp", dwFileAttributes=0x80) returned 0 [0197.220] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.220] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.225] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0197.230] GetCurrentThreadId () returned 0x6f8 [0197.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfaf28af0, dwHighDateTime=0x1d6076c)) [0197.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfaf28af0, dwHighDateTime=0x1d6076c)) [0197.230] GetCurrentThreadId () returned 0x6f8 [0197.230] CloseHandle (hObject=0x408) returned 1 [0197.230] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp", dwFileAttributes=0x20) returned 0 [0197.230] GetCurrentThreadId () returned 0x6f8 [0197.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfaf4ec50, dwHighDateTime=0x1d6076c)) [0197.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfaf4ec50, dwHighDateTime=0x1d6076c)) [0197.231] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp", piIcon=0x4e4efc4) returned 0x14008b [0197.236] GetIconInfo (in: hIcon=0x14008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0197.236] CreateFileW (lpFileName="quYg.ico" (normalized: "c:\\windows\\system32\\quyg.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.237] GetObjectA (in: h=0x2f0501b1, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0197.237] GetObjectA (in: h=0x280501b3, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0197.237] CreateCompatibleDC (hdc=0x0) returned 0x240101a4 [0197.237] GetDIBits (in: hdc=0x240101a4, hbm=0x2f0501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0197.237] GetDIBits (in: hdc=0x240101a4, hbm=0x2f0501b1, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0197.237] GetDIBits (in: hdc=0x240101a4, hbm=0x2f0501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0197.238] GetDIBits (in: hdc=0x240101a4, hbm=0x280501b3, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0197.238] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0197.239] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0197.239] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0197.239] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0197.239] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0197.239] DeleteDC (hdc=0x240101a4) returned 1 [0197.239] CloseHandle (hObject=0x408) returned 1 [0197.240] DeleteObject (ho=0x2f0501b1) returned 1 [0197.240] DeleteObject (ho=0x280501b3) returned 1 [0197.240] DestroyCursor (hCursor=0x14008b) returned 1 [0197.241] GetCurrentThreadId () returned 0x6f8 [0197.241] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.241] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.248] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0197.249] CloseHandle (hObject=0x408) returned 1 [0197.249] GetCurrentThreadId () returned 0x6f8 [0197.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfaf74db0, dwHighDateTime=0x1d6076c)) [0197.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfaf74db0, dwHighDateTime=0x1d6076c)) [0197.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfaf74db0, dwHighDateTime=0x1d6076c)) [0197.379] GetCurrentThreadId () returned 0x6f8 [0197.379] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb0a58b0, dwHighDateTime=0x1d6076c)) [0197.379] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb0a58b0, dwHighDateTime=0x1d6076c)) [0197.379] GetCurrentThreadId () returned 0x6f8 [0197.379] CreateFileW (lpFileName="mEss.exe" (normalized: "c:\\windows\\system32\\mess.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.383] CreateFileW (lpFileName="mEss.exe" (normalized: "c:\\windows\\system32\\mess.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.384] GetCurrentThreadId () returned 0x6f8 [0197.384] GetCurrentThreadId () returned 0x6f8 [0197.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb0a58b0, dwHighDateTime=0x1d6076c)) [0197.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb0a58b0, dwHighDateTime=0x1d6076c)) [0197.384] CreateFileW (lpFileName="mEss.exe" (normalized: "c:\\windows\\system32\\mess.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.385] GetCurrentThreadId () returned 0x6f8 [0197.385] BeginUpdateResourceW (pFileName="mEss.exe" (normalized: "c:\\windows\\system32\\mess.exe"), bDeleteExistingResources=0) returned 0x0 [0197.385] CreateFileW (lpFileName="quYg.ico" (normalized: "c:\\windows\\system32\\quyg.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.385] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0197.385] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0197.385] CloseHandle (hObject=0x408) returned 1 [0197.385] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0197.385] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0197.385] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0197.386] CopyFileW (lpExistingFileName="mEss.exe" (normalized: "c:\\windows\\system32\\mess.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp.exe"), bFailIfExists=0) returned 0 [0197.386] SetNamedSecurityInfoW () returned 0x2 [0197.386] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp")) returned 0 [0197.386] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0197.386] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0197.386] DeleteFileW (lpFileName="quYg.ico" (normalized: "c:\\windows\\system32\\quyg.ico")) returned 1 [0197.387] DeleteFileW (lpFileName="mEss.exe" (normalized: "c:\\windows\\system32\\mess.exe")) returned 0 [0197.387] GetCurrentThreadId () returned 0x6f8 [0197.388] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfb0cba10, dwHighDateTime=0x1d6076c)) [0197.388] GetCurrentThreadId () returned 0x6f8 [0197.388] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfb0cba10, dwHighDateTime=0x1d6076c)) [0197.388] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd259105, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile25.bmp", cAlternateFileName="")) returned 1 [0197.388] GetCurrentThreadId () returned 0x6f8 [0197.388] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfb0cba10, dwHighDateTime=0x1d6076c)) [0197.388] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp")) returned 0x20 [0197.395] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp", dwFileAttributes=0x80) returned 0 [0197.395] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.396] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.401] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0197.403] GetCurrentThreadId () returned 0x6f8 [0197.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb0f1b70, dwHighDateTime=0x1d6076c)) [0197.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb0f1b70, dwHighDateTime=0x1d6076c)) [0197.404] GetCurrentThreadId () returned 0x6f8 [0197.404] CloseHandle (hObject=0x408) returned 1 [0197.404] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp", dwFileAttributes=0x20) returned 0 [0197.404] GetCurrentThreadId () returned 0x6f8 [0197.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb0f1b70, dwHighDateTime=0x1d6076c)) [0197.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb0f1b70, dwHighDateTime=0x1d6076c)) [0197.404] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp", piIcon=0x4e4efc4) returned 0x1500c1 [0197.409] GetIconInfo (in: hIcon=0x1500c1, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0197.409] CreateFileW (lpFileName="YWMA.ico" (normalized: "c:\\windows\\system32\\ywma.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.410] GetObjectA (in: h=0x1c0507c3, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0197.410] GetObjectA (in: h=0x240501a0, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0197.410] CreateCompatibleDC (hdc=0x0) returned 0x2a01019e [0197.410] GetDIBits (in: hdc=0x2a01019e, hbm=0x1c0507c3, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0197.410] GetDIBits (in: hdc=0x2a01019e, hbm=0x1c0507c3, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0197.410] GetDIBits (in: hdc=0x2a01019e, hbm=0x1c0507c3, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0197.410] GetDIBits (in: hdc=0x2a01019e, hbm=0x240501a0, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0197.410] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0197.411] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0197.411] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0197.411] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0197.412] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0197.412] DeleteDC (hdc=0x2a01019e) returned 1 [0197.412] CloseHandle (hObject=0x408) returned 1 [0197.416] DeleteObject (ho=0x1c0507c3) returned 1 [0197.416] DeleteObject (ho=0x240501a0) returned 1 [0197.416] DestroyCursor (hCursor=0x1500c1) returned 1 [0197.416] GetCurrentThreadId () returned 0x6f8 [0197.416] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.416] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.422] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0197.422] CloseHandle (hObject=0x408) returned 1 [0197.422] GetCurrentThreadId () returned 0x6f8 [0197.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb117cd0, dwHighDateTime=0x1d6076c)) [0197.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb117cd0, dwHighDateTime=0x1d6076c)) [0197.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfb117cd0, dwHighDateTime=0x1d6076c)) [0197.548] GetCurrentThreadId () returned 0x6f8 [0197.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb2487d0, dwHighDateTime=0x1d6076c)) [0197.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb2487d0, dwHighDateTime=0x1d6076c)) [0197.548] GetCurrentThreadId () returned 0x6f8 [0197.548] CreateFileW (lpFileName="QEcK.exe" (normalized: "c:\\windows\\system32\\qeck.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.549] CreateFileW (lpFileName="QEcK.exe" (normalized: "c:\\windows\\system32\\qeck.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.550] GetCurrentThreadId () returned 0x6f8 [0197.550] GetCurrentThreadId () returned 0x6f8 [0197.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb2487d0, dwHighDateTime=0x1d6076c)) [0197.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb2487d0, dwHighDateTime=0x1d6076c)) [0197.550] CreateFileW (lpFileName="QEcK.exe" (normalized: "c:\\windows\\system32\\qeck.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.550] GetCurrentThreadId () returned 0x6f8 [0197.550] BeginUpdateResourceW (pFileName="QEcK.exe" (normalized: "c:\\windows\\system32\\qeck.exe"), bDeleteExistingResources=0) returned 0x0 [0197.550] CreateFileW (lpFileName="YWMA.ico" (normalized: "c:\\windows\\system32\\ywma.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.550] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0197.550] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0197.551] CloseHandle (hObject=0x408) returned 1 [0197.551] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0197.551] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0197.551] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0197.551] CopyFileW (lpExistingFileName="QEcK.exe" (normalized: "c:\\windows\\system32\\qeck.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp.exe"), bFailIfExists=0) returned 0 [0197.551] SetNamedSecurityInfoW () returned 0x2 [0197.551] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp")) returned 0 [0197.551] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0197.552] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0197.552] DeleteFileW (lpFileName="YWMA.ico" (normalized: "c:\\windows\\system32\\ywma.ico")) returned 1 [0197.553] DeleteFileW (lpFileName="QEcK.exe" (normalized: "c:\\windows\\system32\\qeck.exe")) returned 0 [0197.553] GetCurrentThreadId () returned 0x6f8 [0197.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfb2487d0, dwHighDateTime=0x1d6076c)) [0197.553] GetCurrentThreadId () returned 0x6f8 [0197.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfb2487d0, dwHighDateTime=0x1d6076c)) [0197.553] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd27f263, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile26.bmp", cAlternateFileName="")) returned 1 [0197.553] GetCurrentThreadId () returned 0x6f8 [0197.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfb2487d0, dwHighDateTime=0x1d6076c)) [0197.553] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp")) returned 0x20 [0197.557] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp", dwFileAttributes=0x80) returned 0 [0197.557] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.557] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.562] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0197.565] GetCurrentThreadId () returned 0x6f8 [0197.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb26e930, dwHighDateTime=0x1d6076c)) [0197.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb26e930, dwHighDateTime=0x1d6076c)) [0197.565] GetCurrentThreadId () returned 0x6f8 [0197.565] CloseHandle (hObject=0x408) returned 1 [0197.566] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp", dwFileAttributes=0x20) returned 0 [0197.566] GetCurrentThreadId () returned 0x6f8 [0197.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb26e930, dwHighDateTime=0x1d6076c)) [0197.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb26e930, dwHighDateTime=0x1d6076c)) [0197.566] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp", piIcon=0x4e4efc4) returned 0x60127 [0197.571] GetIconInfo (in: hIcon=0x60127, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0197.571] CreateFileW (lpFileName="cygY.ico" (normalized: "c:\\windows\\system32\\cygy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.572] GetObjectA (in: h=0x2a0501a2, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0197.572] GetObjectA (in: h=0x330501b1, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0197.572] CreateCompatibleDC (hdc=0x0) returned 0x290101a4 [0197.572] GetDIBits (in: hdc=0x290101a4, hbm=0x2a0501a2, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0197.572] GetDIBits (in: hdc=0x290101a4, hbm=0x2a0501a2, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0197.572] GetDIBits (in: hdc=0x290101a4, hbm=0x2a0501a2, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0197.572] GetDIBits (in: hdc=0x290101a4, hbm=0x330501b1, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0197.572] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0197.573] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0197.581] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0197.581] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0197.582] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0197.582] DeleteDC (hdc=0x290101a4) returned 1 [0197.582] CloseHandle (hObject=0x408) returned 1 [0197.584] DeleteObject (ho=0x2a0501a2) returned 1 [0197.584] DeleteObject (ho=0x330501b1) returned 1 [0197.584] DestroyCursor (hCursor=0x60127) returned 1 [0197.584] GetCurrentThreadId () returned 0x6f8 [0197.584] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.584] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.589] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0197.589] CloseHandle (hObject=0x408) returned 1 [0197.589] GetCurrentThreadId () returned 0x6f8 [0197.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb2babf0, dwHighDateTime=0x1d6076c)) [0197.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb2babf0, dwHighDateTime=0x1d6076c)) [0197.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfb2babf0, dwHighDateTime=0x1d6076c)) [0197.701] GetCurrentThreadId () returned 0x6f8 [0197.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb3c5590, dwHighDateTime=0x1d6076c)) [0197.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb3c5590, dwHighDateTime=0x1d6076c)) [0197.701] GetCurrentThreadId () returned 0x6f8 [0197.701] CreateFileW (lpFileName="QAMK.exe" (normalized: "c:\\windows\\system32\\qamk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.702] CreateFileW (lpFileName="QAMK.exe" (normalized: "c:\\windows\\system32\\qamk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.702] GetCurrentThreadId () returned 0x6f8 [0197.702] GetCurrentThreadId () returned 0x6f8 [0197.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb3c5590, dwHighDateTime=0x1d6076c)) [0197.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb3c5590, dwHighDateTime=0x1d6076c)) [0197.703] CreateFileW (lpFileName="QAMK.exe" (normalized: "c:\\windows\\system32\\qamk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.703] GetCurrentThreadId () returned 0x6f8 [0197.703] BeginUpdateResourceW (pFileName="QAMK.exe" (normalized: "c:\\windows\\system32\\qamk.exe"), bDeleteExistingResources=0) returned 0x0 [0197.703] CreateFileW (lpFileName="cygY.ico" (normalized: "c:\\windows\\system32\\cygy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.703] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0197.703] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0197.703] CloseHandle (hObject=0x408) returned 1 [0197.704] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0197.704] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0197.704] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0197.704] CopyFileW (lpExistingFileName="QAMK.exe" (normalized: "c:\\windows\\system32\\qamk.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp.exe"), bFailIfExists=0) returned 0 [0197.704] SetNamedSecurityInfoW () returned 0x2 [0197.704] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp")) returned 0 [0197.704] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0197.704] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0197.704] DeleteFileW (lpFileName="cygY.ico" (normalized: "c:\\windows\\system32\\cygy.ico")) returned 1 [0197.706] DeleteFileW (lpFileName="QAMK.exe" (normalized: "c:\\windows\\system32\\qamk.exe")) returned 0 [0197.706] GetCurrentThreadId () returned 0x6f8 [0197.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfb3c5590, dwHighDateTime=0x1d6076c)) [0197.706] GetCurrentThreadId () returned 0x6f8 [0197.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfb3c5590, dwHighDateTime=0x1d6076c)) [0197.706] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4184d0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4184d0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd2a53c1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile27.bmp", cAlternateFileName="")) returned 1 [0197.706] GetCurrentThreadId () returned 0x6f8 [0197.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfb3c5590, dwHighDateTime=0x1d6076c)) [0197.706] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp")) returned 0x20 [0197.706] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp", dwFileAttributes=0x80) returned 0 [0197.706] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.708] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.713] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0197.727] GetCurrentThreadId () returned 0x6f8 [0197.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb3eb6f0, dwHighDateTime=0x1d6076c)) [0197.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb3eb6f0, dwHighDateTime=0x1d6076c)) [0197.727] GetCurrentThreadId () returned 0x6f8 [0197.727] CloseHandle (hObject=0x408) returned 1 [0197.727] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp", dwFileAttributes=0x20) returned 0 [0197.727] GetCurrentThreadId () returned 0x6f8 [0197.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb3eb6f0, dwHighDateTime=0x1d6076c)) [0197.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb3eb6f0, dwHighDateTime=0x1d6076c)) [0197.728] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp", piIcon=0x4e4efc4) returned 0x13013f [0197.756] GetIconInfo (in: hIcon=0x13013f, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0197.756] CreateFileW (lpFileName="IwAA.ico" (normalized: "c:\\windows\\system32\\iwaa.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.757] GetObjectA (in: h=0x8050775, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0197.757] GetObjectA (in: h=0x6050776, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0197.757] CreateCompatibleDC (hdc=0x0) returned 0x1801076f [0197.757] GetDIBits (in: hdc=0x1801076f, hbm=0x8050775, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0197.758] GetDIBits (in: hdc=0x1801076f, hbm=0x8050775, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0197.758] GetDIBits (in: hdc=0x1801076f, hbm=0x8050775, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0197.758] GetDIBits (in: hdc=0x1801076f, hbm=0x6050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0197.758] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0197.759] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0197.759] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0197.759] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0197.760] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0197.760] DeleteDC (hdc=0x1801076f) returned 1 [0197.760] CloseHandle (hObject=0x408) returned 1 [0197.762] DeleteObject (ho=0x8050775) returned 1 [0197.762] DeleteObject (ho=0x6050776) returned 1 [0197.762] DestroyCursor (hCursor=0x13013f) returned 1 [0197.762] GetCurrentThreadId () returned 0x6f8 [0197.763] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.763] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.768] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0197.768] CloseHandle (hObject=0x408) returned 1 [0197.768] GetCurrentThreadId () returned 0x6f8 [0197.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb45db10, dwHighDateTime=0x1d6076c)) [0197.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb45db10, dwHighDateTime=0x1d6076c)) [0197.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfb45db10, dwHighDateTime=0x1d6076c)) [0197.887] GetCurrentThreadId () returned 0x6f8 [0197.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb58e610, dwHighDateTime=0x1d6076c)) [0197.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb58e610, dwHighDateTime=0x1d6076c)) [0197.887] GetCurrentThreadId () returned 0x6f8 [0197.887] CreateFileW (lpFileName="eQwE.exe" (normalized: "c:\\windows\\system32\\eqwe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.933] CreateFileW (lpFileName="eQwE.exe" (normalized: "c:\\windows\\system32\\eqwe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.934] GetCurrentThreadId () returned 0x6f8 [0197.934] GetCurrentThreadId () returned 0x6f8 [0197.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb600a30, dwHighDateTime=0x1d6076c)) [0197.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb600a30, dwHighDateTime=0x1d6076c)) [0197.934] CreateFileW (lpFileName="eQwE.exe" (normalized: "c:\\windows\\system32\\eqwe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0197.934] GetCurrentThreadId () returned 0x6f8 [0197.934] BeginUpdateResourceW (pFileName="eQwE.exe" (normalized: "c:\\windows\\system32\\eqwe.exe"), bDeleteExistingResources=0) returned 0x0 [0197.934] CreateFileW (lpFileName="IwAA.ico" (normalized: "c:\\windows\\system32\\iwaa.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.934] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0197.934] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0197.935] CloseHandle (hObject=0x408) returned 1 [0197.935] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0197.935] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0197.935] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0197.935] CopyFileW (lpExistingFileName="eQwE.exe" (normalized: "c:\\windows\\system32\\eqwe.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp.exe"), bFailIfExists=0) returned 0 [0197.935] SetNamedSecurityInfoW () returned 0x2 [0197.935] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp")) returned 0 [0197.936] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0197.936] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0197.936] DeleteFileW (lpFileName="IwAA.ico" (normalized: "c:\\windows\\system32\\iwaa.ico")) returned 1 [0197.937] DeleteFileW (lpFileName="eQwE.exe" (normalized: "c:\\windows\\system32\\eqwe.exe")) returned 0 [0197.937] GetCurrentThreadId () returned 0x6f8 [0197.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfb600a30, dwHighDateTime=0x1d6076c)) [0197.937] GetCurrentThreadId () returned 0x6f8 [0197.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfb600a30, dwHighDateTime=0x1d6076c)) [0197.938] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3177db, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile28.bmp", cAlternateFileName="")) returned 1 [0197.938] GetCurrentThreadId () returned 0x6f8 [0197.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfb600a30, dwHighDateTime=0x1d6076c)) [0197.938] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp")) returned 0x20 [0197.938] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp", dwFileAttributes=0x80) returned 0 [0197.938] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.938] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.943] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0197.947] GetCurrentThreadId () returned 0x6f8 [0197.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb626b90, dwHighDateTime=0x1d6076c)) [0197.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb626b90, dwHighDateTime=0x1d6076c)) [0197.947] GetCurrentThreadId () returned 0x6f8 [0197.948] CloseHandle (hObject=0x408) returned 1 [0197.948] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp", dwFileAttributes=0x20) returned 0 [0197.948] GetCurrentThreadId () returned 0x6f8 [0197.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb626b90, dwHighDateTime=0x1d6076c)) [0197.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb626b90, dwHighDateTime=0x1d6076c)) [0197.948] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp", piIcon=0x4e4efc4) returned 0x20149 [0197.954] GetIconInfo (in: hIcon=0x20149, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0197.954] CreateFileW (lpFileName="gYQQ.ico" (normalized: "c:\\windows\\system32\\gyqq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.955] GetObjectA (in: h=0xf0501fd, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0197.955] GetObjectA (in: h=0x130501fe, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0197.955] CreateCompatibleDC (hdc=0x0) returned 0x90101fc [0197.955] GetDIBits (in: hdc=0x90101fc, hbm=0xf0501fd, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0197.955] GetDIBits (in: hdc=0x90101fc, hbm=0xf0501fd, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0197.955] GetDIBits (in: hdc=0x90101fc, hbm=0xf0501fd, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0197.955] GetDIBits (in: hdc=0x90101fc, hbm=0x130501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0197.955] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0197.956] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0197.956] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0197.956] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0197.957] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0197.957] DeleteDC (hdc=0x90101fc) returned 1 [0197.957] CloseHandle (hObject=0x408) returned 1 [0197.960] DeleteObject (ho=0xf0501fd) returned 1 [0197.960] DeleteObject (ho=0x130501fe) returned 1 [0197.960] DestroyCursor (hCursor=0x20149) returned 1 [0197.960] GetCurrentThreadId () returned 0x6f8 [0197.960] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0197.960] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0197.966] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0197.966] CloseHandle (hObject=0x408) returned 1 [0197.966] GetCurrentThreadId () returned 0x6f8 [0197.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb64ccf0, dwHighDateTime=0x1d6076c)) [0197.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb64ccf0, dwHighDateTime=0x1d6076c)) [0197.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfb64ccf0, dwHighDateTime=0x1d6076c)) [0198.107] GetCurrentThreadId () returned 0x6f8 [0198.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb7a3950, dwHighDateTime=0x1d6076c)) [0198.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb7a3950, dwHighDateTime=0x1d6076c)) [0198.107] GetCurrentThreadId () returned 0x6f8 [0198.107] CreateFileW (lpFileName="kUAg.exe" (normalized: "c:\\windows\\system32\\kuag.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.108] CreateFileW (lpFileName="kUAg.exe" (normalized: "c:\\windows\\system32\\kuag.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.109] GetCurrentThreadId () returned 0x6f8 [0198.109] GetCurrentThreadId () returned 0x6f8 [0198.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb7a3950, dwHighDateTime=0x1d6076c)) [0198.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb7a3950, dwHighDateTime=0x1d6076c)) [0198.109] CreateFileW (lpFileName="kUAg.exe" (normalized: "c:\\windows\\system32\\kuag.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.109] GetCurrentThreadId () returned 0x6f8 [0198.109] BeginUpdateResourceW (pFileName="kUAg.exe" (normalized: "c:\\windows\\system32\\kuag.exe"), bDeleteExistingResources=0) returned 0x0 [0198.109] CreateFileW (lpFileName="gYQQ.ico" (normalized: "c:\\windows\\system32\\gyqq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0198.109] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0198.110] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0198.110] CloseHandle (hObject=0x408) returned 1 [0198.110] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0198.110] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0198.110] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0198.110] CopyFileW (lpExistingFileName="kUAg.exe" (normalized: "c:\\windows\\system32\\kuag.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp.exe"), bFailIfExists=0) returned 0 [0198.110] SetNamedSecurityInfoW () returned 0x2 [0198.111] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp")) returned 0 [0198.111] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0198.111] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0198.111] DeleteFileW (lpFileName="gYQQ.ico" (normalized: "c:\\windows\\system32\\gyqq.ico")) returned 1 [0198.112] DeleteFileW (lpFileName="kUAg.exe" (normalized: "c:\\windows\\system32\\kuag.exe")) returned 0 [0198.112] GetCurrentThreadId () returned 0x6f8 [0198.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfb7a3950, dwHighDateTime=0x1d6076c)) [0198.113] GetCurrentThreadId () returned 0x6f8 [0198.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfb7a3950, dwHighDateTime=0x1d6076c)) [0198.113] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd33d939, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile29.bmp", cAlternateFileName="")) returned 1 [0198.113] GetCurrentThreadId () returned 0x6f8 [0198.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfb7a3950, dwHighDateTime=0x1d6076c)) [0198.113] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp")) returned 0x20 [0198.113] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp", dwFileAttributes=0x80) returned 0 [0198.113] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.113] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.118] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0198.127] GetCurrentThreadId () returned 0x6f8 [0198.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb7c9ab0, dwHighDateTime=0x1d6076c)) [0198.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb7c9ab0, dwHighDateTime=0x1d6076c)) [0198.128] GetCurrentThreadId () returned 0x6f8 [0198.128] CloseHandle (hObject=0x408) returned 1 [0198.128] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp", dwFileAttributes=0x20) returned 0 [0198.128] GetCurrentThreadId () returned 0x6f8 [0198.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb7c9ab0, dwHighDateTime=0x1d6076c)) [0198.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb7c9ab0, dwHighDateTime=0x1d6076c)) [0198.128] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp", piIcon=0x4e4efc4) returned 0x40155 [0198.133] GetIconInfo (in: hIcon=0x40155, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0198.133] CreateFileW (lpFileName="iWUs.ico" (normalized: "c:\\windows\\system32\\iwus.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.134] GetObjectA (in: h=0x2105076f, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0198.134] GetObjectA (in: h=0x17050776, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0198.134] CreateCompatibleDC (hdc=0x0) returned 0x440101ca [0198.134] GetDIBits (in: hdc=0x440101ca, hbm=0x2105076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0198.134] GetDIBits (in: hdc=0x440101ca, hbm=0x2105076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0198.134] GetDIBits (in: hdc=0x440101ca, hbm=0x2105076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0198.134] GetDIBits (in: hdc=0x440101ca, hbm=0x17050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0198.134] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0198.135] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0198.135] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0198.135] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0198.136] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0198.136] DeleteDC (hdc=0x440101ca) returned 1 [0198.136] CloseHandle (hObject=0x408) returned 1 [0198.136] DeleteObject (ho=0x2105076f) returned 1 [0198.137] DeleteObject (ho=0x17050776) returned 1 [0198.137] DestroyCursor (hCursor=0x40155) returned 1 [0198.137] GetCurrentThreadId () returned 0x6f8 [0198.137] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.137] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.141] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0198.142] CloseHandle (hObject=0x408) returned 1 [0198.142] GetCurrentThreadId () returned 0x6f8 [0198.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb7efc10, dwHighDateTime=0x1d6076c)) [0198.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb7efc10, dwHighDateTime=0x1d6076c)) [0198.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfb7efc10, dwHighDateTime=0x1d6076c)) [0198.267] GetCurrentThreadId () returned 0x6f8 [0198.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb920710, dwHighDateTime=0x1d6076c)) [0198.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfb920710, dwHighDateTime=0x1d6076c)) [0198.267] GetCurrentThreadId () returned 0x6f8 [0198.267] CreateFileW (lpFileName="eUsk.exe" (normalized: "c:\\windows\\system32\\eusk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.273] CreateFileW (lpFileName="eUsk.exe" (normalized: "c:\\windows\\system32\\eusk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.274] GetCurrentThreadId () returned 0x6f8 [0198.274] GetCurrentThreadId () returned 0x6f8 [0198.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb920710, dwHighDateTime=0x1d6076c)) [0198.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfb920710, dwHighDateTime=0x1d6076c)) [0198.274] CreateFileW (lpFileName="eUsk.exe" (normalized: "c:\\windows\\system32\\eusk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.274] GetCurrentThreadId () returned 0x6f8 [0198.274] BeginUpdateResourceW (pFileName="eUsk.exe" (normalized: "c:\\windows\\system32\\eusk.exe"), bDeleteExistingResources=0) returned 0x0 [0198.274] CreateFileW (lpFileName="iWUs.ico" (normalized: "c:\\windows\\system32\\iwus.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0198.274] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0198.274] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0198.279] CloseHandle (hObject=0x408) returned 1 [0198.279] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0198.280] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0198.280] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0198.280] CopyFileW (lpExistingFileName="eUsk.exe" (normalized: "c:\\windows\\system32\\eusk.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp.exe"), bFailIfExists=0) returned 0 [0198.280] SetNamedSecurityInfoW () returned 0x2 [0198.280] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp")) returned 0 [0198.280] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0198.280] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0198.281] DeleteFileW (lpFileName="iWUs.ico" (normalized: "c:\\windows\\system32\\iwus.ico")) returned 1 [0198.282] DeleteFileW (lpFileName="eUsk.exe" (normalized: "c:\\windows\\system32\\eusk.exe")) returned 0 [0198.282] GetCurrentThreadId () returned 0x6f8 [0198.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfb946870, dwHighDateTime=0x1d6076c)) [0198.282] GetCurrentThreadId () returned 0x6f8 [0198.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfb946870, dwHighDateTime=0x1d6076c)) [0198.282] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae46478a, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae46478a, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile30.bmp", cAlternateFileName="")) returned 1 [0198.282] GetCurrentThreadId () returned 0x6f8 [0198.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfb946870, dwHighDateTime=0x1d6076c)) [0198.282] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp")) returned 0x20 [0198.284] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp", dwFileAttributes=0x80) returned 0 [0198.284] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.284] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.289] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0198.292] GetCurrentThreadId () returned 0x6f8 [0198.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb96c9d0, dwHighDateTime=0x1d6076c)) [0198.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfb96c9d0, dwHighDateTime=0x1d6076c)) [0198.292] GetCurrentThreadId () returned 0x6f8 [0198.292] CloseHandle (hObject=0x408) returned 1 [0198.292] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp", dwFileAttributes=0x20) returned 0 [0198.293] GetCurrentThreadId () returned 0x6f8 [0198.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb96c9d0, dwHighDateTime=0x1d6076c)) [0198.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfb96c9d0, dwHighDateTime=0x1d6076c)) [0198.293] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp", piIcon=0x4e4efc4) returned 0x50155 [0198.299] GetIconInfo (in: hIcon=0x50155, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0198.299] CreateFileW (lpFileName="eIEk.ico" (normalized: "c:\\windows\\system32\\eiek.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.299] GetObjectA (in: h=0x180501fc, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0198.299] GetObjectA (in: h=0x16050772, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0198.299] CreateCompatibleDC (hdc=0x0) returned 0x1b010776 [0198.300] GetDIBits (in: hdc=0x1b010776, hbm=0x180501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0198.300] GetDIBits (in: hdc=0x1b010776, hbm=0x180501fc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0198.300] GetDIBits (in: hdc=0x1b010776, hbm=0x180501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0198.300] GetDIBits (in: hdc=0x1b010776, hbm=0x16050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0198.300] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0198.301] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0198.301] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0198.301] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0198.302] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0198.302] DeleteDC (hdc=0x1b010776) returned 1 [0198.302] CloseHandle (hObject=0x408) returned 1 [0198.309] DeleteObject (ho=0x180501fc) returned 1 [0198.309] DeleteObject (ho=0x16050772) returned 1 [0198.309] DestroyCursor (hCursor=0x50155) returned 1 [0198.309] GetCurrentThreadId () returned 0x6f8 [0198.310] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.310] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.314] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0198.315] CloseHandle (hObject=0x408) returned 1 [0198.315] GetCurrentThreadId () returned 0x6f8 [0198.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb992b30, dwHighDateTime=0x1d6076c)) [0198.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfb992b30, dwHighDateTime=0x1d6076c)) [0198.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfb992b30, dwHighDateTime=0x1d6076c)) [0198.463] GetCurrentThreadId () returned 0x6f8 [0198.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfbb0f8f0, dwHighDateTime=0x1d6076c)) [0198.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfbb0f8f0, dwHighDateTime=0x1d6076c)) [0198.463] GetCurrentThreadId () returned 0x6f8 [0198.463] CreateFileW (lpFileName="aYIw.exe" (normalized: "c:\\windows\\system32\\ayiw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.464] CreateFileW (lpFileName="aYIw.exe" (normalized: "c:\\windows\\system32\\ayiw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.464] GetCurrentThreadId () returned 0x6f8 [0198.464] GetCurrentThreadId () returned 0x6f8 [0198.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfbb0f8f0, dwHighDateTime=0x1d6076c)) [0198.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfbb0f8f0, dwHighDateTime=0x1d6076c)) [0198.464] CreateFileW (lpFileName="aYIw.exe" (normalized: "c:\\windows\\system32\\ayiw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.464] GetCurrentThreadId () returned 0x6f8 [0198.464] BeginUpdateResourceW (pFileName="aYIw.exe" (normalized: "c:\\windows\\system32\\ayiw.exe"), bDeleteExistingResources=0) returned 0x0 [0198.465] CreateFileW (lpFileName="eIEk.ico" (normalized: "c:\\windows\\system32\\eiek.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0198.465] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0198.465] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0198.465] CloseHandle (hObject=0x408) returned 1 [0198.465] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0198.465] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0198.465] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0198.466] CopyFileW (lpExistingFileName="aYIw.exe" (normalized: "c:\\windows\\system32\\ayiw.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp.exe"), bFailIfExists=0) returned 0 [0198.466] SetNamedSecurityInfoW () returned 0x2 [0198.466] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp")) returned 0 [0198.466] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0198.466] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0198.466] DeleteFileW (lpFileName="eIEk.ico" (normalized: "c:\\windows\\system32\\eiek.ico")) returned 1 [0198.470] DeleteFileW (lpFileName="aYIw.exe" (normalized: "c:\\windows\\system32\\ayiw.exe")) returned 0 [0198.470] GetCurrentThreadId () returned 0x6f8 [0198.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfbb0f8f0, dwHighDateTime=0x1d6076c)) [0198.471] GetCurrentThreadId () returned 0x6f8 [0198.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfbb0f8f0, dwHighDateTime=0x1d6076c)) [0198.471] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile31.bmp", cAlternateFileName="")) returned 1 [0198.471] GetCurrentThreadId () returned 0x6f8 [0198.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfbb0f8f0, dwHighDateTime=0x1d6076c)) [0198.471] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp")) returned 0x20 [0198.471] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp", dwFileAttributes=0x80) returned 0 [0198.471] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.471] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.476] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0198.479] GetCurrentThreadId () returned 0x6f8 [0198.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfbb35a50, dwHighDateTime=0x1d6076c)) [0198.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfbb35a50, dwHighDateTime=0x1d6076c)) [0198.479] GetCurrentThreadId () returned 0x6f8 [0198.479] CloseHandle (hObject=0x408) returned 1 [0198.479] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp", dwFileAttributes=0x20) returned 0 [0198.479] GetCurrentThreadId () returned 0x6f8 [0198.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfbb35a50, dwHighDateTime=0x1d6076c)) [0198.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfbb35a50, dwHighDateTime=0x1d6076c)) [0198.479] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp", piIcon=0x4e4efc4) returned 0x60155 [0198.485] GetIconInfo (in: hIcon=0x60155, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0198.486] CreateFileW (lpFileName="EyYc.ico" (normalized: "c:\\windows\\system32\\eyyc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.487] GetObjectA (in: h=0x2705076f, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0198.487] GetObjectA (in: h=0x210501fe, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0198.487] CreateCompatibleDC (hdc=0x0) returned 0x4e0101ca [0198.487] GetDIBits (in: hdc=0x4e0101ca, hbm=0x2705076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0198.488] GetDIBits (in: hdc=0x4e0101ca, hbm=0x2705076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0198.488] GetDIBits (in: hdc=0x4e0101ca, hbm=0x2705076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0198.488] GetDIBits (in: hdc=0x4e0101ca, hbm=0x210501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0198.488] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0198.489] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0198.489] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0198.489] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0198.489] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0198.490] DeleteDC (hdc=0x4e0101ca) returned 1 [0198.490] CloseHandle (hObject=0x408) returned 1 [0198.492] DeleteObject (ho=0x2705076f) returned 1 [0198.492] DeleteObject (ho=0x210501fe) returned 1 [0198.492] DestroyCursor (hCursor=0x60155) returned 1 [0198.492] GetCurrentThreadId () returned 0x6f8 [0198.492] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.492] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.497] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0198.498] CloseHandle (hObject=0x408) returned 1 [0198.498] GetCurrentThreadId () returned 0x6f8 [0198.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfbb5bbb0, dwHighDateTime=0x1d6076c)) [0198.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfbb5bbb0, dwHighDateTime=0x1d6076c)) [0198.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfbb5bbb0, dwHighDateTime=0x1d6076c)) [0198.605] GetCurrentThreadId () returned 0x6f8 [0198.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfbc66550, dwHighDateTime=0x1d6076c)) [0198.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfbc66550, dwHighDateTime=0x1d6076c)) [0198.605] GetCurrentThreadId () returned 0x6f8 [0198.605] CreateFileW (lpFileName="iQoi.exe" (normalized: "c:\\windows\\system32\\iqoi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.607] CreateFileW (lpFileName="iQoi.exe" (normalized: "c:\\windows\\system32\\iqoi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.607] GetCurrentThreadId () returned 0x6f8 [0198.607] GetCurrentThreadId () returned 0x6f8 [0198.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfbc66550, dwHighDateTime=0x1d6076c)) [0198.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfbc66550, dwHighDateTime=0x1d6076c)) [0198.608] CreateFileW (lpFileName="iQoi.exe" (normalized: "c:\\windows\\system32\\iqoi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.608] GetCurrentThreadId () returned 0x6f8 [0198.608] BeginUpdateResourceW (pFileName="iQoi.exe" (normalized: "c:\\windows\\system32\\iqoi.exe"), bDeleteExistingResources=0) returned 0x0 [0198.608] CreateFileW (lpFileName="EyYc.ico" (normalized: "c:\\windows\\system32\\eyyc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0198.608] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0198.608] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0198.608] CloseHandle (hObject=0x408) returned 1 [0198.609] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0198.609] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0198.609] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0198.609] CopyFileW (lpExistingFileName="iQoi.exe" (normalized: "c:\\windows\\system32\\iqoi.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp.exe"), bFailIfExists=0) returned 0 [0198.609] SetNamedSecurityInfoW () returned 0x2 [0198.609] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp")) returned 0 [0198.609] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0198.610] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0198.610] DeleteFileW (lpFileName="EyYc.ico" (normalized: "c:\\windows\\system32\\eyyc.ico")) returned 1 [0198.611] DeleteFileW (lpFileName="iQoi.exe" (normalized: "c:\\windows\\system32\\iqoi.exe")) returned 0 [0198.611] GetCurrentThreadId () returned 0x6f8 [0198.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfbc66550, dwHighDateTime=0x1d6076c)) [0198.611] GetCurrentThreadId () returned 0x6f8 [0198.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfbc66550, dwHighDateTime=0x1d6076c)) [0198.611] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd42216d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile32.bmp", cAlternateFileName="")) returned 1 [0198.612] GetCurrentThreadId () returned 0x6f8 [0198.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfbc66550, dwHighDateTime=0x1d6076c)) [0198.612] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp")) returned 0x20 [0198.612] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp", dwFileAttributes=0x80) returned 0 [0198.612] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.612] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.617] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0198.621] GetCurrentThreadId () returned 0x6f8 [0198.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfbc8c6b0, dwHighDateTime=0x1d6076c)) [0198.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfbc8c6b0, dwHighDateTime=0x1d6076c)) [0198.621] GetCurrentThreadId () returned 0x6f8 [0198.621] CloseHandle (hObject=0x408) returned 1 [0198.621] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp", dwFileAttributes=0x20) returned 0 [0198.621] GetCurrentThreadId () returned 0x6f8 [0198.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfbc8c6b0, dwHighDateTime=0x1d6076c)) [0198.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfbc8c6b0, dwHighDateTime=0x1d6076c)) [0198.621] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp", piIcon=0x4e4efc4) returned 0x70155 [0198.626] GetIconInfo (in: hIcon=0x70155, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0198.627] CreateFileW (lpFileName="GQIA.ico" (normalized: "c:\\windows\\system32\\gqia.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.627] GetObjectA (in: h=0xe0501fb, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0198.627] GetObjectA (in: h=0x1c0501fc, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0198.627] CreateCompatibleDC (hdc=0x0) returned 0x20010776 [0198.627] GetDIBits (in: hdc=0x20010776, hbm=0xe0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0198.627] GetDIBits (in: hdc=0x20010776, hbm=0xe0501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0198.627] GetDIBits (in: hdc=0x20010776, hbm=0xe0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0198.627] GetDIBits (in: hdc=0x20010776, hbm=0x1c0501fc, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0198.627] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0198.628] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0198.629] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0198.629] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0198.629] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0198.629] DeleteDC (hdc=0x20010776) returned 1 [0198.629] CloseHandle (hObject=0x408) returned 1 [0198.632] DeleteObject (ho=0xe0501fb) returned 1 [0198.632] DeleteObject (ho=0x1c0501fc) returned 1 [0198.632] DestroyCursor (hCursor=0x70155) returned 1 [0198.632] GetCurrentThreadId () returned 0x6f8 [0198.632] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.632] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.637] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0198.637] CloseHandle (hObject=0x408) returned 1 [0198.637] GetCurrentThreadId () returned 0x6f8 [0198.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfbcb2810, dwHighDateTime=0x1d6076c)) [0198.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfbcb2810, dwHighDateTime=0x1d6076c)) [0198.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfbcb2810, dwHighDateTime=0x1d6076c)) [0198.705] GetCurrentThreadId () returned 0x6f8 [0198.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfbd4ad90, dwHighDateTime=0x1d6076c)) [0198.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfbd4ad90, dwHighDateTime=0x1d6076c)) [0198.705] GetCurrentThreadId () returned 0x6f8 [0198.705] CreateFileW (lpFileName="skUw.exe" (normalized: "c:\\windows\\system32\\skuw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.706] CreateFileW (lpFileName="skUw.exe" (normalized: "c:\\windows\\system32\\skuw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.706] GetCurrentThreadId () returned 0x6f8 [0198.706] GetCurrentThreadId () returned 0x6f8 [0198.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfbd4ad90, dwHighDateTime=0x1d6076c)) [0198.707] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfbd4ad90, dwHighDateTime=0x1d6076c)) [0198.707] CreateFileW (lpFileName="skUw.exe" (normalized: "c:\\windows\\system32\\skuw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.708] GetCurrentThreadId () returned 0x6f8 [0198.708] BeginUpdateResourceW (pFileName="skUw.exe" (normalized: "c:\\windows\\system32\\skuw.exe"), bDeleteExistingResources=0) returned 0x0 [0198.708] CreateFileW (lpFileName="GQIA.ico" (normalized: "c:\\windows\\system32\\gqia.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0198.708] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0198.708] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0198.708] CloseHandle (hObject=0x408) returned 1 [0198.709] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0198.709] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0198.709] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0198.709] CopyFileW (lpExistingFileName="skUw.exe" (normalized: "c:\\windows\\system32\\skuw.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp.exe"), bFailIfExists=0) returned 0 [0198.709] SetNamedSecurityInfoW () returned 0x2 [0198.709] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp")) returned 0 [0198.709] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0198.710] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0198.710] DeleteFileW (lpFileName="GQIA.ico" (normalized: "c:\\windows\\system32\\gqia.ico")) returned 1 [0198.711] DeleteFileW (lpFileName="skUw.exe" (normalized: "c:\\windows\\system32\\skuw.exe")) returned 0 [0198.712] GetCurrentThreadId () returned 0x6f8 [0198.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfbd4ad90, dwHighDateTime=0x1d6076c)) [0198.712] GetCurrentThreadId () returned 0x6f8 [0198.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfbd4ad90, dwHighDateTime=0x1d6076c)) [0198.712] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4b0a44, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4b0a44, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd4482cb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile33.bmp", cAlternateFileName="")) returned 1 [0198.712] GetCurrentThreadId () returned 0x6f8 [0198.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfbd70ef0, dwHighDateTime=0x1d6076c)) [0198.712] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp")) returned 0x20 [0198.713] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp", dwFileAttributes=0x80) returned 0 [0198.713] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.713] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.718] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0198.722] GetCurrentThreadId () returned 0x6f8 [0198.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfbd70ef0, dwHighDateTime=0x1d6076c)) [0198.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfbd70ef0, dwHighDateTime=0x1d6076c)) [0198.722] GetCurrentThreadId () returned 0x6f8 [0198.722] CloseHandle (hObject=0x408) returned 1 [0198.722] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp", dwFileAttributes=0x20) returned 0 [0198.723] GetCurrentThreadId () returned 0x6f8 [0198.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfbd70ef0, dwHighDateTime=0x1d6076c)) [0198.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfbd70ef0, dwHighDateTime=0x1d6076c)) [0198.723] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp", piIcon=0x4e4efc4) returned 0x80155 [0198.729] GetIconInfo (in: hIcon=0x80155, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0198.729] CreateFileW (lpFileName="SAgs.ico" (normalized: "c:\\windows\\system32\\sags.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.730] GetObjectA (in: h=0x1d050772, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0198.730] GetObjectA (in: h=0x2b05076f, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0198.730] CreateCompatibleDC (hdc=0x0) returned 0x530101ca [0198.730] GetDIBits (in: hdc=0x530101ca, hbm=0x1d050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0198.730] GetDIBits (in: hdc=0x530101ca, hbm=0x1d050772, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0198.731] GetDIBits (in: hdc=0x530101ca, hbm=0x1d050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0198.731] GetDIBits (in: hdc=0x530101ca, hbm=0x2b05076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0198.731] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0198.732] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0198.732] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0198.732] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0198.732] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0198.732] DeleteDC (hdc=0x530101ca) returned 1 [0198.732] CloseHandle (hObject=0x408) returned 1 [0198.733] DeleteObject (ho=0x1d050772) returned 1 [0198.733] DeleteObject (ho=0x2b05076f) returned 1 [0198.733] DestroyCursor (hCursor=0x80155) returned 1 [0198.734] GetCurrentThreadId () returned 0x6f8 [0198.734] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.734] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.739] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0198.739] CloseHandle (hObject=0x408) returned 1 [0198.739] GetCurrentThreadId () returned 0x6f8 [0198.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfbd97050, dwHighDateTime=0x1d6076c)) [0198.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfbd97050, dwHighDateTime=0x1d6076c)) [0198.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfbd97050, dwHighDateTime=0x1d6076c)) [0198.856] GetCurrentThreadId () returned 0x6f8 [0198.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfbec7b50, dwHighDateTime=0x1d6076c)) [0198.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfbec7b50, dwHighDateTime=0x1d6076c)) [0198.856] GetCurrentThreadId () returned 0x6f8 [0198.856] CreateFileW (lpFileName="EwsI.exe" (normalized: "c:\\windows\\system32\\ewsi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.857] CreateFileW (lpFileName="EwsI.exe" (normalized: "c:\\windows\\system32\\ewsi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.857] GetCurrentThreadId () returned 0x6f8 [0198.857] GetCurrentThreadId () returned 0x6f8 [0198.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfbec7b50, dwHighDateTime=0x1d6076c)) [0198.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfbec7b50, dwHighDateTime=0x1d6076c)) [0198.857] CreateFileW (lpFileName="EwsI.exe" (normalized: "c:\\windows\\system32\\ewsi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0198.857] GetCurrentThreadId () returned 0x6f8 [0198.857] BeginUpdateResourceW (pFileName="EwsI.exe" (normalized: "c:\\windows\\system32\\ewsi.exe"), bDeleteExistingResources=0) returned 0x0 [0198.857] CreateFileW (lpFileName="SAgs.ico" (normalized: "c:\\windows\\system32\\sags.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0198.857] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0198.858] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0198.858] CloseHandle (hObject=0x408) returned 1 [0198.858] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0198.858] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0198.858] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0198.858] CopyFileW (lpExistingFileName="EwsI.exe" (normalized: "c:\\windows\\system32\\ewsi.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp.exe"), bFailIfExists=0) returned 0 [0198.858] SetNamedSecurityInfoW () returned 0x2 [0198.859] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp")) returned 0 [0198.859] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0198.859] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0198.859] DeleteFileW (lpFileName="SAgs.ico" (normalized: "c:\\windows\\system32\\sags.ico")) returned 1 [0198.860] DeleteFileW (lpFileName="EwsI.exe" (normalized: "c:\\windows\\system32\\ewsi.exe")) returned 0 [0198.860] GetCurrentThreadId () returned 0x6f8 [0198.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfbec7b50, dwHighDateTime=0x1d6076c)) [0198.861] GetCurrentThreadId () returned 0x6f8 [0198.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfbec7b50, dwHighDateTime=0x1d6076c)) [0198.861] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9c9561, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile34.bmp", cAlternateFileName="")) returned 1 [0198.861] GetCurrentThreadId () returned 0x6f8 [0198.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfbec7b50, dwHighDateTime=0x1d6076c)) [0198.861] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp")) returned 0x20 [0198.862] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp", dwFileAttributes=0x80) returned 0 [0198.862] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.862] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.867] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0198.869] GetCurrentThreadId () returned 0x6f8 [0198.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfbeedcb0, dwHighDateTime=0x1d6076c)) [0198.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfbeedcb0, dwHighDateTime=0x1d6076c)) [0198.869] GetCurrentThreadId () returned 0x6f8 [0198.869] CloseHandle (hObject=0x408) returned 1 [0198.870] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp", dwFileAttributes=0x20) returned 0 [0198.870] GetCurrentThreadId () returned 0x6f8 [0198.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfbeedcb0, dwHighDateTime=0x1d6076c)) [0198.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfbeedcb0, dwHighDateTime=0x1d6076c)) [0198.870] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp", piIcon=0x4e4efc4) returned 0x90155 [0198.875] GetIconInfo (in: hIcon=0x90155, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0198.875] CreateFileW (lpFileName="KWog.ico" (normalized: "c:\\windows\\system32\\kwog.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.876] GetObjectA (in: h=0x280501fe, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0198.876] GetObjectA (in: h=0x120501fb, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0198.876] CreateCompatibleDC (hdc=0x0) returned 0x25010776 [0198.876] GetDIBits (in: hdc=0x25010776, hbm=0x280501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0198.876] GetDIBits (in: hdc=0x25010776, hbm=0x280501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0198.876] GetDIBits (in: hdc=0x25010776, hbm=0x280501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0198.876] GetDIBits (in: hdc=0x25010776, hbm=0x120501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0198.876] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0198.877] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0198.877] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0198.877] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0198.877] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0198.878] DeleteDC (hdc=0x25010776) returned 1 [0198.878] CloseHandle (hObject=0x408) returned 1 [0198.880] DeleteObject (ho=0x280501fe) returned 1 [0198.880] DeleteObject (ho=0x120501fb) returned 1 [0198.880] DestroyCursor (hCursor=0x90155) returned 1 [0198.880] GetCurrentThreadId () returned 0x6f8 [0198.880] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0198.880] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0198.886] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0198.886] CloseHandle (hObject=0x408) returned 1 [0198.886] GetCurrentThreadId () returned 0x6f8 [0198.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfbf13e10, dwHighDateTime=0x1d6076c)) [0198.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfbf13e10, dwHighDateTime=0x1d6076c)) [0198.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfbf13e10, dwHighDateTime=0x1d6076c)) [0198.999] GetCurrentThreadId () returned 0x6f8 [0198.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc01e7b0, dwHighDateTime=0x1d6076c)) [0198.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc01e7b0, dwHighDateTime=0x1d6076c)) [0198.999] GetCurrentThreadId () returned 0x6f8 [0198.999] CreateFileW (lpFileName="uogK.exe" (normalized: "c:\\windows\\system32\\uogk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.000] CreateFileW (lpFileName="uogK.exe" (normalized: "c:\\windows\\system32\\uogk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.000] GetCurrentThreadId () returned 0x6f8 [0199.000] GetCurrentThreadId () returned 0x6f8 [0199.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc01e7b0, dwHighDateTime=0x1d6076c)) [0199.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc01e7b0, dwHighDateTime=0x1d6076c)) [0199.000] CreateFileW (lpFileName="uogK.exe" (normalized: "c:\\windows\\system32\\uogk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.000] GetCurrentThreadId () returned 0x6f8 [0199.000] BeginUpdateResourceW (pFileName="uogK.exe" (normalized: "c:\\windows\\system32\\uogk.exe"), bDeleteExistingResources=0) returned 0x0 [0199.000] CreateFileW (lpFileName="KWog.ico" (normalized: "c:\\windows\\system32\\kwog.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0199.000] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0199.000] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0199.001] CloseHandle (hObject=0x408) returned 1 [0199.001] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0199.001] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0199.001] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0199.001] CopyFileW (lpExistingFileName="uogK.exe" (normalized: "c:\\windows\\system32\\uogk.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp.exe"), bFailIfExists=0) returned 0 [0199.001] SetNamedSecurityInfoW () returned 0x2 [0199.001] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp")) returned 0 [0199.001] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0199.001] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0199.001] DeleteFileW (lpFileName="KWog.ico" (normalized: "c:\\windows\\system32\\kwog.ico")) returned 1 [0199.002] DeleteFileW (lpFileName="uogK.exe" (normalized: "c:\\windows\\system32\\uogk.exe")) returned 0 [0199.003] GetCurrentThreadId () returned 0x6f8 [0199.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfc01e7b0, dwHighDateTime=0x1d6076c)) [0199.003] GetCurrentThreadId () returned 0x6f8 [0199.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfc01e7b0, dwHighDateTime=0x1d6076c)) [0199.003] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile35.bmp", cAlternateFileName="")) returned 1 [0199.003] GetCurrentThreadId () returned 0x6f8 [0199.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfc01e7b0, dwHighDateTime=0x1d6076c)) [0199.003] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp")) returned 0x20 [0199.003] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp", dwFileAttributes=0x80) returned 0 [0199.003] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.003] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.008] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0199.011] GetCurrentThreadId () returned 0x6f8 [0199.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfc044910, dwHighDateTime=0x1d6076c)) [0199.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfc044910, dwHighDateTime=0x1d6076c)) [0199.011] GetCurrentThreadId () returned 0x6f8 [0199.011] CloseHandle (hObject=0x408) returned 1 [0199.011] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp", dwFileAttributes=0x20) returned 0 [0199.011] GetCurrentThreadId () returned 0x6f8 [0199.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfc044910, dwHighDateTime=0x1d6076c)) [0199.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfc044910, dwHighDateTime=0x1d6076c)) [0199.012] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp", piIcon=0x4e4efc4) returned 0xa0155 [0199.018] GetIconInfo (in: hIcon=0xa0155, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0199.018] CreateFileW (lpFileName="goYo.ico" (normalized: "c:\\windows\\system32\\goyo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.019] GetObjectA (in: h=0x230501fc, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0199.019] GetObjectA (in: h=0x21050772, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0199.019] CreateCompatibleDC (hdc=0x0) returned 0x580101ca [0199.019] GetDIBits (in: hdc=0x580101ca, hbm=0x230501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0199.019] GetDIBits (in: hdc=0x580101ca, hbm=0x230501fc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0199.019] GetDIBits (in: hdc=0x580101ca, hbm=0x230501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0199.019] GetDIBits (in: hdc=0x580101ca, hbm=0x21050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0199.019] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0199.020] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0199.021] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0199.021] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0199.021] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0199.021] DeleteDC (hdc=0x580101ca) returned 1 [0199.021] CloseHandle (hObject=0x408) returned 1 [0199.022] DeleteObject (ho=0x230501fc) returned 1 [0199.022] DeleteObject (ho=0x21050772) returned 1 [0199.022] DestroyCursor (hCursor=0xa0155) returned 1 [0199.022] GetCurrentThreadId () returned 0x6f8 [0199.023] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.023] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.028] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0199.028] CloseHandle (hObject=0x408) returned 1 [0199.028] GetCurrentThreadId () returned 0x6f8 [0199.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfc06aa70, dwHighDateTime=0x1d6076c)) [0199.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfc06aa70, dwHighDateTime=0x1d6076c)) [0199.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfc06aa70, dwHighDateTime=0x1d6076c)) [0199.111] GetCurrentThreadId () returned 0x6f8 [0199.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc129150, dwHighDateTime=0x1d6076c)) [0199.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc129150, dwHighDateTime=0x1d6076c)) [0199.111] GetCurrentThreadId () returned 0x6f8 [0199.112] CreateFileW (lpFileName="msUu.exe" (normalized: "c:\\windows\\system32\\msuu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.112] CreateFileW (lpFileName="msUu.exe" (normalized: "c:\\windows\\system32\\msuu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.112] GetCurrentThreadId () returned 0x6f8 [0199.112] GetCurrentThreadId () returned 0x6f8 [0199.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc129150, dwHighDateTime=0x1d6076c)) [0199.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc129150, dwHighDateTime=0x1d6076c)) [0199.112] CreateFileW (lpFileName="msUu.exe" (normalized: "c:\\windows\\system32\\msuu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.113] GetCurrentThreadId () returned 0x6f8 [0199.113] BeginUpdateResourceW (pFileName="msUu.exe" (normalized: "c:\\windows\\system32\\msuu.exe"), bDeleteExistingResources=0) returned 0x0 [0199.113] CreateFileW (lpFileName="goYo.ico" (normalized: "c:\\windows\\system32\\goyo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0199.113] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0199.113] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0199.113] CloseHandle (hObject=0x408) returned 1 [0199.113] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0199.113] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0199.113] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0199.113] CopyFileW (lpExistingFileName="msUu.exe" (normalized: "c:\\windows\\system32\\msuu.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp.exe"), bFailIfExists=0) returned 0 [0199.114] SetNamedSecurityInfoW () returned 0x2 [0199.114] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp")) returned 0 [0199.114] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0199.114] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0199.114] DeleteFileW (lpFileName="goYo.ico" (normalized: "c:\\windows\\system32\\goyo.ico")) returned 1 [0199.115] DeleteFileW (lpFileName="msUu.exe" (normalized: "c:\\windows\\system32\\msuu.exe")) returned 0 [0199.115] GetCurrentThreadId () returned 0x6f8 [0199.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfc129150, dwHighDateTime=0x1d6076c)) [0199.115] GetCurrentThreadId () returned 0x6f8 [0199.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfc129150, dwHighDateTime=0x1d6076c)) [0199.115] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae548fb8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae548fb8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile36.bmp", cAlternateFileName="")) returned 1 [0199.116] GetCurrentThreadId () returned 0x6f8 [0199.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfc129150, dwHighDateTime=0x1d6076c)) [0199.116] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp")) returned 0x20 [0199.116] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp", dwFileAttributes=0x80) returned 0 [0199.116] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.116] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.121] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0199.123] GetCurrentThreadId () returned 0x6f8 [0199.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfc14f2b0, dwHighDateTime=0x1d6076c)) [0199.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfc14f2b0, dwHighDateTime=0x1d6076c)) [0199.123] GetCurrentThreadId () returned 0x6f8 [0199.123] CloseHandle (hObject=0x408) returned 1 [0199.123] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp", dwFileAttributes=0x20) returned 0 [0199.123] GetCurrentThreadId () returned 0x6f8 [0199.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfc14f2b0, dwHighDateTime=0x1d6076c)) [0199.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfc14f2b0, dwHighDateTime=0x1d6076c)) [0199.123] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp", piIcon=0x4e4efc4) returned 0xb0155 [0199.128] GetIconInfo (in: hIcon=0xb0155, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0199.128] CreateFileW (lpFileName="YYkQ.ico" (normalized: "c:\\windows\\system32\\yykq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.128] GetObjectA (in: h=0x3205076f, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0199.128] GetObjectA (in: h=0x2c0501fe, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0199.128] CreateCompatibleDC (hdc=0x0) returned 0x2a010776 [0199.129] GetDIBits (in: hdc=0x2a010776, hbm=0x3205076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0199.129] GetDIBits (in: hdc=0x2a010776, hbm=0x3205076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0199.129] GetDIBits (in: hdc=0x2a010776, hbm=0x3205076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0199.129] GetDIBits (in: hdc=0x2a010776, hbm=0x2c0501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0199.129] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0199.130] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0199.130] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0199.130] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0199.130] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0199.131] DeleteDC (hdc=0x2a010776) returned 1 [0199.131] CloseHandle (hObject=0x408) returned 1 [0199.131] DeleteObject (ho=0x3205076f) returned 1 [0199.131] DeleteObject (ho=0x2c0501fe) returned 1 [0199.132] DestroyCursor (hCursor=0xb0155) returned 1 [0199.132] GetCurrentThreadId () returned 0x6f8 [0199.132] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.132] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.137] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0199.137] CloseHandle (hObject=0x408) returned 1 [0199.138] GetCurrentThreadId () returned 0x6f8 [0199.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfc175410, dwHighDateTime=0x1d6076c)) [0199.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfc175410, dwHighDateTime=0x1d6076c)) [0199.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfc175410, dwHighDateTime=0x1d6076c)) [0199.251] GetCurrentThreadId () returned 0x6f8 [0199.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc27fdb0, dwHighDateTime=0x1d6076c)) [0199.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc27fdb0, dwHighDateTime=0x1d6076c)) [0199.252] GetCurrentThreadId () returned 0x6f8 [0199.252] CreateFileW (lpFileName="CUMm.exe" (normalized: "c:\\windows\\system32\\cumm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.252] CreateFileW (lpFileName="CUMm.exe" (normalized: "c:\\windows\\system32\\cumm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.256] GetCurrentThreadId () returned 0x6f8 [0199.256] GetCurrentThreadId () returned 0x6f8 [0199.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc27fdb0, dwHighDateTime=0x1d6076c)) [0199.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc27fdb0, dwHighDateTime=0x1d6076c)) [0199.256] CreateFileW (lpFileName="CUMm.exe" (normalized: "c:\\windows\\system32\\cumm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.256] GetCurrentThreadId () returned 0x6f8 [0199.256] BeginUpdateResourceW (pFileName="CUMm.exe" (normalized: "c:\\windows\\system32\\cumm.exe"), bDeleteExistingResources=0) returned 0x0 [0199.256] CreateFileW (lpFileName="YYkQ.ico" (normalized: "c:\\windows\\system32\\yykq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0199.257] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0199.257] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0199.257] CloseHandle (hObject=0x408) returned 1 [0199.257] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0199.257] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0199.257] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0199.257] CopyFileW (lpExistingFileName="CUMm.exe" (normalized: "c:\\windows\\system32\\cumm.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp.exe"), bFailIfExists=0) returned 0 [0199.258] SetNamedSecurityInfoW () returned 0x2 [0199.258] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp")) returned 0 [0199.258] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0199.258] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0199.258] DeleteFileW (lpFileName="YYkQ.ico" (normalized: "c:\\windows\\system32\\yykq.ico")) returned 1 [0199.260] DeleteFileW (lpFileName="CUMm.exe" (normalized: "c:\\windows\\system32\\cumm.exe")) returned 0 [0199.260] GetCurrentThreadId () returned 0x6f8 [0199.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfc2a5f10, dwHighDateTime=0x1d6076c)) [0199.260] GetCurrentThreadId () returned 0x6f8 [0199.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfc2a5f10, dwHighDateTime=0x1d6076c)) [0199.260] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae595272, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae595272, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile37.bmp", cAlternateFileName="")) returned 1 [0199.260] GetCurrentThreadId () returned 0x6f8 [0199.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfc2a5f10, dwHighDateTime=0x1d6076c)) [0199.261] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp")) returned 0x20 [0199.261] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp", dwFileAttributes=0x80) returned 0 [0199.261] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.261] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.266] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0199.291] GetCurrentThreadId () returned 0x6f8 [0199.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfc2f21d0, dwHighDateTime=0x1d6076c)) [0199.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfc2f21d0, dwHighDateTime=0x1d6076c)) [0199.291] GetCurrentThreadId () returned 0x6f8 [0199.291] CloseHandle (hObject=0x408) returned 1 [0199.291] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp", dwFileAttributes=0x20) returned 0 [0199.292] GetCurrentThreadId () returned 0x6f8 [0199.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfc2f21d0, dwHighDateTime=0x1d6076c)) [0199.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfc2f21d0, dwHighDateTime=0x1d6076c)) [0199.292] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp", piIcon=0x4e4efc4) returned 0xc0155 [0199.298] GetIconInfo (in: hIcon=0xc0155, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0199.298] CreateFileW (lpFileName="mkUM.ico" (normalized: "c:\\windows\\system32\\mkum.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.300] GetObjectA (in: h=0x190501fb, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0199.300] GetObjectA (in: h=0x270501fc, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0199.300] CreateCompatibleDC (hdc=0x0) returned 0x5d0101ca [0199.300] GetDIBits (in: hdc=0x5d0101ca, hbm=0x190501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0199.300] GetDIBits (in: hdc=0x5d0101ca, hbm=0x190501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0199.300] GetDIBits (in: hdc=0x5d0101ca, hbm=0x190501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0199.300] GetDIBits (in: hdc=0x5d0101ca, hbm=0x270501fc, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0199.300] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0199.301] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0199.302] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0199.302] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0199.302] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0199.302] DeleteDC (hdc=0x5d0101ca) returned 1 [0199.302] CloseHandle (hObject=0x408) returned 1 [0199.303] DeleteObject (ho=0x190501fb) returned 1 [0199.303] DeleteObject (ho=0x270501fc) returned 1 [0199.303] DestroyCursor (hCursor=0xc0155) returned 1 [0199.303] GetCurrentThreadId () returned 0x6f8 [0199.303] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.303] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.308] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0199.308] CloseHandle (hObject=0x408) returned 1 [0199.308] GetCurrentThreadId () returned 0x6f8 [0199.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfc318330, dwHighDateTime=0x1d6076c)) [0199.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfc318330, dwHighDateTime=0x1d6076c)) [0199.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfc318330, dwHighDateTime=0x1d6076c)) [0199.406] GetCurrentThreadId () returned 0x6f8 [0199.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc3fcb70, dwHighDateTime=0x1d6076c)) [0199.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc3fcb70, dwHighDateTime=0x1d6076c)) [0199.407] GetCurrentThreadId () returned 0x6f8 [0199.407] CreateFileW (lpFileName="YIQg.exe" (normalized: "c:\\windows\\system32\\yiqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.407] CreateFileW (lpFileName="YIQg.exe" (normalized: "c:\\windows\\system32\\yiqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.408] GetCurrentThreadId () returned 0x6f8 [0199.408] GetCurrentThreadId () returned 0x6f8 [0199.408] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc3fcb70, dwHighDateTime=0x1d6076c)) [0199.408] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc3fcb70, dwHighDateTime=0x1d6076c)) [0199.408] CreateFileW (lpFileName="YIQg.exe" (normalized: "c:\\windows\\system32\\yiqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.408] GetCurrentThreadId () returned 0x6f8 [0199.408] BeginUpdateResourceW (pFileName="YIQg.exe" (normalized: "c:\\windows\\system32\\yiqg.exe"), bDeleteExistingResources=0) returned 0x0 [0199.408] CreateFileW (lpFileName="mkUM.ico" (normalized: "c:\\windows\\system32\\mkum.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0199.408] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0199.409] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0199.409] CloseHandle (hObject=0x408) returned 1 [0199.409] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0199.409] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0199.409] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0199.409] CopyFileW (lpExistingFileName="YIQg.exe" (normalized: "c:\\windows\\system32\\yiqg.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp.exe"), bFailIfExists=0) returned 0 [0199.409] SetNamedSecurityInfoW () returned 0x2 [0199.409] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp")) returned 0 [0199.410] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0199.410] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0199.410] DeleteFileW (lpFileName="mkUM.ico" (normalized: "c:\\windows\\system32\\mkum.ico")) returned 1 [0199.411] DeleteFileW (lpFileName="YIQg.exe" (normalized: "c:\\windows\\system32\\yiqg.exe")) returned 0 [0199.411] GetCurrentThreadId () returned 0x6f8 [0199.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfc3fcb70, dwHighDateTime=0x1d6076c)) [0199.411] GetCurrentThreadId () returned 0x6f8 [0199.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfc3fcb70, dwHighDateTime=0x1d6076c)) [0199.411] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5bb3cf, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5bb3cf, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile38.bmp", cAlternateFileName="")) returned 1 [0199.412] GetCurrentThreadId () returned 0x6f8 [0199.412] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfc3fcb70, dwHighDateTime=0x1d6076c)) [0199.412] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp")) returned 0x20 [0199.413] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp", dwFileAttributes=0x80) returned 0 [0199.413] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.413] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.418] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0199.445] GetCurrentThreadId () returned 0x6f8 [0199.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfc46ef90, dwHighDateTime=0x1d6076c)) [0199.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfc46ef90, dwHighDateTime=0x1d6076c)) [0199.445] GetCurrentThreadId () returned 0x6f8 [0199.445] CloseHandle (hObject=0x408) returned 1 [0199.446] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp", dwFileAttributes=0x20) returned 0 [0199.446] GetCurrentThreadId () returned 0x6f8 [0199.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfc46ef90, dwHighDateTime=0x1d6076c)) [0199.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfc46ef90, dwHighDateTime=0x1d6076c)) [0199.446] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp", piIcon=0x4e4efc4) returned 0x400f3 [0199.451] GetIconInfo (in: hIcon=0x400f3, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0199.451] CreateFileW (lpFileName="kEwU.ico" (normalized: "c:\\windows\\system32\\kewu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.451] GetObjectA (in: h=0x28050772, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0199.451] GetObjectA (in: h=0x3605076f, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0199.451] CreateCompatibleDC (hdc=0x0) returned 0x2f010776 [0199.451] GetDIBits (in: hdc=0x2f010776, hbm=0x28050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0199.451] GetDIBits (in: hdc=0x2f010776, hbm=0x28050772, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0199.452] GetDIBits (in: hdc=0x2f010776, hbm=0x28050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0199.452] GetDIBits (in: hdc=0x2f010776, hbm=0x3605076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0199.452] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0199.453] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0199.453] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0199.453] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0199.453] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0199.453] DeleteDC (hdc=0x2f010776) returned 1 [0199.453] CloseHandle (hObject=0x408) returned 1 [0199.456] DeleteObject (ho=0x28050772) returned 1 [0199.456] DeleteObject (ho=0x3605076f) returned 1 [0199.456] DestroyCursor (hCursor=0x400f3) returned 1 [0199.456] GetCurrentThreadId () returned 0x6f8 [0199.456] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.456] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.460] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0199.461] CloseHandle (hObject=0x408) returned 1 [0199.461] GetCurrentThreadId () returned 0x6f8 [0199.461] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfc4950f0, dwHighDateTime=0x1d6076c)) [0199.461] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfc4950f0, dwHighDateTime=0x1d6076c)) [0199.461] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfc4950f0, dwHighDateTime=0x1d6076c)) [0199.531] GetCurrentThreadId () returned 0x6f8 [0199.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc52d670, dwHighDateTime=0x1d6076c)) [0199.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc52d670, dwHighDateTime=0x1d6076c)) [0199.531] GetCurrentThreadId () returned 0x6f8 [0199.531] CreateFileW (lpFileName="kUoW.exe" (normalized: "c:\\windows\\system32\\kuow.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.532] CreateFileW (lpFileName="kUoW.exe" (normalized: "c:\\windows\\system32\\kuow.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.532] GetCurrentThreadId () returned 0x6f8 [0199.532] GetCurrentThreadId () returned 0x6f8 [0199.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc52d670, dwHighDateTime=0x1d6076c)) [0199.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc52d670, dwHighDateTime=0x1d6076c)) [0199.532] CreateFileW (lpFileName="kUoW.exe" (normalized: "c:\\windows\\system32\\kuow.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.532] GetCurrentThreadId () returned 0x6f8 [0199.532] BeginUpdateResourceW (pFileName="kUoW.exe" (normalized: "c:\\windows\\system32\\kuow.exe"), bDeleteExistingResources=0) returned 0x0 [0199.532] CreateFileW (lpFileName="kEwU.ico" (normalized: "c:\\windows\\system32\\kewu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0199.533] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0199.533] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0199.533] CloseHandle (hObject=0x408) returned 1 [0199.533] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0199.533] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0199.533] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0199.533] CopyFileW (lpExistingFileName="kUoW.exe" (normalized: "c:\\windows\\system32\\kuow.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp.exe"), bFailIfExists=0) returned 0 [0199.533] SetNamedSecurityInfoW () returned 0x2 [0199.533] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp")) returned 0 [0199.534] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0199.534] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0199.534] DeleteFileW (lpFileName="kEwU.ico" (normalized: "c:\\windows\\system32\\kewu.ico")) returned 1 [0199.535] DeleteFileW (lpFileName="kUoW.exe" (normalized: "c:\\windows\\system32\\kuow.exe")) returned 0 [0199.535] GetCurrentThreadId () returned 0x6f8 [0199.535] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfc52d670, dwHighDateTime=0x1d6076c)) [0199.535] GetCurrentThreadId () returned 0x6f8 [0199.535] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfc52d670, dwHighDateTime=0x1d6076c)) [0199.535] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5e152c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5e152c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc2ab41, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile39.bmp", cAlternateFileName="")) returned 1 [0199.535] GetCurrentThreadId () returned 0x6f8 [0199.535] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfc52d670, dwHighDateTime=0x1d6076c)) [0199.535] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp")) returned 0x20 [0199.535] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp", dwFileAttributes=0x80) returned 0 [0199.536] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.536] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.540] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0199.582] GetCurrentThreadId () returned 0x6f8 [0199.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfc59fa90, dwHighDateTime=0x1d6076c)) [0199.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfc59fa90, dwHighDateTime=0x1d6076c)) [0199.582] GetCurrentThreadId () returned 0x6f8 [0199.582] CloseHandle (hObject=0x408) returned 1 [0199.582] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp", dwFileAttributes=0x20) returned 0 [0199.583] GetCurrentThreadId () returned 0x6f8 [0199.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfc59fa90, dwHighDateTime=0x1d6076c)) [0199.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfc59fa90, dwHighDateTime=0x1d6076c)) [0199.583] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp", piIcon=0x4e4efc4) returned 0x500f3 [0199.587] GetIconInfo (in: hIcon=0x500f3, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0199.587] CreateFileW (lpFileName="eSUY.ico" (normalized: "c:\\windows\\system32\\esuy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.588] GetObjectA (in: h=0x330501fe, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0199.588] GetObjectA (in: h=0x1d0501fb, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0199.588] CreateCompatibleDC (hdc=0x0) returned 0x620101ca [0199.588] GetDIBits (in: hdc=0x620101ca, hbm=0x330501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0199.588] GetDIBits (in: hdc=0x620101ca, hbm=0x330501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0199.588] GetDIBits (in: hdc=0x620101ca, hbm=0x330501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0199.588] GetDIBits (in: hdc=0x620101ca, hbm=0x1d0501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0199.588] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0199.589] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0199.589] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0199.589] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0199.589] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0199.590] DeleteDC (hdc=0x620101ca) returned 1 [0199.590] CloseHandle (hObject=0x408) returned 1 [0199.594] DeleteObject (ho=0x330501fe) returned 1 [0199.594] DeleteObject (ho=0x1d0501fb) returned 1 [0199.594] DestroyCursor (hCursor=0x500f3) returned 1 [0199.594] GetCurrentThreadId () returned 0x6f8 [0199.594] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.594] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.599] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0199.599] CloseHandle (hObject=0x408) returned 1 [0199.599] GetCurrentThreadId () returned 0x6f8 [0199.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfc5c5bf0, dwHighDateTime=0x1d6076c)) [0199.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfc5c5bf0, dwHighDateTime=0x1d6076c)) [0199.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfc5c5bf0, dwHighDateTime=0x1d6076c)) [0199.696] GetCurrentThreadId () returned 0x6f8 [0199.697] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc6d0590, dwHighDateTime=0x1d6076c)) [0199.697] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfc6d0590, dwHighDateTime=0x1d6076c)) [0199.697] GetCurrentThreadId () returned 0x6f8 [0199.697] CreateFileW (lpFileName="gAcM.exe" (normalized: "c:\\windows\\system32\\gacm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.697] CreateFileW (lpFileName="gAcM.exe" (normalized: "c:\\windows\\system32\\gacm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.698] GetCurrentThreadId () returned 0x6f8 [0199.698] GetCurrentThreadId () returned 0x6f8 [0199.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc6d0590, dwHighDateTime=0x1d6076c)) [0199.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfc6d0590, dwHighDateTime=0x1d6076c)) [0199.698] CreateFileW (lpFileName="gAcM.exe" (normalized: "c:\\windows\\system32\\gacm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.698] GetCurrentThreadId () returned 0x6f8 [0199.698] BeginUpdateResourceW (pFileName="gAcM.exe" (normalized: "c:\\windows\\system32\\gacm.exe"), bDeleteExistingResources=0) returned 0x0 [0199.698] CreateFileW (lpFileName="eSUY.ico" (normalized: "c:\\windows\\system32\\esuy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0199.698] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0199.698] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0199.698] CloseHandle (hObject=0x408) returned 1 [0199.698] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0199.699] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0199.699] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0199.699] CopyFileW (lpExistingFileName="gAcM.exe" (normalized: "c:\\windows\\system32\\gacm.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp.exe"), bFailIfExists=0) returned 0 [0199.699] SetNamedSecurityInfoW () returned 0x2 [0199.699] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp")) returned 0 [0199.699] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0199.699] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0199.699] DeleteFileW (lpFileName="eSUY.ico" (normalized: "c:\\windows\\system32\\esuy.ico")) returned 1 [0199.700] DeleteFileW (lpFileName="gAcM.exe" (normalized: "c:\\windows\\system32\\gacm.exe")) returned 0 [0199.700] GetCurrentThreadId () returned 0x6f8 [0199.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfc6d0590, dwHighDateTime=0x1d6076c)) [0199.700] GetCurrentThreadId () returned 0x6f8 [0199.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfc6d0590, dwHighDateTime=0x1d6076c)) [0199.701] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae607689, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae607689, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc50c9f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile40.bmp", cAlternateFileName="")) returned 1 [0199.701] GetCurrentThreadId () returned 0x6f8 [0199.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfc6d0590, dwHighDateTime=0x1d6076c)) [0199.701] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp")) returned 0x20 [0199.701] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp", dwFileAttributes=0x80) returned 0 [0199.701] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0199.701] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0199.706] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0200.398] GetCurrentThreadId () returned 0x6f8 [0200.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfcd82370, dwHighDateTime=0x1d6076c)) [0200.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfcd82370, dwHighDateTime=0x1d6076c)) [0200.398] GetCurrentThreadId () returned 0x6f8 [0200.398] CloseHandle (hObject=0x408) returned 1 [0200.398] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp", dwFileAttributes=0x20) returned 0 [0200.399] GetCurrentThreadId () returned 0x6f8 [0200.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfcd82370, dwHighDateTime=0x1d6076c)) [0200.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfcd82370, dwHighDateTime=0x1d6076c)) [0200.399] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp", piIcon=0x4e4efc4) returned 0x600f3 [0200.404] GetIconInfo (in: hIcon=0x600f3, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0200.405] CreateFileW (lpFileName="wywI.ico" (normalized: "c:\\windows\\system32\\wywi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.405] GetObjectA (in: h=0x2e0501fc, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0200.405] GetObjectA (in: h=0x2c050772, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0200.405] CreateCompatibleDC (hdc=0x0) returned 0x34010776 [0200.405] GetDIBits (in: hdc=0x34010776, hbm=0x2e0501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0200.406] GetDIBits (in: hdc=0x34010776, hbm=0x2e0501fc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0200.406] GetDIBits (in: hdc=0x34010776, hbm=0x2e0501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0200.406] GetDIBits (in: hdc=0x34010776, hbm=0x2c050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0200.406] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0200.407] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0200.407] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0200.407] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0200.407] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0200.408] DeleteDC (hdc=0x34010776) returned 1 [0200.408] CloseHandle (hObject=0x408) returned 1 [0200.409] DeleteObject (ho=0x2e0501fc) returned 1 [0200.409] DeleteObject (ho=0x2c050772) returned 1 [0200.409] DestroyCursor (hCursor=0x600f3) returned 1 [0200.409] GetCurrentThreadId () returned 0x6f8 [0200.409] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.409] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0200.414] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0200.414] CloseHandle (hObject=0x408) returned 1 [0200.414] GetCurrentThreadId () returned 0x6f8 [0200.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfcda84d0, dwHighDateTime=0x1d6076c)) [0200.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfcda84d0, dwHighDateTime=0x1d6076c)) [0200.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfcda84d0, dwHighDateTime=0x1d6076c)) [0200.498] GetCurrentThreadId () returned 0x6f8 [0200.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfce66bb0, dwHighDateTime=0x1d6076c)) [0200.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfce66bb0, dwHighDateTime=0x1d6076c)) [0200.498] GetCurrentThreadId () returned 0x6f8 [0200.498] CreateFileW (lpFileName="IAsk.exe" (normalized: "c:\\windows\\system32\\iask.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0200.499] CreateFileW (lpFileName="IAsk.exe" (normalized: "c:\\windows\\system32\\iask.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0200.499] GetCurrentThreadId () returned 0x6f8 [0200.499] GetCurrentThreadId () returned 0x6f8 [0200.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfce66bb0, dwHighDateTime=0x1d6076c)) [0200.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfce66bb0, dwHighDateTime=0x1d6076c)) [0200.499] CreateFileW (lpFileName="IAsk.exe" (normalized: "c:\\windows\\system32\\iask.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0200.499] GetCurrentThreadId () returned 0x6f8 [0200.499] BeginUpdateResourceW (pFileName="IAsk.exe" (normalized: "c:\\windows\\system32\\iask.exe"), bDeleteExistingResources=0) returned 0x0 [0200.499] CreateFileW (lpFileName="wywI.ico" (normalized: "c:\\windows\\system32\\wywi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0200.499] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0200.500] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0200.500] CloseHandle (hObject=0x408) returned 1 [0200.500] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0200.500] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0200.500] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0200.500] CopyFileW (lpExistingFileName="IAsk.exe" (normalized: "c:\\windows\\system32\\iask.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp.exe"), bFailIfExists=0) returned 0 [0200.500] SetNamedSecurityInfoW () returned 0x2 [0200.501] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp")) returned 0 [0200.501] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0200.501] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0200.501] DeleteFileW (lpFileName="wywI.ico" (normalized: "c:\\windows\\system32\\wywi.ico")) returned 1 [0200.502] DeleteFileW (lpFileName="IAsk.exe" (normalized: "c:\\windows\\system32\\iask.exe")) returned 0 [0200.502] GetCurrentThreadId () returned 0x6f8 [0200.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfce66bb0, dwHighDateTime=0x1d6076c)) [0200.502] GetCurrentThreadId () returned 0x6f8 [0200.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfce66bb0, dwHighDateTime=0x1d6076c)) [0200.502] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae62d7e6, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae62d7e6, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddcc30b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile41.bmp", cAlternateFileName="")) returned 1 [0200.503] GetCurrentThreadId () returned 0x6f8 [0200.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfce66bb0, dwHighDateTime=0x1d6076c)) [0200.503] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp")) returned 0x20 [0200.503] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp", dwFileAttributes=0x80) returned 0 [0200.503] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.503] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0200.508] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0200.515] GetCurrentThreadId () returned 0x6f8 [0200.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfce8cd10, dwHighDateTime=0x1d6076c)) [0200.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfce8cd10, dwHighDateTime=0x1d6076c)) [0200.515] GetCurrentThreadId () returned 0x6f8 [0200.515] CloseHandle (hObject=0x408) returned 1 [0200.515] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp", dwFileAttributes=0x20) returned 0 [0200.515] GetCurrentThreadId () returned 0x6f8 [0200.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfce8cd10, dwHighDateTime=0x1d6076c)) [0200.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfce8cd10, dwHighDateTime=0x1d6076c)) [0200.515] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp", piIcon=0x4e4efc4) returned 0x700f3 [0200.520] GetIconInfo (in: hIcon=0x700f3, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0200.521] CreateFileW (lpFileName="YKos.ico" (normalized: "c:\\windows\\system32\\ykos.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.521] GetObjectA (in: h=0x3d05076f, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0200.521] GetObjectA (in: h=0x370501fe, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0200.522] CreateCompatibleDC (hdc=0x0) returned 0x670101ca [0200.522] GetDIBits (in: hdc=0x670101ca, hbm=0x3d05076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0200.522] GetDIBits (in: hdc=0x670101ca, hbm=0x3d05076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0200.522] GetDIBits (in: hdc=0x670101ca, hbm=0x3d05076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0200.522] GetDIBits (in: hdc=0x670101ca, hbm=0x370501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0200.522] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0200.523] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0200.523] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0200.523] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0200.524] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0200.524] DeleteDC (hdc=0x670101ca) returned 1 [0200.524] CloseHandle (hObject=0x408) returned 1 [0200.525] DeleteObject (ho=0x3d05076f) returned 1 [0200.525] DeleteObject (ho=0x370501fe) returned 1 [0200.525] DestroyCursor (hCursor=0x700f3) returned 1 [0200.525] GetCurrentThreadId () returned 0x6f8 [0200.525] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.525] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0200.530] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0200.530] CloseHandle (hObject=0x408) returned 1 [0200.530] GetCurrentThreadId () returned 0x6f8 [0200.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfceb2e70, dwHighDateTime=0x1d6076c)) [0200.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfceb2e70, dwHighDateTime=0x1d6076c)) [0200.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfceb2e70, dwHighDateTime=0x1d6076c)) [0200.621] GetCurrentThreadId () returned 0x6f8 [0200.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfcf976b0, dwHighDateTime=0x1d6076c)) [0200.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfcf976b0, dwHighDateTime=0x1d6076c)) [0200.621] GetCurrentThreadId () returned 0x6f8 [0200.621] CreateFileW (lpFileName="qEIi.exe" (normalized: "c:\\windows\\system32\\qeii.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0200.621] CreateFileW (lpFileName="qEIi.exe" (normalized: "c:\\windows\\system32\\qeii.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0200.622] GetCurrentThreadId () returned 0x6f8 [0200.622] GetCurrentThreadId () returned 0x6f8 [0200.622] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfcf976b0, dwHighDateTime=0x1d6076c)) [0200.622] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfcf976b0, dwHighDateTime=0x1d6076c)) [0200.622] CreateFileW (lpFileName="qEIi.exe" (normalized: "c:\\windows\\system32\\qeii.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0200.622] GetCurrentThreadId () returned 0x6f8 [0200.622] BeginUpdateResourceW (pFileName="qEIi.exe" (normalized: "c:\\windows\\system32\\qeii.exe"), bDeleteExistingResources=0) returned 0x0 [0200.622] CreateFileW (lpFileName="YKos.ico" (normalized: "c:\\windows\\system32\\ykos.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0200.622] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0200.623] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0200.623] CloseHandle (hObject=0x408) returned 1 [0200.623] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0200.623] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0200.623] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0200.623] CopyFileW (lpExistingFileName="qEIi.exe" (normalized: "c:\\windows\\system32\\qeii.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp.exe"), bFailIfExists=0) returned 0 [0200.623] SetNamedSecurityInfoW () returned 0x2 [0200.624] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp")) returned 0 [0200.624] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0200.624] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0200.624] DeleteFileW (lpFileName="YKos.ico" (normalized: "c:\\windows\\system32\\ykos.ico")) returned 1 [0200.625] DeleteFileW (lpFileName="qEIi.exe" (normalized: "c:\\windows\\system32\\qeii.exe")) returned 0 [0200.625] GetCurrentThreadId () returned 0x6f8 [0200.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfcf976b0, dwHighDateTime=0x1d6076c)) [0200.625] GetCurrentThreadId () returned 0x6f8 [0200.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfcf976b0, dwHighDateTime=0x1d6076c)) [0200.625] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddce9217, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile42.bmp", cAlternateFileName="")) returned 1 [0200.626] GetCurrentThreadId () returned 0x6f8 [0200.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfcf976b0, dwHighDateTime=0x1d6076c)) [0200.626] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp")) returned 0x20 [0200.626] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp", dwFileAttributes=0x80) returned 0 [0200.626] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.626] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0200.631] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0200.634] GetCurrentThreadId () returned 0x6f8 [0200.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfcfbd810, dwHighDateTime=0x1d6076c)) [0200.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfcfbd810, dwHighDateTime=0x1d6076c)) [0200.634] GetCurrentThreadId () returned 0x6f8 [0200.634] CloseHandle (hObject=0x408) returned 1 [0200.634] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp", dwFileAttributes=0x20) returned 0 [0200.635] GetCurrentThreadId () returned 0x6f8 [0200.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfcfbd810, dwHighDateTime=0x1d6076c)) [0200.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfcfbd810, dwHighDateTime=0x1d6076c)) [0200.635] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp", piIcon=0x4e4efc4) returned 0x800f3 [0200.640] GetIconInfo (in: hIcon=0x800f3, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0200.640] CreateFileW (lpFileName="GgUQ.ico" (normalized: "c:\\windows\\system32\\gguq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.641] GetObjectA (in: h=0x240501fb, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0200.641] GetObjectA (in: h=0x320501fc, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0200.641] CreateCompatibleDC (hdc=0x0) returned 0x39010776 [0200.641] GetDIBits (in: hdc=0x39010776, hbm=0x240501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0200.641] GetDIBits (in: hdc=0x39010776, hbm=0x240501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0200.641] GetDIBits (in: hdc=0x39010776, hbm=0x240501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0200.641] GetDIBits (in: hdc=0x39010776, hbm=0x320501fc, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0200.641] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0200.643] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0200.643] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0200.643] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0200.643] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0200.643] DeleteDC (hdc=0x39010776) returned 1 [0200.643] CloseHandle (hObject=0x408) returned 1 [0200.648] DeleteObject (ho=0x240501fb) returned 1 [0200.648] DeleteObject (ho=0x320501fc) returned 1 [0200.648] DestroyCursor (hCursor=0x800f3) returned 1 [0200.648] GetCurrentThreadId () returned 0x6f8 [0200.648] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.648] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0200.653] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0200.654] CloseHandle (hObject=0x408) returned 1 [0200.654] GetCurrentThreadId () returned 0x6f8 [0200.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfcfe3970, dwHighDateTime=0x1d6076c)) [0200.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfcfe3970, dwHighDateTime=0x1d6076c)) [0200.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfcfe3970, dwHighDateTime=0x1d6076c)) [0200.731] GetCurrentThreadId () returned 0x6f8 [0200.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfd0a2050, dwHighDateTime=0x1d6076c)) [0200.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfd0a2050, dwHighDateTime=0x1d6076c)) [0200.731] GetCurrentThreadId () returned 0x6f8 [0200.731] CreateFileW (lpFileName="OUkq.exe" (normalized: "c:\\windows\\system32\\oukq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0200.732] CreateFileW (lpFileName="OUkq.exe" (normalized: "c:\\windows\\system32\\oukq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0200.732] GetCurrentThreadId () returned 0x6f8 [0200.732] GetCurrentThreadId () returned 0x6f8 [0200.732] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfd0a2050, dwHighDateTime=0x1d6076c)) [0200.732] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfd0a2050, dwHighDateTime=0x1d6076c)) [0200.732] CreateFileW (lpFileName="OUkq.exe" (normalized: "c:\\windows\\system32\\oukq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0200.732] GetCurrentThreadId () returned 0x6f8 [0200.732] BeginUpdateResourceW (pFileName="OUkq.exe" (normalized: "c:\\windows\\system32\\oukq.exe"), bDeleteExistingResources=0) returned 0x0 [0200.732] CreateFileW (lpFileName="GgUQ.ico" (normalized: "c:\\windows\\system32\\gguq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0200.733] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0200.733] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0200.733] CloseHandle (hObject=0x408) returned 1 [0200.733] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0200.733] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0200.733] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0200.733] CopyFileW (lpExistingFileName="OUkq.exe" (normalized: "c:\\windows\\system32\\oukq.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp.exe"), bFailIfExists=0) returned 0 [0200.733] SetNamedSecurityInfoW () returned 0x2 [0200.733] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp")) returned 0 [0200.734] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0200.734] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0200.734] DeleteFileW (lpFileName="GgUQ.ico" (normalized: "c:\\windows\\system32\\gguq.ico")) returned 1 [0200.735] DeleteFileW (lpFileName="OUkq.exe" (normalized: "c:\\windows\\system32\\oukq.exe")) returned 0 [0200.735] GetCurrentThreadId () returned 0x6f8 [0200.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfd0a2050, dwHighDateTime=0x1d6076c)) [0200.735] GetCurrentThreadId () returned 0x6f8 [0200.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfd0a2050, dwHighDateTime=0x1d6076c)) [0200.735] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd0f375, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile43.bmp", cAlternateFileName="")) returned 1 [0200.736] GetCurrentThreadId () returned 0x6f8 [0200.736] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfd0a2050, dwHighDateTime=0x1d6076c)) [0200.736] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp")) returned 0x20 [0200.736] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp", dwFileAttributes=0x80) returned 0 [0200.736] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.736] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0200.741] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0200.961] GetCurrentThreadId () returned 0x6f8 [0200.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfd2dd4f0, dwHighDateTime=0x1d6076c)) [0200.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfd2dd4f0, dwHighDateTime=0x1d6076c)) [0200.961] GetCurrentThreadId () returned 0x6f8 [0200.961] CloseHandle (hObject=0x408) returned 1 [0200.961] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp", dwFileAttributes=0x20) returned 0 [0200.962] GetCurrentThreadId () returned 0x6f8 [0200.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfd2dd4f0, dwHighDateTime=0x1d6076c)) [0200.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfd2dd4f0, dwHighDateTime=0x1d6076c)) [0200.962] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp", piIcon=0x4e4efc4) returned 0x900f3 [0200.967] GetIconInfo (in: hIcon=0x900f3, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0200.967] CreateFileW (lpFileName="MGkM.ico" (normalized: "c:\\windows\\system32\\mgkm.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.968] GetObjectA (in: h=0x33050772, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0200.968] GetObjectA (in: h=0x4105076f, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0200.968] CreateCompatibleDC (hdc=0x0) returned 0x6c0101ca [0200.968] GetDIBits (in: hdc=0x6c0101ca, hbm=0x33050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0200.968] GetDIBits (in: hdc=0x6c0101ca, hbm=0x33050772, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0200.968] GetDIBits (in: hdc=0x6c0101ca, hbm=0x33050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0200.968] GetDIBits (in: hdc=0x6c0101ca, hbm=0x4105076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0200.968] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0200.970] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0200.970] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0200.970] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0200.970] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0200.970] DeleteDC (hdc=0x6c0101ca) returned 1 [0200.970] CloseHandle (hObject=0x408) returned 1 [0200.971] DeleteObject (ho=0x33050772) returned 1 [0200.971] DeleteObject (ho=0x4105076f) returned 1 [0200.971] DestroyCursor (hCursor=0x900f3) returned 1 [0200.971] GetCurrentThreadId () returned 0x6f8 [0200.972] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0200.972] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0200.977] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0200.977] CloseHandle (hObject=0x408) returned 1 [0200.978] GetCurrentThreadId () returned 0x6f8 [0200.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfd303650, dwHighDateTime=0x1d6076c)) [0200.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfd303650, dwHighDateTime=0x1d6076c)) [0200.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfd303650, dwHighDateTime=0x1d6076c)) [0201.060] GetCurrentThreadId () returned 0x6f8 [0201.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfd3c1d30, dwHighDateTime=0x1d6076c)) [0201.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfd3c1d30, dwHighDateTime=0x1d6076c)) [0201.060] GetCurrentThreadId () returned 0x6f8 [0201.060] CreateFileW (lpFileName="Uccc.exe" (normalized: "c:\\windows\\system32\\uccc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0201.061] CreateFileW (lpFileName="Uccc.exe" (normalized: "c:\\windows\\system32\\uccc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0201.062] GetCurrentThreadId () returned 0x6f8 [0201.062] GetCurrentThreadId () returned 0x6f8 [0201.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfd3c1d30, dwHighDateTime=0x1d6076c)) [0201.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfd3c1d30, dwHighDateTime=0x1d6076c)) [0201.062] CreateFileW (lpFileName="Uccc.exe" (normalized: "c:\\windows\\system32\\uccc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0201.062] GetCurrentThreadId () returned 0x6f8 [0201.062] BeginUpdateResourceW (pFileName="Uccc.exe" (normalized: "c:\\windows\\system32\\uccc.exe"), bDeleteExistingResources=0) returned 0x0 [0201.062] CreateFileW (lpFileName="MGkM.ico" (normalized: "c:\\windows\\system32\\mgkm.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0201.062] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0201.063] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0201.063] CloseHandle (hObject=0x408) returned 1 [0201.063] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0201.063] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0201.063] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0201.063] CopyFileW (lpExistingFileName="Uccc.exe" (normalized: "c:\\windows\\system32\\uccc.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp.exe"), bFailIfExists=0) returned 0 [0201.063] SetNamedSecurityInfoW () returned 0x2 [0201.064] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp")) returned 0 [0201.064] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0201.064] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0201.064] DeleteFileW (lpFileName="MGkM.ico" (normalized: "c:\\windows\\system32\\mgkm.ico")) returned 1 [0201.065] DeleteFileW (lpFileName="Uccc.exe" (normalized: "c:\\windows\\system32\\uccc.exe")) returned 0 [0201.066] GetCurrentThreadId () returned 0x6f8 [0201.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfd3c1d30, dwHighDateTime=0x1d6076c)) [0201.066] GetCurrentThreadId () returned 0x6f8 [0201.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfd3c1d30, dwHighDateTime=0x1d6076c)) [0201.066] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd354d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile44.bmp", cAlternateFileName="")) returned 1 [0201.066] GetCurrentThreadId () returned 0x6f8 [0201.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xfd3c1d30, dwHighDateTime=0x1d6076c)) [0201.066] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp")) returned 0x20 [0201.066] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp", dwFileAttributes=0x80) returned 0 [0201.066] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0201.066] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0201.071] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0201.105] GetCurrentThreadId () returned 0x6f8 [0201.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfd434150, dwHighDateTime=0x1d6076c)) [0201.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xfd434150, dwHighDateTime=0x1d6076c)) [0201.105] GetCurrentThreadId () returned 0x6f8 [0201.106] CloseHandle (hObject=0x408) returned 1 [0201.106] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp", dwFileAttributes=0x20) returned 0 [0201.106] GetCurrentThreadId () returned 0x6f8 [0201.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfd434150, dwHighDateTime=0x1d6076c)) [0201.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xfd434150, dwHighDateTime=0x1d6076c)) [0201.106] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp", piIcon=0x4e4efc4) returned 0xa00f3 [0201.112] GetIconInfo (in: hIcon=0xa00f3, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0201.112] CreateFileW (lpFileName="Wigc.ico" (normalized: "c:\\windows\\system32\\wigc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0201.113] GetObjectA (in: h=0x3e0501fe, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0201.113] GetObjectA (in: h=0x280501fb, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0201.113] CreateCompatibleDC (hdc=0x0) returned 0x3e010776 [0201.113] GetDIBits (in: hdc=0x3e010776, hbm=0x3e0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0201.113] GetDIBits (in: hdc=0x3e010776, hbm=0x3e0501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0201.113] GetDIBits (in: hdc=0x3e010776, hbm=0x3e0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0201.113] GetDIBits (in: hdc=0x3e010776, hbm=0x280501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0201.113] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0201.115] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0201.115] WriteFile (in: hFile=0x408, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0201.115] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0201.115] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0201.116] DeleteDC (hdc=0x3e010776) returned 1 [0201.116] CloseHandle (hObject=0x408) returned 1 [0201.117] DeleteObject (ho=0x3e0501fe) returned 1 [0201.117] DeleteObject (ho=0x280501fb) returned 1 [0201.117] DestroyCursor (hCursor=0xa00f3) returned 1 [0201.117] GetCurrentThreadId () returned 0x6f8 [0201.117] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0201.117] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0201.122] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0201.123] CloseHandle (hObject=0x408) returned 1 [0201.123] GetCurrentThreadId () returned 0x6f8 [0201.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfd45a2b0, dwHighDateTime=0x1d6076c)) [0201.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xfd45a2b0, dwHighDateTime=0x1d6076c)) [0201.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xfd45a2b0, dwHighDateTime=0x1d6076c)) [0201.208] GetCurrentThreadId () returned 0x6f8 [0201.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfd53eaf0, dwHighDateTime=0x1d6076c)) [0201.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xfd53eaf0, dwHighDateTime=0x1d6076c)) [0201.209] GetCurrentThreadId () returned 0x6f8 [0201.209] CreateFileW (lpFileName="cwIs.exe" (normalized: "c:\\windows\\system32\\cwis.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0201.209] CreateFileW (lpFileName="cwIs.exe" (normalized: "c:\\windows\\system32\\cwis.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0201.210] GetCurrentThreadId () returned 0x6f8 [0201.210] GetCurrentThreadId () returned 0x6f8 [0201.210] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfd53eaf0, dwHighDateTime=0x1d6076c)) [0201.210] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xfd53eaf0, dwHighDateTime=0x1d6076c)) [0201.210] CreateFileW (lpFileName="cwIs.exe" (normalized: "c:\\windows\\system32\\cwis.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0201.210] GetCurrentThreadId () returned 0x6f8 [0201.210] BeginUpdateResourceW (pFileName="cwIs.exe" (normalized: "c:\\windows\\system32\\cwis.exe"), bDeleteExistingResources=0) returned 0x0 [0201.210] CreateFileW (lpFileName="Wigc.ico" (normalized: "c:\\windows\\system32\\wigc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0201.210] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0201.210] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0201.211] CloseHandle (hObject=0x408) returned 1 [0201.211] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0201.211] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0201.211] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0201.211] CopyFileW (lpExistingFileName="cwIs.exe" (normalized: "c:\\windows\\system32\\cwis.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp.exe"), bFailIfExists=0) returned 0 [0201.211] SetNamedSecurityInfoW () returned 0x2 [0201.211] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp")) returned 0 [0201.211] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9c, lpOverlapped=0x0) returned 1 [0201.212] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0201.212] DeleteFileW (lpFileName="Wigc.ico" (normalized: "c:\\windows\\system32\\wigc.ico")) returned 1 [0201.213] DeleteFileW (lpFileName="cwIs.exe" (normalized: "c:\\windows\\system32\\cwis.exe")) returned 0 [0201.213] GetCurrentThreadId () returned 0x6f8 [0201.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xfd53eaf0, dwHighDateTime=0x1d6076c)) [0201.213] GetCurrentThreadId () returned 0x6f8 [0201.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfd53eaf0, dwHighDateTime=0x1d6076c)) [0201.213] FindNextFileW (in: hFindFile=0x667a88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd354d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile44.bmp", cAlternateFileName="")) returned 0 [0201.213] GetCurrentThreadId () returned 0x6f8 [0201.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfd53eaf0, dwHighDateTime=0x1d6076c)) [0201.213] FindNextFileW (in: hFindFile=0x667a48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="guest.bmp", cAlternateFileName="")) returned 1 [0201.213] GetCurrentThreadId () returned 0x6f8 [0201.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xfd53eaf0, dwHighDateTime=0x1d6076c)) [0201.214] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp")) returned 0x20 [0201.214] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp", dwFileAttributes=0x80) returned 0 [0201.214] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0201.214] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0201.219] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xc038, lpOverlapped=0x0) returned 1 [0201.889] GetCurrentThreadId () returned 0x6f8 [0201.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfdba4610, dwHighDateTime=0x1d6076c)) [0201.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfdba4610, dwHighDateTime=0x1d6076c)) [0201.889] GetCurrentThreadId () returned 0x6f8 [0201.890] CloseHandle (hObject=0x408) returned 1 [0201.890] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp", dwFileAttributes=0x20) returned 0 [0201.890] GetCurrentThreadId () returned 0x6f8 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfdba4610, dwHighDateTime=0x1d6076c)) [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfdba4610, dwHighDateTime=0x1d6076c)) [0201.890] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp", piIcon=0x4e4f238 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp", piIcon=0x4e4f238) returned 0xb00f3 [0201.897] GetIconInfo (in: hIcon=0xb00f3, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0201.897] CreateFileW (lpFileName="KysU.ico" (normalized: "c:\\windows\\system32\\kysu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0201.898] GetObjectA (in: h=0x390501fc, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0201.898] GetObjectA (in: h=0x37050772, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0201.898] CreateCompatibleDC (hdc=0x0) returned 0x710101ca [0201.898] GetDIBits (in: hdc=0x710101ca, hbm=0x390501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0201.898] GetDIBits (in: hdc=0x710101ca, hbm=0x390501fc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0201.899] GetDIBits (in: hdc=0x710101ca, hbm=0x390501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0201.899] GetDIBits (in: hdc=0x710101ca, hbm=0x37050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0201.899] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0201.900] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0201.901] WriteFile (in: hFile=0x408, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0201.901] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0201.901] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0201.901] DeleteDC (hdc=0x710101ca) returned 1 [0201.902] CloseHandle (hObject=0x408) returned 1 [0201.947] DeleteObject (ho=0x390501fc) returned 1 [0201.947] DeleteObject (ho=0x37050772) returned 1 [0201.947] DestroyCursor (hCursor=0xb00f3) returned 1 [0201.947] GetCurrentThreadId () returned 0x6f8 [0201.947] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0201.947] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0201.952] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xc038, lpOverlapped=0x0) returned 1 [0201.953] CloseHandle (hObject=0x408) returned 1 [0201.953] GetCurrentThreadId () returned 0x6f8 [0201.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfdc16a30, dwHighDateTime=0x1d6076c)) [0201.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfdc16a30, dwHighDateTime=0x1d6076c)) [0201.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xfdc16a30, dwHighDateTime=0x1d6076c)) [0202.068] GetCurrentThreadId () returned 0x6f8 [0202.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.069] GetCurrentThreadId () returned 0x6f8 [0202.069] CreateFileW (lpFileName="WAki.exe" (normalized: "c:\\windows\\system32\\waki.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.069] CreateFileW (lpFileName="WAki.exe" (normalized: "c:\\windows\\system32\\waki.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.070] GetCurrentThreadId () returned 0x6f8 [0202.070] GetCurrentThreadId () returned 0x6f8 [0202.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.070] CreateFileW (lpFileName="WAki.exe" (normalized: "c:\\windows\\system32\\waki.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.070] GetCurrentThreadId () returned 0x6f8 [0202.070] BeginUpdateResourceW (pFileName="WAki.exe" (normalized: "c:\\windows\\system32\\waki.exe"), bDeleteExistingResources=0) returned 0x0 [0202.070] CreateFileW (lpFileName="KysU.ico" (normalized: "c:\\windows\\system32\\kysu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0202.070] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0202.071] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0202.071] CloseHandle (hObject=0x408) returned 1 [0202.071] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0202.071] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0202.071] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0202.071] CopyFileW (lpExistingFileName="WAki.exe" (normalized: "c:\\windows\\system32\\waki.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp.exe"), bFailIfExists=0) returned 0 [0202.071] SetNamedSecurityInfoW () returned 0x2 [0202.071] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp")) returned 0 [0202.072] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x70, lpOverlapped=0x0) returned 1 [0202.072] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0202.072] DeleteFileW (lpFileName="KysU.ico" (normalized: "c:\\windows\\system32\\kysu.ico")) returned 1 [0202.073] DeleteFileW (lpFileName="WAki.exe" (normalized: "c:\\windows\\system32\\waki.exe")) returned 0 [0202.073] GetCurrentThreadId () returned 0x6f8 [0202.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.073] GetCurrentThreadId () returned 0x6f8 [0202.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.074] FindNextFileW (in: hFindFile=0x667a48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="user.bmp", cAlternateFileName="")) returned 1 [0202.074] GetCurrentThreadId () returned 0x6f8 [0202.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.074] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp")) returned 0x20 [0202.074] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp", dwFileAttributes=0x80) returned 0 [0202.074] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0202.074] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0202.079] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xc038, lpOverlapped=0x0) returned 1 [0202.080] GetCurrentThreadId () returned 0x6f8 [0202.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.080] GetCurrentThreadId () returned 0x6f8 [0202.081] CloseHandle (hObject=0x408) returned 1 [0202.081] SetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp", dwFileAttributes=0x20) returned 0 [0202.081] GetCurrentThreadId () returned 0x6f8 [0202.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfdd47530, dwHighDateTime=0x1d6076c)) [0202.081] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp", piIcon=0x4e4f238 | out: pszIconPath="C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp", piIcon=0x4e4f238) returned 0xc00f3 [0202.087] GetIconInfo (in: hIcon=0xc00f3, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0202.087] CreateFileW (lpFileName="iWEw.ico" (normalized: "c:\\windows\\system32\\iwew.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0202.088] GetObjectA (in: h=0x4805076f, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0202.088] GetObjectA (in: h=0x420501fe, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0202.088] CreateCompatibleDC (hdc=0x0) returned 0x43010776 [0202.088] GetDIBits (in: hdc=0x43010776, hbm=0x4805076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0202.088] GetDIBits (in: hdc=0x43010776, hbm=0x4805076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0202.088] GetDIBits (in: hdc=0x43010776, hbm=0x4805076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0202.088] GetDIBits (in: hdc=0x43010776, hbm=0x420501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0202.088] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0202.089] WriteFile (in: hFile=0x408, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0202.089] WriteFile (in: hFile=0x408, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0202.090] WriteFile (in: hFile=0x408, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0202.090] WriteFile (in: hFile=0x408, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0202.090] DeleteDC (hdc=0x43010776) returned 1 [0202.090] CloseHandle (hObject=0x408) returned 1 [0202.092] DeleteObject (ho=0x4805076f) returned 1 [0202.092] DeleteObject (ho=0x420501fe) returned 1 [0202.092] DestroyCursor (hCursor=0xc00f3) returned 1 [0202.092] GetCurrentThreadId () returned 0x6f8 [0202.092] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0202.092] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0202.097] ReadFile (in: hFile=0x408, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xc038, lpOverlapped=0x0) returned 1 [0202.098] CloseHandle (hObject=0x408) returned 1 [0202.099] GetCurrentThreadId () returned 0x6f8 [0202.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfdd937f0, dwHighDateTime=0x1d6076c)) [0202.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfdd937f0, dwHighDateTime=0x1d6076c)) [0202.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xfdd937f0, dwHighDateTime=0x1d6076c)) [0202.188] GetCurrentThreadId () returned 0x6f8 [0202.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfde51ed0, dwHighDateTime=0x1d6076c)) [0202.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfde51ed0, dwHighDateTime=0x1d6076c)) [0202.188] GetCurrentThreadId () returned 0x6f8 [0202.188] CreateFileW (lpFileName="AEAG.exe" (normalized: "c:\\windows\\system32\\aeag.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.189] CreateFileW (lpFileName="AEAG.exe" (normalized: "c:\\windows\\system32\\aeag.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.189] GetCurrentThreadId () returned 0x6f8 [0202.189] GetCurrentThreadId () returned 0x6f8 [0202.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfde51ed0, dwHighDateTime=0x1d6076c)) [0202.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfde51ed0, dwHighDateTime=0x1d6076c)) [0202.189] CreateFileW (lpFileName="AEAG.exe" (normalized: "c:\\windows\\system32\\aeag.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.189] GetCurrentThreadId () returned 0x6f8 [0202.189] BeginUpdateResourceW (pFileName="AEAG.exe" (normalized: "c:\\windows\\system32\\aeag.exe"), bDeleteExistingResources=0) returned 0x0 [0202.189] CreateFileW (lpFileName="iWEw.ico" (normalized: "c:\\windows\\system32\\iwew.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0202.189] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0202.190] ReadFile (in: hFile=0x408, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0202.190] CloseHandle (hObject=0x408) returned 1 [0202.190] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0202.190] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0202.190] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0202.190] CopyFileW (lpExistingFileName="AEAG.exe" (normalized: "c:\\windows\\system32\\aeag.exe"), lpNewFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp.exe" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp.exe"), bFailIfExists=0) returned 0 [0202.190] SetNamedSecurityInfoW () returned 0x2 [0202.190] DeleteFileW (lpFileName="C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp")) returned 0 [0202.190] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6e, lpOverlapped=0x0) returned 1 [0202.200] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0202.201] DeleteFileW (lpFileName="iWEw.ico" (normalized: "c:\\windows\\system32\\iwew.ico")) returned 1 [0202.223] DeleteFileW (lpFileName="AEAG.exe" (normalized: "c:\\windows\\system32\\aeag.exe")) returned 0 [0202.223] GetCurrentThreadId () returned 0x6f8 [0202.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.223] GetCurrentThreadId () returned 0x6f8 [0202.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.223] FindNextFileW (in: hFindFile=0x667a48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="user.bmp", cAlternateFileName="")) returned 0 [0202.224] GetCurrentThreadId () returned 0x6f8 [0202.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.224] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0202.224] GetCurrentThreadId () returned 0x6f8 [0202.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.224] GetCurrentThreadId () returned 0x6f8 [0202.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.224] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Vault\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667ac8 [0202.224] GetCurrentThreadId () returned 0x6f8 [0202.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.224] FindNextFileW (in: hFindFile=0x667ac8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.224] GetCurrentThreadId () returned 0x6f8 [0202.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.224] FindNextFileW (in: hFindFile=0x667ac8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0202.224] GetCurrentThreadId () returned 0x6f8 [0202.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.224] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISIO", cAlternateFileName="")) returned 1 [0202.224] GetCurrentThreadId () returned 0x6f8 [0202.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.225] GetCurrentThreadId () returned 0x6f8 [0202.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.225] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\VISIO\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667b08 [0202.226] GetCurrentThreadId () returned 0x6f8 [0202.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.226] FindNextFileW (in: hFindFile=0x667b08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.226] GetCurrentThreadId () returned 0x6f8 [0202.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.226] FindNextFileW (in: hFindFile=0x667b08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0202.226] GetCurrentThreadId () returned 0x6f8 [0202.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.226] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0202.226] GetCurrentThreadId () returned 0x6f8 [0202.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.226] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x591e8ca0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0x591e8ca0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0202.226] GetCurrentThreadId () returned 0x6f8 [0202.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.226] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0202.226] GetCurrentThreadId () returned 0x6f8 [0202.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.226] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0202.226] GetCurrentThreadId () returned 0x6f8 [0202.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.226] GetCurrentThreadId () returned 0x6f8 [0202.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.226] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\WwanSvc\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667b48 [0202.227] GetCurrentThreadId () returned 0x6f8 [0202.227] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.227] FindNextFileW (in: hFindFile=0x667b48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.227] GetCurrentThreadId () returned 0x6f8 [0202.227] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.227] FindNextFileW (in: hFindFile=0x667b48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0202.227] GetCurrentThreadId () returned 0x6f8 [0202.227] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.227] GetCurrentThreadId () returned 0x6f8 [0202.227] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.228] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667b88 [0202.228] GetCurrentThreadId () returned 0x6f8 [0202.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.228] FindNextFileW (in: hFindFile=0x667b88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.228] GetCurrentThreadId () returned 0x6f8 [0202.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.228] FindNextFileW (in: hFindFile=0x667b88, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0202.228] GetCurrentThreadId () returned 0x6f8 [0202.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.228] FindNextFileW (in: hFindFile=0x667b48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 0 [0202.228] GetCurrentThreadId () returned 0x6f8 [0202.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.228] FindNextFileW (in: hFindFile=0x5feda8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 0 [0202.228] GetCurrentThreadId () returned 0x6f8 [0202.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.228] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0202.228] GetCurrentThreadId () returned 0x6f8 [0202.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.228] GetCurrentThreadId () returned 0x6f8 [0202.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.228] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft Help\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667bc8 [0202.232] GetCurrentThreadId () returned 0x6f8 [0202.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdec42f0, dwHighDateTime=0x1d6076c)) [0202.232] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.244] GetCurrentThreadId () returned 0x6f8 [0202.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.244] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x896b9210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x896b9210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hx.hxn", cAlternateFileName="")) returned 1 [0202.244] GetCurrentThreadId () returned 0x6f8 [0202.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.244] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa72fc10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa72fc10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.EXCEL.14.1033.hxn", cAlternateFileName="MSEXCE~1.HXN")) returned 1 [0202.244] GetCurrentThreadId () returned 0x6f8 [0202.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.244] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa755d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa755d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.EXCEL.DEV.14.1033.hxn", cAlternateFileName="MSEXCE~2.HXN")) returned 1 [0202.244] GetCurrentThreadId () returned 0x6f8 [0202.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.244] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.GRAPH.14.1033.hxn", cAlternateFileName="MSGRAP~1.HXN")) returned 1 [0202.244] GetCurrentThreadId () returned 0x6f8 [0202.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.244] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfd789af0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd789af0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfd822070, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.GROOVE.14.1033.hxn", cAlternateFileName="MSGROO~1.HXN")) returned 1 [0202.244] GetCurrentThreadId () returned 0x6f8 [0202.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.244] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x11446a50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.INFOPATH.14.1033.hxn", cAlternateFileName="MSINFO~1.HXN")) returned 1 [0202.244] GetCurrentThreadId () returned 0x6f8 [0202.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.244] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1146cbb0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.INFOPATHEDITOR.14.1033.hxn", cAlternateFileName="MSINFO~2.HXN")) returned 1 [0202.244] GetCurrentThreadId () returned 0x6f8 [0202.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSACCESS.14.1033.hxn", cAlternateFileName="MSMSAC~1.HXN")) returned 1 [0202.245] GetCurrentThreadId () returned 0x6f8 [0202.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSACCESS.DEV.14.1033.hxn", cAlternateFileName="MSMSAC~2.HXN")) returned 1 [0202.245] GetCurrentThreadId () returned 0x6f8 [0202.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSOUC.14.1033.hxn", cAlternateFileName="MSMSOU~1.HXN")) returned 1 [0202.245] GetCurrentThreadId () returned 0x6f8 [0202.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSPUB.14.1033.hxn", cAlternateFileName="MSMSPU~1.HXN")) returned 1 [0202.245] GetCurrentThreadId () returned 0x6f8 [0202.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSPUB.DEV.14.1033.hxn", cAlternateFileName="MSMSPU~2.HXN")) returned 1 [0202.245] GetCurrentThreadId () returned 0x6f8 [0202.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSTORE.14.1033.hxn", cAlternateFileName="MSMSTO~1.HXN")) returned 1 [0202.245] GetCurrentThreadId () returned 0x6f8 [0202.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x13a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.OIS.14.1033.hxn", cAlternateFileName="MSOIS1~1.HXN")) returned 1 [0202.245] GetCurrentThreadId () returned 0x6f8 [0202.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xc997810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc997810, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc9e3ad0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.ONENOTE.14.1033.hxn", cAlternateFileName="MSONEN~1.HXN")) returned 1 [0202.245] GetCurrentThreadId () returned 0x6f8 [0202.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2689510, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.OUTLOOK.14.1033.hxn", cAlternateFileName="MSOUTL~1.HXN")) returned 1 [0202.245] GetCurrentThreadId () returned 0x6f8 [0202.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x26af670, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.OUTLOOK.DEV.14.1033.hxn", cAlternateFileName="MSOUTL~2.HXN")) returned 1 [0202.245] GetCurrentThreadId () returned 0x6f8 [0202.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.245] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.POWERPNT.14.1033.hxn", cAlternateFileName="MSPOWE~1.HXN")) returned 1 [0202.246] GetCurrentThreadId () returned 0x6f8 [0202.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.246] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.POWERPNT.DEV.14.1033.hxn", cAlternateFileName="MSPOWE~2.HXN")) returned 1 [0202.246] GetCurrentThreadId () returned 0x6f8 [0202.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.246] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.SETLANG.14.1033.hxn", cAlternateFileName="MSSETL~1.HXN")) returned 1 [0202.246] GetCurrentThreadId () returned 0x6f8 [0202.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.246] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x5269fec0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.VISIO.14.1033.hxn", cAlternateFileName="MSVISI~1.HXN")) returned 1 [0202.246] GetCurrentThreadId () returned 0x6f8 [0202.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.246] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.VISIO.DEV.14.1033.hxn", cAlternateFileName="MSVISI~3.HXN")) returned 1 [0202.246] GetCurrentThreadId () returned 0x6f8 [0202.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.246] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52738440, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.VISIO.SHAPESHEET.14.1033.hxn", cAlternateFileName="MSVISI~4.HXN")) returned 1 [0202.246] GetCurrentThreadId () returned 0x6f8 [0202.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.246] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52738440, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.VISIO_PRM.14.1033.hxn", cAlternateFileName="MSE1C9~1.HXN")) returned 1 [0202.246] GetCurrentThreadId () returned 0x6f8 [0202.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.246] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.VISIO_STD.14.1033.hxn", cAlternateFileName="MSVISI~2.HXN")) returned 1 [0202.246] GetCurrentThreadId () returned 0x6f8 [0202.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.246] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf7d9300, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.WINPROJ.14.1033.hxn", cAlternateFileName="MSWINP~1.HXN")) returned 1 [0202.246] GetCurrentThreadId () returned 0x6f8 [0202.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.246] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf7d9300, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.WINPROJ.DEV.14.1033.hxn", cAlternateFileName="MSWINP~2.HXN")) returned 1 [0202.246] GetCurrentThreadId () returned 0x6f8 [0202.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.247] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1e6f0550, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.WINWORD.14.1033.hxn", cAlternateFileName="MSWINW~1.HXN")) returned 1 [0202.247] GetCurrentThreadId () returned 0x6f8 [0202.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.247] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1e6f0550, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.WINWORD.DEV.14.1033.hxn", cAlternateFileName="MSWINW~2.HXN")) returned 1 [0202.247] GetCurrentThreadId () returned 0x6f8 [0202.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.247] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x21dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="nslist.hxl", cAlternateFileName="")) returned 1 [0202.247] GetCurrentThreadId () returned 0x6f8 [0202.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.247] FindNextFileW (in: hFindFile=0x667bc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x21dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="nslist.hxl", cAlternateFileName="")) returned 0 [0202.247] GetCurrentThreadId () returned 0x6f8 [0202.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.247] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0202.247] GetCurrentThreadId () returned 0x6f8 [0202.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.247] GetCurrentThreadId () returned 0x6f8 [0202.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.247] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Mozilla\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667c08 [0202.249] GetCurrentThreadId () returned 0x6f8 [0202.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.249] FindNextFileW (in: hFindFile=0x667c08, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.249] GetCurrentThreadId () returned 0x6f8 [0202.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.249] FindNextFileW (in: hFindFile=0x667c08, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 1 [0202.249] GetCurrentThreadId () returned 0x6f8 [0202.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.249] GetCurrentThreadId () returned 0x6f8 [0202.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.249] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Mozilla\\logs\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667c48 [0202.250] GetCurrentThreadId () returned 0x6f8 [0202.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.250] FindNextFileW (in: hFindFile=0x667c48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.250] GetCurrentThreadId () returned 0x6f8 [0202.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.250] FindNextFileW (in: hFindFile=0x667c48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 1 [0202.250] GetCurrentThreadId () returned 0x6f8 [0202.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.250] FindNextFileW (in: hFindFile=0x667c48, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 0 [0202.250] GetCurrentThreadId () returned 0x6f8 [0202.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.250] FindNextFileW (in: hFindFile=0x667c08, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 0 [0202.250] GetCurrentThreadId () returned 0x6f8 [0202.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.250] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Oracle", cAlternateFileName="")) returned 1 [0202.250] GetCurrentThreadId () returned 0x6f8 [0202.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.250] GetCurrentThreadId () returned 0x6f8 [0202.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.250] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667c88 [0202.251] GetCurrentThreadId () returned 0x6f8 [0202.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.251] FindNextFileW (in: hFindFile=0x667c88, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.251] GetCurrentThreadId () returned 0x6f8 [0202.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.251] FindNextFileW (in: hFindFile=0x667c88, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0202.251] GetCurrentThreadId () returned 0x6f8 [0202.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.251] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0202.251] GetCurrentThreadId () returned 0x6f8 [0202.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.251] GetCurrentThreadId () returned 0x6f8 [0202.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdeea450, dwHighDateTime=0x1d6076c)) [0202.251] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667cc8 [0202.257] GetCurrentThreadId () returned 0x6f8 [0202.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.257] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.265] GetCurrentThreadId () returned 0x6f8 [0202.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.265] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cAlternateFileName="42D5BE~1")) returned 1 [0202.266] GetCurrentThreadId () returned 0x6f8 [0202.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.266] GetCurrentThreadId () returned 0x6f8 [0202.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.266] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667d08 [0202.266] GetCurrentThreadId () returned 0x6f8 [0202.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.266] FindNextFileW (in: hFindFile=0x667d08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.266] GetCurrentThreadId () returned 0x6f8 [0202.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.266] FindNextFileW (in: hFindFile=0x667d08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.266] GetCurrentThreadId () returned 0x6f8 [0202.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.266] GetCurrentThreadId () returned 0x6f8 [0202.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.266] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667d48 [0202.267] GetCurrentThreadId () returned 0x6f8 [0202.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.267] FindNextFileW (in: hFindFile=0x667d48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.267] GetCurrentThreadId () returned 0x6f8 [0202.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.267] FindNextFileW (in: hFindFile=0x667d48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 1 [0202.267] GetCurrentThreadId () returned 0x6f8 [0202.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.267] GetCurrentThreadId () returned 0x6f8 [0202.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.267] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667d88 [0202.267] GetCurrentThreadId () returned 0x6f8 [0202.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.267] FindNextFileW (in: hFindFile=0x667d88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.267] GetCurrentThreadId () returned 0x6f8 [0202.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.267] FindNextFileW (in: hFindFile=0x667d88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 1 [0202.267] GetCurrentThreadId () returned 0x6f8 [0202.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.268] GetCurrentThreadId () returned 0x6f8 [0202.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.268] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667dc8 [0202.268] GetCurrentThreadId () returned 0x6f8 [0202.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.268] FindNextFileW (in: hFindFile=0x667dc8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.268] GetCurrentThreadId () returned 0x6f8 [0202.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.268] FindNextFileW (in: hFindFile=0x667dc8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x59d2100, ftLastWriteTime.dwHighDateTime=0x1d0a100, nFileSizeHigh=0x0, nFileSizeLow=0xf7139, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0202.268] GetCurrentThreadId () returned 0x6f8 [0202.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.268] FindNextFileW (in: hFindFile=0x667dc8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x59d2100, ftLastWriteTime.dwHighDateTime=0x1d0a100, nFileSizeHigh=0x0, nFileSizeLow=0xf7139, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 0 [0202.268] GetCurrentThreadId () returned 0x6f8 [0202.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.268] FindNextFileW (in: hFindFile=0x667d88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 0 [0202.268] GetCurrentThreadId () returned 0x6f8 [0202.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.268] FindNextFileW (in: hFindFile=0x667d48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 0 [0202.268] GetCurrentThreadId () returned 0x6f8 [0202.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.268] FindNextFileW (in: hFindFile=0x667d08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.268] GetCurrentThreadId () returned 0x6f8 [0202.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdf105b0, dwHighDateTime=0x1d6076c)) [0202.268] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cAlternateFileName="54050A~1")) returned 1 [0202.268] GetCurrentThreadId () returned 0x6f8 [0202.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.269] GetCurrentThreadId () returned 0x6f8 [0202.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.269] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667e08 [0202.269] GetCurrentThreadId () returned 0x6f8 [0202.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.270] FindNextFileW (in: hFindFile=0x667e08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.270] GetCurrentThreadId () returned 0x6f8 [0202.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.270] FindNextFileW (in: hFindFile=0x667e08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.270] GetCurrentThreadId () returned 0x6f8 [0202.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.270] GetCurrentThreadId () returned 0x6f8 [0202.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.270] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667e48 [0202.270] GetCurrentThreadId () returned 0x6f8 [0202.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.270] FindNextFileW (in: hFindFile=0x667e48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.270] GetCurrentThreadId () returned 0x6f8 [0202.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.270] FindNextFileW (in: hFindFile=0x667e48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 1 [0202.270] GetCurrentThreadId () returned 0x6f8 [0202.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.270] GetCurrentThreadId () returned 0x6f8 [0202.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.270] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667e88 [0202.271] GetCurrentThreadId () returned 0x6f8 [0202.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.271] FindNextFileW (in: hFindFile=0x667e88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.271] GetCurrentThreadId () returned 0x6f8 [0202.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.272] FindNextFileW (in: hFindFile=0x667e88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 1 [0202.272] GetCurrentThreadId () returned 0x6f8 [0202.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.272] GetCurrentThreadId () returned 0x6f8 [0202.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.272] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667ec8 [0202.272] GetCurrentThreadId () returned 0x6f8 [0202.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.272] FindNextFileW (in: hFindFile=0x667ec8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.272] GetCurrentThreadId () returned 0x6f8 [0202.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.272] FindNextFileW (in: hFindFile=0x667ec8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x9ab54b00, ftLastWriteTime.dwHighDateTime=0x1d1a02d, nFileSizeHigh=0x0, nFileSizeLow=0xfc93c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0202.272] GetCurrentThreadId () returned 0x6f8 [0202.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.272] FindNextFileW (in: hFindFile=0x667ec8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x9ab54b00, ftLastWriteTime.dwHighDateTime=0x1d1a02d, nFileSizeHigh=0x0, nFileSizeLow=0xfc93c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 0 [0202.272] GetCurrentThreadId () returned 0x6f8 [0202.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.272] FindNextFileW (in: hFindFile=0x667e88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 0 [0202.272] GetCurrentThreadId () returned 0x6f8 [0202.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.272] FindNextFileW (in: hFindFile=0x667e48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 0 [0202.273] GetCurrentThreadId () returned 0x6f8 [0202.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.273] FindNextFileW (in: hFindFile=0x667e08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.273] GetCurrentThreadId () returned 0x6f8 [0202.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.273] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cAlternateFileName="{13A4E~1.210")) returned 1 [0202.273] GetCurrentThreadId () returned 0x6f8 [0202.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.273] GetCurrentThreadId () returned 0x6f8 [0202.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.273] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667f08 [0202.274] GetCurrentThreadId () returned 0x6f8 [0202.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.274] FindNextFileW (in: hFindFile=0x667f08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.274] GetCurrentThreadId () returned 0x6f8 [0202.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.274] FindNextFileW (in: hFindFile=0x667f08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.274] GetCurrentThreadId () returned 0x6f8 [0202.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.274] GetCurrentThreadId () returned 0x6f8 [0202.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.274] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667f48 [0202.275] GetCurrentThreadId () returned 0x6f8 [0202.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.275] FindNextFileW (in: hFindFile=0x667f48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.275] GetCurrentThreadId () returned 0x6f8 [0202.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.275] FindNextFileW (in: hFindFile=0x667f48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0202.275] GetCurrentThreadId () returned 0x6f8 [0202.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.275] GetCurrentThreadId () returned 0x6f8 [0202.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.275] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667f88 [0202.276] GetCurrentThreadId () returned 0x6f8 [0202.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.276] FindNextFileW (in: hFindFile=0x667f88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.276] GetCurrentThreadId () returned 0x6f8 [0202.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.276] FindNextFileW (in: hFindFile=0x667f88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0xf36be, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.276] GetCurrentThreadId () returned 0x6f8 [0202.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.276] FindNextFileW (in: hFindFile=0x667f88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.276] GetCurrentThreadId () returned 0x6f8 [0202.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.276] FindNextFileW (in: hFindFile=0x667f88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.276] GetCurrentThreadId () returned 0x6f8 [0202.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.276] FindNextFileW (in: hFindFile=0x667f48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0202.276] GetCurrentThreadId () returned 0x6f8 [0202.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.276] FindNextFileW (in: hFindFile=0x667f08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.276] GetCurrentThreadId () returned 0x6f8 [0202.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.276] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cAlternateFileName="{33D1F~1")) returned 1 [0202.276] GetCurrentThreadId () returned 0x6f8 [0202.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.276] GetCurrentThreadId () returned 0x6f8 [0202.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.276] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x667fc8 [0202.277] GetCurrentThreadId () returned 0x6f8 [0202.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.277] FindNextFileW (in: hFindFile=0x667fc8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.277] GetCurrentThreadId () returned 0x6f8 [0202.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.277] FindNextFileW (in: hFindFile=0x667fc8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd314a0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf08b3aa0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0202.277] GetCurrentThreadId () returned 0x6f8 [0202.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.277] FindNextFileW (in: hFindFile=0x667fc8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0202.277] GetCurrentThreadId () returned 0x6f8 [0202.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xfdf36710, dwHighDateTime=0x1d6076c)) [0202.277] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe")) returned 0x20 [0202.278] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", dwFileAttributes=0x80) returned 0 [0202.278] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x45c [0202.278] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f428 [0202.283] ReadFile (in: hFile=0x45c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6f428, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x6f428, lpOverlapped=0x0) returned 1 [0202.402] GetCurrentThreadId () returned 0x6f8 [0202.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe067210, dwHighDateTime=0x1d6076c)) [0202.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe067210, dwHighDateTime=0x1d6076c)) [0202.402] GetCurrentThreadId () returned 0x6f8 [0202.405] ExtractIconExW (in: lpszFile="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", nIconIndex=0, phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218, nIcons=0x1 | out: phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218) returned 0x2 [0202.417] DestroyCursor (hCursor=0xd00f3) returned 1 [0202.417] DestroyCursor (hCursor=0xd0155) returned 1 [0202.417] CloseHandle (hObject=0x45c) returned 1 [0202.417] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", dwFileAttributes=0x20) returned 0 [0202.417] GetCurrentThreadId () returned 0x6f8 [0202.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe08d370, dwHighDateTime=0x1d6076c)) [0202.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe08d370, dwHighDateTime=0x1d6076c)) [0202.417] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", piIcon=0x4e4f238 | out: pszIconPath="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", piIcon=0x4e4f238) returned 0xe0155 [0202.419] GetIconInfo (in: hIcon=0xe0155, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0202.419] CreateFileW (lpFileName="SGgA.ico" (normalized: "c:\\windows\\system32\\sgga.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x45c [0202.419] GetObjectA (in: h=0x49050776, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0202.419] GetObjectA (in: h=0x40050772, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0202.419] CreateCompatibleDC (hdc=0x0) returned 0x320101fb [0202.420] GetDIBits (in: hdc=0x320101fb, hbm=0x49050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0202.420] GetDIBits (in: hdc=0x320101fb, hbm=0x49050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0202.420] GetDIBits (in: hdc=0x320101fb, hbm=0x49050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0202.420] GetDIBits (in: hdc=0x320101fb, hbm=0x40050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0202.420] WriteFile (in: hFile=0x45c, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0202.421] WriteFile (in: hFile=0x45c, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0202.421] WriteFile (in: hFile=0x45c, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0202.421] WriteFile (in: hFile=0x45c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0202.421] WriteFile (in: hFile=0x45c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0202.421] DeleteDC (hdc=0x320101fb) returned 1 [0202.421] CloseHandle (hObject=0x45c) returned 1 [0202.423] DeleteObject (ho=0x49050776) returned 1 [0202.423] DeleteObject (ho=0x40050772) returned 1 [0202.423] DestroyCursor (hCursor=0xe0155) returned 1 [0202.423] GetCurrentThreadId () returned 0x6f8 [0202.423] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x45c [0202.423] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f428 [0202.428] ReadFile (in: hFile=0x45c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6f428, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x6f428, lpOverlapped=0x0) returned 1 [0202.432] CloseHandle (hObject=0x45c) returned 1 [0202.432] GetCurrentThreadId () returned 0x6f8 [0202.432] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe0b34d0, dwHighDateTime=0x1d6076c)) [0202.432] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe0b34d0, dwHighDateTime=0x1d6076c)) [0202.432] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xfe0b34d0, dwHighDateTime=0x1d6076c)) [0202.543] GetCurrentThreadId () returned 0x6f8 [0202.543] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfe1bde70, dwHighDateTime=0x1d6076c)) [0202.543] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfe1bde70, dwHighDateTime=0x1d6076c)) [0202.543] GetCurrentThreadId () returned 0x6f8 [0202.543] CreateFileW (lpFileName="gYEW.exe" (normalized: "c:\\windows\\system32\\gyew.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.544] CreateFileW (lpFileName="gYEW.exe" (normalized: "c:\\windows\\system32\\gyew.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.544] GetCurrentThreadId () returned 0x6f8 [0202.544] GetCurrentThreadId () returned 0x6f8 [0202.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfe1bde70, dwHighDateTime=0x1d6076c)) [0202.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfe1bde70, dwHighDateTime=0x1d6076c)) [0202.544] CreateFileW (lpFileName="gYEW.exe" (normalized: "c:\\windows\\system32\\gyew.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.544] GetCurrentThreadId () returned 0x6f8 [0202.544] BeginUpdateResourceW (pFileName="gYEW.exe" (normalized: "c:\\windows\\system32\\gyew.exe"), bDeleteExistingResources=0) returned 0x0 [0202.544] CreateFileW (lpFileName="SGgA.ico" (normalized: "c:\\windows\\system32\\sgga.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0202.545] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0202.545] ReadFile (in: hFile=0x45c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0202.545] CloseHandle (hObject=0x45c) returned 1 [0202.545] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0202.545] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0202.545] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0202.545] CopyFileW (lpExistingFileName="gYEW.exe" (normalized: "c:\\windows\\system32\\gyew.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), bFailIfExists=0) returned 0 [0202.546] SetNamedSecurityInfoW () returned 0x5 [0202.546] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa8, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0xa8, lpOverlapped=0x0) returned 1 [0202.546] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0202.546] DeleteFileW (lpFileName="SGgA.ico" (normalized: "c:\\windows\\system32\\sgga.ico")) returned 1 [0202.548] DeleteFileW (lpFileName="gYEW.exe" (normalized: "c:\\windows\\system32\\gyew.exe")) returned 0 [0202.548] GetCurrentThreadId () returned 0x6f8 [0202.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xfe1bde70, dwHighDateTime=0x1d6076c)) [0202.549] GetCurrentThreadId () returned 0x6f8 [0202.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1bde70, dwHighDateTime=0x1d6076c)) [0202.549] FindNextFileW (in: hFindFile=0x667fc8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0202.549] GetCurrentThreadId () returned 0x6f8 [0202.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe1bde70, dwHighDateTime=0x1d6076c)) [0202.549] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cAlternateFileName="{37B8F~1.610")) returned 1 [0202.549] GetCurrentThreadId () returned 0x6f8 [0202.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1bde70, dwHighDateTime=0x1d6076c)) [0202.549] GetCurrentThreadId () returned 0x6f8 [0202.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1bde70, dwHighDateTime=0x1d6076c)) [0202.549] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668008 [0202.550] GetCurrentThreadId () returned 0x6f8 [0202.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.550] FindNextFileW (in: hFindFile=0x668008, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.550] GetCurrentThreadId () returned 0x6f8 [0202.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.550] FindNextFileW (in: hFindFile=0x668008, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.550] GetCurrentThreadId () returned 0x6f8 [0202.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.550] GetCurrentThreadId () returned 0x6f8 [0202.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.550] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668048 [0202.551] GetCurrentThreadId () returned 0x6f8 [0202.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.551] FindNextFileW (in: hFindFile=0x668048, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.551] GetCurrentThreadId () returned 0x6f8 [0202.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.551] FindNextFileW (in: hFindFile=0x668048, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0202.551] GetCurrentThreadId () returned 0x6f8 [0202.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.551] GetCurrentThreadId () returned 0x6f8 [0202.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.551] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668088 [0202.551] GetCurrentThreadId () returned 0x6f8 [0202.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.551] FindNextFileW (in: hFindFile=0x668088, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.551] GetCurrentThreadId () returned 0x6f8 [0202.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.551] FindNextFileW (in: hFindFile=0x668088, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa87bcb00, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0xa87bcb00, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0xa87bcb00, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0x588124, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.551] GetCurrentThreadId () returned 0x6f8 [0202.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.551] FindNextFileW (in: hFindFile=0x668088, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x4374a500, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.552] GetCurrentThreadId () returned 0x6f8 [0202.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.552] FindNextFileW (in: hFindFile=0x668088, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x4374a500, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.552] GetCurrentThreadId () returned 0x6f8 [0202.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.552] FindNextFileW (in: hFindFile=0x668048, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0202.552] GetCurrentThreadId () returned 0x6f8 [0202.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.552] FindNextFileW (in: hFindFile=0x668008, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.552] GetCurrentThreadId () returned 0x6f8 [0202.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.552] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cAlternateFileName="{3C3AA~1")) returned 1 [0202.552] GetCurrentThreadId () returned 0x6f8 [0202.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.552] GetCurrentThreadId () returned 0x6f8 [0202.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.552] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6680c8 [0202.553] GetCurrentThreadId () returned 0x6f8 [0202.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.553] FindNextFileW (in: hFindFile=0x6680c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.553] GetCurrentThreadId () returned 0x6f8 [0202.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.554] FindNextFileW (in: hFindFile=0x6680c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a127460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1c821ca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0202.554] GetCurrentThreadId () returned 0x6f8 [0202.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.554] FindNextFileW (in: hFindFile=0x6680c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0202.554] GetCurrentThreadId () returned 0x6f8 [0202.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xfe1e3fd0, dwHighDateTime=0x1d6076c)) [0202.554] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe")) returned 0x20 [0202.554] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", dwFileAttributes=0x80) returned 0 [0202.554] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c [0202.554] GetFileSize (in: hFile=0x46c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x710a8 [0202.559] ReadFile (in: hFile=0x46c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x710a8, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x710a8, lpOverlapped=0x0) returned 1 [0202.565] GetCurrentThreadId () returned 0x6f8 [0202.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe20a130, dwHighDateTime=0x1d6076c)) [0202.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe20a130, dwHighDateTime=0x1d6076c)) [0202.565] GetCurrentThreadId () returned 0x6f8 [0202.568] ExtractIconExW (in: lpszFile="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", nIconIndex=0, phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218, nIcons=0x1 | out: phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218) returned 0x2 [0202.579] DestroyCursor (hCursor=0xf0155) returned 1 [0202.579] DestroyCursor (hCursor=0xe00f3) returned 1 [0202.579] CloseHandle (hObject=0x46c) returned 1 [0202.579] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", dwFileAttributes=0x20) returned 0 [0202.580] GetCurrentThreadId () returned 0x6f8 [0202.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe20a130, dwHighDateTime=0x1d6076c)) [0202.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe20a130, dwHighDateTime=0x1d6076c)) [0202.580] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", piIcon=0x4e4f238 | out: pszIconPath="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", piIcon=0x4e4f238) returned 0xf00f3 [0202.582] GetIconInfo (in: hIcon=0xf00f3, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0202.582] CreateFileW (lpFileName="gQII.ico" (normalized: "c:\\windows\\system32\\gqii.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c [0202.582] GetObjectA (in: h=0x7f0501ca, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0202.583] GetObjectA (in: h=0x390501fb, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0202.583] CreateCompatibleDC (hdc=0x0) returned 0x4d0101fe [0202.583] GetDIBits (in: hdc=0x4d0101fe, hbm=0x7f0501ca, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0202.583] GetDIBits (in: hdc=0x4d0101fe, hbm=0x7f0501ca, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0202.583] GetDIBits (in: hdc=0x4d0101fe, hbm=0x7f0501ca, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0202.583] GetDIBits (in: hdc=0x4d0101fe, hbm=0x390501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0202.583] WriteFile (in: hFile=0x46c, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0202.584] WriteFile (in: hFile=0x46c, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0202.584] WriteFile (in: hFile=0x46c, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0202.584] WriteFile (in: hFile=0x46c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0202.585] WriteFile (in: hFile=0x46c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0202.585] DeleteDC (hdc=0x4d0101fe) returned 1 [0202.585] CloseHandle (hObject=0x46c) returned 1 [0202.585] DeleteObject (ho=0x7f0501ca) returned 1 [0202.585] DeleteObject (ho=0x390501fb) returned 1 [0202.585] DestroyCursor (hCursor=0xf00f3) returned 1 [0202.585] GetCurrentThreadId () returned 0x6f8 [0202.585] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c [0202.585] GetFileSize (in: hFile=0x46c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x710a8 [0202.590] ReadFile (in: hFile=0x46c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x710a8, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x710a8, lpOverlapped=0x0) returned 1 [0202.593] CloseHandle (hObject=0x46c) returned 1 [0202.593] GetCurrentThreadId () returned 0x6f8 [0202.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe230290, dwHighDateTime=0x1d6076c)) [0202.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe230290, dwHighDateTime=0x1d6076c)) [0202.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xfe230290, dwHighDateTime=0x1d6076c)) [0202.698] GetCurrentThreadId () returned 0x6f8 [0202.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfe33ac30, dwHighDateTime=0x1d6076c)) [0202.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfe33ac30, dwHighDateTime=0x1d6076c)) [0202.698] GetCurrentThreadId () returned 0x6f8 [0202.698] CreateFileW (lpFileName="Wwsq.exe" (normalized: "c:\\windows\\system32\\wwsq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.700] CreateFileW (lpFileName="Wwsq.exe" (normalized: "c:\\windows\\system32\\wwsq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.700] GetCurrentThreadId () returned 0x6f8 [0202.700] GetCurrentThreadId () returned 0x6f8 [0202.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfe33ac30, dwHighDateTime=0x1d6076c)) [0202.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfe33ac30, dwHighDateTime=0x1d6076c)) [0202.700] CreateFileW (lpFileName="Wwsq.exe" (normalized: "c:\\windows\\system32\\wwsq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.700] GetCurrentThreadId () returned 0x6f8 [0202.700] BeginUpdateResourceW (pFileName="Wwsq.exe" (normalized: "c:\\windows\\system32\\wwsq.exe"), bDeleteExistingResources=0) returned 0x0 [0202.700] CreateFileW (lpFileName="gQII.ico" (normalized: "c:\\windows\\system32\\gqii.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x46c [0202.701] GetFileSize (in: hFile=0x46c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0202.701] ReadFile (in: hFile=0x46c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0202.701] CloseHandle (hObject=0x46c) returned 1 [0202.701] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0202.701] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0202.701] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0202.701] CopyFileW (lpExistingFileName="Wwsq.exe" (normalized: "c:\\windows\\system32\\wwsq.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), bFailIfExists=0) returned 0 [0202.702] SetNamedSecurityInfoW () returned 0x5 [0202.703] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa8, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0xa8, lpOverlapped=0x0) returned 1 [0202.703] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0202.703] DeleteFileW (lpFileName="gQII.ico" (normalized: "c:\\windows\\system32\\gqii.ico")) returned 1 [0202.705] DeleteFileW (lpFileName="Wwsq.exe" (normalized: "c:\\windows\\system32\\wwsq.exe")) returned 0 [0202.705] GetCurrentThreadId () returned 0x6f8 [0202.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xfe33ac30, dwHighDateTime=0x1d6076c)) [0202.705] GetCurrentThreadId () returned 0x6f8 [0202.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe33ac30, dwHighDateTime=0x1d6076c)) [0202.705] FindNextFileW (in: hFindFile=0x6680c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0202.705] GetCurrentThreadId () returned 0x6f8 [0202.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe33ac30, dwHighDateTime=0x1d6076c)) [0202.705] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cAlternateFileName="{582EA~1.250")) returned 1 [0202.705] GetCurrentThreadId () returned 0x6f8 [0202.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.705] GetCurrentThreadId () returned 0x6f8 [0202.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.706] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668108 [0202.709] GetCurrentThreadId () returned 0x6f8 [0202.709] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.709] FindNextFileW (in: hFindFile=0x668108, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.711] GetCurrentThreadId () returned 0x6f8 [0202.711] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.711] FindNextFileW (in: hFindFile=0x668108, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.711] GetCurrentThreadId () returned 0x6f8 [0202.711] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.711] GetCurrentThreadId () returned 0x6f8 [0202.711] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.711] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668148 [0202.713] GetCurrentThreadId () returned 0x6f8 [0202.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.713] FindNextFileW (in: hFindFile=0x668148, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.713] GetCurrentThreadId () returned 0x6f8 [0202.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.713] FindNextFileW (in: hFindFile=0x668148, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0202.713] GetCurrentThreadId () returned 0x6f8 [0202.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.713] GetCurrentThreadId () returned 0x6f8 [0202.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.713] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668188 [0202.714] GetCurrentThreadId () returned 0x6f8 [0202.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.714] FindNextFileW (in: hFindFile=0x668188, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.714] GetCurrentThreadId () returned 0x6f8 [0202.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.714] FindNextFileW (in: hFindFile=0x668188, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e8b00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd15e8b00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd15e8b00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x13babb, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.714] GetCurrentThreadId () returned 0x6f8 [0202.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.714] FindNextFileW (in: hFindFile=0x668188, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfb17b200, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.714] GetCurrentThreadId () returned 0x6f8 [0202.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.714] FindNextFileW (in: hFindFile=0x668188, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfb17b200, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.714] GetCurrentThreadId () returned 0x6f8 [0202.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.714] FindNextFileW (in: hFindFile=0x668148, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0202.714] GetCurrentThreadId () returned 0x6f8 [0202.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.714] FindNextFileW (in: hFindFile=0x668108, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.714] GetCurrentThreadId () returned 0x6f8 [0202.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.714] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cAlternateFileName="{68306~1.250")) returned 1 [0202.715] GetCurrentThreadId () returned 0x6f8 [0202.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.715] GetCurrentThreadId () returned 0x6f8 [0202.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.715] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6681c8 [0202.716] GetCurrentThreadId () returned 0x6f8 [0202.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.716] FindNextFileW (in: hFindFile=0x6681c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.716] GetCurrentThreadId () returned 0x6f8 [0202.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.716] FindNextFileW (in: hFindFile=0x6681c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.716] GetCurrentThreadId () returned 0x6f8 [0202.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.716] GetCurrentThreadId () returned 0x6f8 [0202.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.716] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668208 [0202.717] GetCurrentThreadId () returned 0x6f8 [0202.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.717] FindNextFileW (in: hFindFile=0x668208, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.717] GetCurrentThreadId () returned 0x6f8 [0202.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.717] FindNextFileW (in: hFindFile=0x668208, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0202.717] GetCurrentThreadId () returned 0x6f8 [0202.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.717] GetCurrentThreadId () returned 0x6f8 [0202.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.717] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668248 [0202.718] GetCurrentThreadId () returned 0x6f8 [0202.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.718] FindNextFileW (in: hFindFile=0x668248, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.718] GetCurrentThreadId () returned 0x6f8 [0202.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.718] FindNextFileW (in: hFindFile=0x668248, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c0e500, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd3c0e500, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd3c0e500, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x4f699e, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.719] GetCurrentThreadId () returned 0x6f8 [0202.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.719] FindNextFileW (in: hFindFile=0x668248, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfeab3900, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.719] GetCurrentThreadId () returned 0x6f8 [0202.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.719] FindNextFileW (in: hFindFile=0x668248, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfeab3900, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.719] GetCurrentThreadId () returned 0x6f8 [0202.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.719] FindNextFileW (in: hFindFile=0x668208, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0202.719] GetCurrentThreadId () returned 0x6f8 [0202.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.719] FindNextFileW (in: hFindFile=0x6681c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.719] GetCurrentThreadId () returned 0x6f8 [0202.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.719] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cAlternateFileName="{8D4F7~1.250")) returned 1 [0202.720] GetCurrentThreadId () returned 0x6f8 [0202.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.720] GetCurrentThreadId () returned 0x6f8 [0202.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe360d90, dwHighDateTime=0x1d6076c)) [0202.720] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668288 [0202.721] GetCurrentThreadId () returned 0x6f8 [0202.721] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.721] FindNextFileW (in: hFindFile=0x668288, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.721] GetCurrentThreadId () returned 0x6f8 [0202.721] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.721] FindNextFileW (in: hFindFile=0x668288, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.721] GetCurrentThreadId () returned 0x6f8 [0202.721] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.721] GetCurrentThreadId () returned 0x6f8 [0202.721] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.721] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6682c8 [0202.724] GetCurrentThreadId () returned 0x6f8 [0202.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.724] FindNextFileW (in: hFindFile=0x6682c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.724] GetCurrentThreadId () returned 0x6f8 [0202.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.724] FindNextFileW (in: hFindFile=0x6682c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0202.724] GetCurrentThreadId () returned 0x6f8 [0202.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.724] GetCurrentThreadId () returned 0x6f8 [0202.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.724] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668308 [0202.724] GetCurrentThreadId () returned 0x6f8 [0202.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.724] FindNextFileW (in: hFindFile=0x668308, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.725] GetCurrentThreadId () returned 0x6f8 [0202.725] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.725] FindNextFileW (in: hFindFile=0x668308, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c0e500, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd3c0e500, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd3c0e500, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x165257, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.725] GetCurrentThreadId () returned 0x6f8 [0202.725] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.725] FindNextFileW (in: hFindFile=0x668308, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfd7a0c00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.725] GetCurrentThreadId () returned 0x6f8 [0202.725] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.725] FindNextFileW (in: hFindFile=0x668308, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfd7a0c00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.725] GetCurrentThreadId () returned 0x6f8 [0202.725] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.725] FindNextFileW (in: hFindFile=0x6682c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0202.725] GetCurrentThreadId () returned 0x6f8 [0202.725] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.725] FindNextFileW (in: hFindFile=0x668288, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.725] GetCurrentThreadId () returned 0x6f8 [0202.725] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.725] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cAlternateFileName="{929FB~1.210")) returned 1 [0202.725] GetCurrentThreadId () returned 0x6f8 [0202.725] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.725] GetCurrentThreadId () returned 0x6f8 [0202.725] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.726] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668348 [0202.726] GetCurrentThreadId () returned 0x6f8 [0202.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.726] FindNextFileW (in: hFindFile=0x668348, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.726] GetCurrentThreadId () returned 0x6f8 [0202.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.726] FindNextFileW (in: hFindFile=0x668348, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.726] GetCurrentThreadId () returned 0x6f8 [0202.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.726] GetCurrentThreadId () returned 0x6f8 [0202.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.726] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668388 [0202.727] GetCurrentThreadId () returned 0x6f8 [0202.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.727] FindNextFileW (in: hFindFile=0x668388, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.727] GetCurrentThreadId () returned 0x6f8 [0202.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.727] FindNextFileW (in: hFindFile=0x668388, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0202.727] GetCurrentThreadId () returned 0x6f8 [0202.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.727] GetCurrentThreadId () returned 0x6f8 [0202.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.727] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6683c8 [0202.728] GetCurrentThreadId () returned 0x6f8 [0202.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.728] FindNextFileW (in: hFindFile=0x6683c8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.728] GetCurrentThreadId () returned 0x6f8 [0202.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.728] FindNextFileW (in: hFindFile=0x6683c8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c9b1b00, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7c9b1b00, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7c9b1b00, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x554520, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.728] GetCurrentThreadId () returned 0x6f8 [0202.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.728] FindNextFileW (in: hFindFile=0x6683c8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.728] GetCurrentThreadId () returned 0x6f8 [0202.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.728] FindNextFileW (in: hFindFile=0x6683c8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.728] GetCurrentThreadId () returned 0x6f8 [0202.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.728] FindNextFileW (in: hFindFile=0x668388, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0202.728] GetCurrentThreadId () returned 0x6f8 [0202.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.729] FindNextFileW (in: hFindFile=0x668348, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.729] GetCurrentThreadId () returned 0x6f8 [0202.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.729] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cAlternateFileName="{A749D~1.210")) returned 1 [0202.729] GetCurrentThreadId () returned 0x6f8 [0202.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.729] GetCurrentThreadId () returned 0x6f8 [0202.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.729] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668408 [0202.729] GetCurrentThreadId () returned 0x6f8 [0202.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.729] FindNextFileW (in: hFindFile=0x668408, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.729] GetCurrentThreadId () returned 0x6f8 [0202.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.730] FindNextFileW (in: hFindFile=0x668408, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.730] GetCurrentThreadId () returned 0x6f8 [0202.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.730] GetCurrentThreadId () returned 0x6f8 [0202.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.730] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668448 [0202.730] GetCurrentThreadId () returned 0x6f8 [0202.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.730] FindNextFileW (in: hFindFile=0x668448, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.730] GetCurrentThreadId () returned 0x6f8 [0202.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.730] FindNextFileW (in: hFindFile=0x668448, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0202.731] GetCurrentThreadId () returned 0x6f8 [0202.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.731] GetCurrentThreadId () returned 0x6f8 [0202.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.731] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668488 [0202.731] GetCurrentThreadId () returned 0x6f8 [0202.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.731] FindNextFileW (in: hFindFile=0x668488, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.731] GetCurrentThreadId () returned 0x6f8 [0202.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.731] FindNextFileW (in: hFindFile=0x668488, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b69ee00, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7b69ee00, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7b69ee00, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0xfc90a, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.731] GetCurrentThreadId () returned 0x6f8 [0202.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.731] FindNextFileW (in: hFindFile=0x668488, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.731] GetCurrentThreadId () returned 0x6f8 [0202.732] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.732] FindNextFileW (in: hFindFile=0x668488, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.732] GetCurrentThreadId () returned 0x6f8 [0202.732] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.732] FindNextFileW (in: hFindFile=0x668448, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0202.732] GetCurrentThreadId () returned 0x6f8 [0202.732] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.732] FindNextFileW (in: hFindFile=0x668408, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.732] GetCurrentThreadId () returned 0x6f8 [0202.732] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.732] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cAlternateFileName="{B1755~1.610")) returned 1 [0202.732] GetCurrentThreadId () returned 0x6f8 [0202.732] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.732] GetCurrentThreadId () returned 0x6f8 [0202.732] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe386ef0, dwHighDateTime=0x1d6076c)) [0202.732] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6684c8 [0202.737] GetCurrentThreadId () returned 0x6f8 [0202.737] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.737] FindNextFileW (in: hFindFile=0x6684c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.737] GetCurrentThreadId () returned 0x6f8 [0202.737] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.737] FindNextFileW (in: hFindFile=0x6684c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.738] GetCurrentThreadId () returned 0x6f8 [0202.738] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.738] GetCurrentThreadId () returned 0x6f8 [0202.738] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.738] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668508 [0202.739] GetCurrentThreadId () returned 0x6f8 [0202.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.739] FindNextFileW (in: hFindFile=0x668508, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.739] GetCurrentThreadId () returned 0x6f8 [0202.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.739] FindNextFileW (in: hFindFile=0x668508, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0202.739] GetCurrentThreadId () returned 0x6f8 [0202.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.739] GetCurrentThreadId () returned 0x6f8 [0202.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.739] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668548 [0202.740] GetCurrentThreadId () returned 0x6f8 [0202.740] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.740] FindNextFileW (in: hFindFile=0x668548, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.740] GetCurrentThreadId () returned 0x6f8 [0202.740] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.740] FindNextFileW (in: hFindFile=0x668548, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aae6600, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x8aae6600, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x8aae6600, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0x4ea418, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.741] GetCurrentThreadId () returned 0x6f8 [0202.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.741] FindNextFileW (in: hFindFile=0x668548, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.741] GetCurrentThreadId () returned 0x6f8 [0202.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.741] FindNextFileW (in: hFindFile=0x668548, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.741] GetCurrentThreadId () returned 0x6f8 [0202.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.741] FindNextFileW (in: hFindFile=0x668508, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0202.741] GetCurrentThreadId () returned 0x6f8 [0202.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.741] FindNextFileW (in: hFindFile=0x6684c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.741] GetCurrentThreadId () returned 0x6f8 [0202.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.741] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cAlternateFileName="{BD95A~1.610")) returned 1 [0202.741] GetCurrentThreadId () returned 0x6f8 [0202.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.741] GetCurrentThreadId () returned 0x6f8 [0202.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.741] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668588 [0202.742] GetCurrentThreadId () returned 0x6f8 [0202.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.742] FindNextFileW (in: hFindFile=0x668588, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.743] GetCurrentThreadId () returned 0x6f8 [0202.743] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.743] FindNextFileW (in: hFindFile=0x668588, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.743] GetCurrentThreadId () returned 0x6f8 [0202.743] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.743] GetCurrentThreadId () returned 0x6f8 [0202.743] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe3ad050, dwHighDateTime=0x1d6076c)) [0202.743] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6685c8 [0202.757] GetCurrentThreadId () returned 0x6f8 [0202.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe3d31b0, dwHighDateTime=0x1d6076c)) [0202.757] FindNextFileW (in: hFindFile=0x6685c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.757] GetCurrentThreadId () returned 0x6f8 [0202.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe3d31b0, dwHighDateTime=0x1d6076c)) [0202.757] FindNextFileW (in: hFindFile=0x6685c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0202.758] GetCurrentThreadId () returned 0x6f8 [0202.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3d31b0, dwHighDateTime=0x1d6076c)) [0202.758] GetCurrentThreadId () returned 0x6f8 [0202.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3d31b0, dwHighDateTime=0x1d6076c)) [0202.758] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668608 [0202.769] GetCurrentThreadId () returned 0x6f8 [0202.769] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.769] FindNextFileW (in: hFindFile=0x668608, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.769] GetCurrentThreadId () returned 0x6f8 [0202.769] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.769] FindNextFileW (in: hFindFile=0x668608, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x884c0c00, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x884c0c00, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x884c0c00, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0xc89b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.769] GetCurrentThreadId () returned 0x6f8 [0202.769] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.769] FindNextFileW (in: hFindFile=0x668608, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.769] GetCurrentThreadId () returned 0x6f8 [0202.769] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.770] FindNextFileW (in: hFindFile=0x668608, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.770] GetCurrentThreadId () returned 0x6f8 [0202.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.770] FindNextFileW (in: hFindFile=0x6685c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0202.770] GetCurrentThreadId () returned 0x6f8 [0202.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.770] FindNextFileW (in: hFindFile=0x668588, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.770] GetCurrentThreadId () returned 0x6f8 [0202.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.770] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cAlternateFileName="{CA675~1")) returned 1 [0202.770] GetCurrentThreadId () returned 0x6f8 [0202.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.770] GetCurrentThreadId () returned 0x6f8 [0202.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.770] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x668648 [0202.771] GetCurrentThreadId () returned 0x6f8 [0202.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.771] FindNextFileW (in: hFindFile=0x668648, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.772] GetCurrentThreadId () returned 0x6f8 [0202.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.772] FindNextFileW (in: hFindFile=0x668648, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfe3882c0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0202.772] GetCurrentThreadId () returned 0x6f8 [0202.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.772] FindNextFileW (in: hFindFile=0x668648, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0202.772] GetCurrentThreadId () returned 0x6f8 [0202.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xfe3f9310, dwHighDateTime=0x1d6076c)) [0202.772] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe")) returned 0x20 [0202.772] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", dwFileAttributes=0x80) returned 0 [0202.772] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c4 [0202.773] GetFileSize (in: hFile=0x4c4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f398 [0202.777] ReadFile (in: hFile=0x4c4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6f398, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x6f398, lpOverlapped=0x0) returned 1 [0202.784] GetCurrentThreadId () returned 0x6f8 [0202.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe41f470, dwHighDateTime=0x1d6076c)) [0202.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe41f470, dwHighDateTime=0x1d6076c)) [0202.784] GetCurrentThreadId () returned 0x6f8 [0202.787] ExtractIconExW (in: lpszFile="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", nIconIndex=0, phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218, nIcons=0x1 | out: phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218) returned 0x2 [0202.797] DestroyCursor (hCursor=0x1000f3) returned 1 [0202.798] DestroyCursor (hCursor=0x100155) returned 1 [0202.798] CloseHandle (hObject=0x4c4) returned 1 [0202.798] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", dwFileAttributes=0x20) returned 0 [0202.798] GetCurrentThreadId () returned 0x6f8 [0202.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe41f470, dwHighDateTime=0x1d6076c)) [0202.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe41f470, dwHighDateTime=0x1d6076c)) [0202.798] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", piIcon=0x4e4f238 | out: pszIconPath="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", piIcon=0x4e4f238) returned 0x110155 [0202.800] GetIconInfo (in: hIcon=0x110155, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0202.800] CreateFileW (lpFileName="eUkk.ico" (normalized: "c:\\windows\\system32\\eukk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c4 [0202.801] GetObjectA (in: h=0x4c050772, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0202.801] GetObjectA (in: h=0x540501fe, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0202.801] CreateCompatibleDC (hdc=0x0) returned 0x54010776 [0202.801] GetDIBits (in: hdc=0x54010776, hbm=0x4c050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0202.801] GetDIBits (in: hdc=0x54010776, hbm=0x4c050772, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0202.801] GetDIBits (in: hdc=0x54010776, hbm=0x4c050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0202.801] GetDIBits (in: hdc=0x54010776, hbm=0x540501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0202.801] WriteFile (in: hFile=0x4c4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0202.802] WriteFile (in: hFile=0x4c4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0202.802] WriteFile (in: hFile=0x4c4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0202.803] WriteFile (in: hFile=0x4c4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0202.803] WriteFile (in: hFile=0x4c4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0202.803] DeleteDC (hdc=0x54010776) returned 1 [0202.803] CloseHandle (hObject=0x4c4) returned 1 [0202.803] DeleteObject (ho=0x4c050772) returned 1 [0202.803] DeleteObject (ho=0x540501fe) returned 1 [0202.803] DestroyCursor (hCursor=0x110155) returned 1 [0202.804] GetCurrentThreadId () returned 0x6f8 [0202.804] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c4 [0202.804] GetFileSize (in: hFile=0x4c4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f398 [0202.809] ReadFile (in: hFile=0x4c4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6f398, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x6f398, lpOverlapped=0x0) returned 1 [0202.812] CloseHandle (hObject=0x4c4) returned 1 [0202.812] GetCurrentThreadId () returned 0x6f8 [0202.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe4455d0, dwHighDateTime=0x1d6076c)) [0202.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe4455d0, dwHighDateTime=0x1d6076c)) [0202.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xfe4455d0, dwHighDateTime=0x1d6076c)) [0202.918] GetCurrentThreadId () returned 0x6f8 [0202.918] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfe54ff70, dwHighDateTime=0x1d6076c)) [0202.918] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfe54ff70, dwHighDateTime=0x1d6076c)) [0202.918] GetCurrentThreadId () returned 0x6f8 [0202.918] CreateFileW (lpFileName="YAUw.exe" (normalized: "c:\\windows\\system32\\yauw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.919] CreateFileW (lpFileName="YAUw.exe" (normalized: "c:\\windows\\system32\\yauw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.919] GetCurrentThreadId () returned 0x6f8 [0202.919] GetCurrentThreadId () returned 0x6f8 [0202.919] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfe54ff70, dwHighDateTime=0x1d6076c)) [0202.919] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfe54ff70, dwHighDateTime=0x1d6076c)) [0202.919] CreateFileW (lpFileName="YAUw.exe" (normalized: "c:\\windows\\system32\\yauw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.919] GetCurrentThreadId () returned 0x6f8 [0202.919] BeginUpdateResourceW (pFileName="YAUw.exe" (normalized: "c:\\windows\\system32\\yauw.exe"), bDeleteExistingResources=0) returned 0x0 [0202.919] CreateFileW (lpFileName="eUkk.ico" (normalized: "c:\\windows\\system32\\eukk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4c4 [0202.920] GetFileSize (in: hFile=0x4c4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0202.920] ReadFile (in: hFile=0x4c4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0202.920] CloseHandle (hObject=0x4c4) returned 1 [0202.920] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0202.920] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0202.920] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0202.920] CopyFileW (lpExistingFileName="YAUw.exe" (normalized: "c:\\windows\\system32\\yauw.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), bFailIfExists=0) returned 0 [0202.921] SetNamedSecurityInfoW () returned 0x5 [0202.921] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa8, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0xa8, lpOverlapped=0x0) returned 1 [0202.921] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0202.921] DeleteFileW (lpFileName="eUkk.ico" (normalized: "c:\\windows\\system32\\eukk.ico")) returned 1 [0202.923] DeleteFileW (lpFileName="YAUw.exe" (normalized: "c:\\windows\\system32\\yauw.exe")) returned 0 [0202.923] GetCurrentThreadId () returned 0x6f8 [0202.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xfe54ff70, dwHighDateTime=0x1d6076c)) [0202.923] GetCurrentThreadId () returned 0x6f8 [0202.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe54ff70, dwHighDateTime=0x1d6076c)) [0202.923] FindNextFileW (in: hFindFile=0x668648, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0202.923] GetCurrentThreadId () returned 0x6f8 [0202.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe54ff70, dwHighDateTime=0x1d6076c)) [0202.923] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cAlternateFileName="{CF2BE~1.610")) returned 1 [0202.923] GetCurrentThreadId () returned 0x6f8 [0202.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe54ff70, dwHighDateTime=0x1d6076c)) [0202.923] GetCurrentThreadId () returned 0x6f8 [0202.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe54ff70, dwHighDateTime=0x1d6076c)) [0202.923] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a86c8 [0202.958] GetCurrentThreadId () returned 0x6f8 [0202.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.958] FindNextFileW (in: hFindFile=0x6a86c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.958] GetCurrentThreadId () returned 0x6f8 [0202.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.958] FindNextFileW (in: hFindFile=0x6a86c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.958] GetCurrentThreadId () returned 0x6f8 [0202.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.958] GetCurrentThreadId () returned 0x6f8 [0202.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.958] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8708 [0202.959] GetCurrentThreadId () returned 0x6f8 [0202.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.959] FindNextFileW (in: hFindFile=0x6a8708, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.959] GetCurrentThreadId () returned 0x6f8 [0202.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.959] FindNextFileW (in: hFindFile=0x6a8708, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0202.959] GetCurrentThreadId () returned 0x6f8 [0202.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.959] GetCurrentThreadId () returned 0x6f8 [0202.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.959] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8748 [0202.960] GetCurrentThreadId () returned 0x6f8 [0202.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.960] FindNextFileW (in: hFindFile=0x6a8748, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.960] GetCurrentThreadId () returned 0x6f8 [0202.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.960] FindNextFileW (in: hFindFile=0x6a8748, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x969a2800, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x969a2800, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x969a2800, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0xc5b25, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.960] GetCurrentThreadId () returned 0x6f8 [0202.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.960] FindNextFileW (in: hFindFile=0x6a8748, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x5a1afc00, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.960] GetCurrentThreadId () returned 0x6f8 [0202.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.960] FindNextFileW (in: hFindFile=0x6a8748, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x5a1afc00, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.960] GetCurrentThreadId () returned 0x6f8 [0202.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.960] FindNextFileW (in: hFindFile=0x6a8708, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0202.960] GetCurrentThreadId () returned 0x6f8 [0202.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.960] FindNextFileW (in: hFindFile=0x6a86c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.961] GetCurrentThreadId () returned 0x6f8 [0202.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.961] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cAlternateFileName="{E5127~1.250")) returned 1 [0202.961] GetCurrentThreadId () returned 0x6f8 [0202.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.961] GetCurrentThreadId () returned 0x6f8 [0202.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.961] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8788 [0202.961] GetCurrentThreadId () returned 0x6f8 [0202.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.961] FindNextFileW (in: hFindFile=0x6a8788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.961] GetCurrentThreadId () returned 0x6f8 [0202.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.961] FindNextFileW (in: hFindFile=0x6a8788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0202.962] GetCurrentThreadId () returned 0x6f8 [0202.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.962] GetCurrentThreadId () returned 0x6f8 [0202.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.962] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a87c8 [0202.966] GetCurrentThreadId () returned 0x6f8 [0202.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.966] FindNextFileW (in: hFindFile=0x6a87c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.966] GetCurrentThreadId () returned 0x6f8 [0202.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.966] FindNextFileW (in: hFindFile=0x6a87c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0202.966] GetCurrentThreadId () returned 0x6f8 [0202.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.966] GetCurrentThreadId () returned 0x6f8 [0202.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.966] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8808 [0202.967] GetCurrentThreadId () returned 0x6f8 [0202.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.967] FindNextFileW (in: hFindFile=0x6a8808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.967] GetCurrentThreadId () returned 0x6f8 [0202.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.967] FindNextFileW (in: hFindFile=0x6a8808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdae7f300, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xdae7f300, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xdae7f300, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x59bde5, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0202.967] GetCurrentThreadId () returned 0x6f8 [0202.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.967] FindNextFileW (in: hFindFile=0x6a8808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x36fed00, ftLastWriteTime.dwHighDateTime=0x1d28825, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0202.967] GetCurrentThreadId () returned 0x6f8 [0202.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.967] FindNextFileW (in: hFindFile=0x6a8808, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x36fed00, ftLastWriteTime.dwHighDateTime=0x1d28825, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0202.967] GetCurrentThreadId () returned 0x6f8 [0202.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.967] FindNextFileW (in: hFindFile=0x6a87c8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0202.967] GetCurrentThreadId () returned 0x6f8 [0202.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.967] FindNextFileW (in: hFindFile=0x6a8788, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0202.967] GetCurrentThreadId () returned 0x6f8 [0202.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.967] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e52a6842-b0ac-476e-b48f-378a97a67346}", cAlternateFileName="{E52A6~1")) returned 1 [0202.968] GetCurrentThreadId () returned 0x6f8 [0202.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.968] GetCurrentThreadId () returned 0x6f8 [0202.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.968] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8848 [0202.969] GetCurrentThreadId () returned 0x6f8 [0202.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.969] FindNextFileW (in: hFindFile=0x6a8848, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.969] GetCurrentThreadId () returned 0x6f8 [0202.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.969] FindNextFileW (in: hFindFile=0x6a8848, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xe9f9cff0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0202.969] GetCurrentThreadId () returned 0x6f8 [0202.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.969] FindNextFileW (in: hFindFile=0x6a8848, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0202.969] GetCurrentThreadId () returned 0x6f8 [0202.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.969] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe")) returned 0x20 [0202.970] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", dwFileAttributes=0x80) returned 0 [0202.970] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e0 [0202.970] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbee38 [0202.976] ReadFile (in: hFile=0x4e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbee38, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xbee38, lpOverlapped=0x0) returned 1 [0202.985] GetCurrentThreadId () returned 0x6f8 [0202.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe5e84f0, dwHighDateTime=0x1d6076c)) [0202.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe5e84f0, dwHighDateTime=0x1d6076c)) [0202.985] GetCurrentThreadId () returned 0x6f8 [0202.994] ExtractIconExW (in: lpszFile="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", nIconIndex=0, phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218, nIcons=0x1 | out: phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218) returned 0x2 [0203.009] DestroyCursor (hCursor=0x3014d) returned 1 [0203.009] DestroyCursor (hCursor=0x30147) returned 1 [0203.009] CloseHandle (hObject=0x4e0) returned 1 [0203.010] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", dwFileAttributes=0x20) returned 0 [0203.010] GetCurrentThreadId () returned 0x6f8 [0203.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe6347b0, dwHighDateTime=0x1d6076c)) [0203.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe6347b0, dwHighDateTime=0x1d6076c)) [0203.010] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", piIcon=0x4e4f238 | out: pszIconPath="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", piIcon=0x4e4f238) returned 0x40147 [0203.012] GetIconInfo (in: hIcon=0x40147, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0203.012] CreateFileW (lpFileName="GCAM.ico" (normalized: "c:\\windows\\system32\\gcam.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e0 [0203.012] GetObjectA (in: h=0x5a0501fe, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0203.012] GetObjectA (in: h=0x3705016f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0203.013] CreateCompatibleDC (hdc=0x0) returned 0x29010770 [0203.013] GetDIBits (in: hdc=0x29010770, hbm=0x5a0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0203.013] GetDIBits (in: hdc=0x29010770, hbm=0x5a0501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0203.013] GetDIBits (in: hdc=0x29010770, hbm=0x5a0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0203.013] GetDIBits (in: hdc=0x29010770, hbm=0x3705016f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0203.013] WriteFile (in: hFile=0x4e0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0203.014] WriteFile (in: hFile=0x4e0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0203.014] WriteFile (in: hFile=0x4e0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0203.014] WriteFile (in: hFile=0x4e0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0203.015] WriteFile (in: hFile=0x4e0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0203.015] DeleteDC (hdc=0x29010770) returned 1 [0203.015] CloseHandle (hObject=0x4e0) returned 1 [0203.016] DeleteObject (ho=0x5a0501fe) returned 1 [0203.016] DeleteObject (ho=0x3705016f) returned 1 [0203.016] DestroyCursor (hCursor=0x40147) returned 1 [0203.016] GetCurrentThreadId () returned 0x6f8 [0203.016] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e0 [0203.016] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbee38 [0203.021] ReadFile (in: hFile=0x4e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbee38, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xbee38, lpOverlapped=0x0) returned 1 [0203.027] CloseHandle (hObject=0x4e0) returned 1 [0203.027] GetCurrentThreadId () returned 0x6f8 [0203.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe65a910, dwHighDateTime=0x1d6076c)) [0203.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe65a910, dwHighDateTime=0x1d6076c)) [0203.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xfe65a910, dwHighDateTime=0x1d6076c)) [0203.166] GetCurrentThreadId () returned 0x6f8 [0203.166] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.166] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.166] GetCurrentThreadId () returned 0x6f8 [0203.166] CreateFileW (lpFileName="SIUU.exe" (normalized: "c:\\windows\\system32\\siuu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.167] CreateFileW (lpFileName="SIUU.exe" (normalized: "c:\\windows\\system32\\siuu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.167] GetCurrentThreadId () returned 0x6f8 [0203.168] GetCurrentThreadId () returned 0x6f8 [0203.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.168] CreateFileW (lpFileName="SIUU.exe" (normalized: "c:\\windows\\system32\\siuu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.168] GetCurrentThreadId () returned 0x6f8 [0203.168] BeginUpdateResourceW (pFileName="SIUU.exe" (normalized: "c:\\windows\\system32\\siuu.exe"), bDeleteExistingResources=0) returned 0x0 [0203.168] CreateFileW (lpFileName="GCAM.ico" (normalized: "c:\\windows\\system32\\gcam.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4e0 [0203.168] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0203.169] ReadFile (in: hFile=0x4e0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0203.169] CloseHandle (hObject=0x4e0) returned 1 [0203.169] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0203.169] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0203.169] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0203.169] CopyFileW (lpExistingFileName="SIUU.exe" (normalized: "c:\\windows\\system32\\siuu.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), bFailIfExists=0) returned 0 [0203.169] SetNamedSecurityInfoW () returned 0x5 [0203.170] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xaa, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0xaa, lpOverlapped=0x0) returned 1 [0203.170] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0203.170] DeleteFileW (lpFileName="GCAM.ico" (normalized: "c:\\windows\\system32\\gcam.ico")) returned 1 [0203.171] DeleteFileW (lpFileName="SIUU.exe" (normalized: "c:\\windows\\system32\\siuu.exe")) returned 0 [0203.171] GetCurrentThreadId () returned 0x6f8 [0203.171] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.171] GetCurrentThreadId () returned 0x6f8 [0203.171] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.172] FindNextFileW (in: hFindFile=0x6a8848, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0203.172] GetCurrentThreadId () returned 0x6f8 [0203.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.172] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cAlternateFileName="{E6E75~1")) returned 1 [0203.172] GetCurrentThreadId () returned 0x6f8 [0203.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.172] GetCurrentThreadId () returned 0x6f8 [0203.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe7b1570, dwHighDateTime=0x1d6076c)) [0203.172] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8888 [0203.174] GetCurrentThreadId () returned 0x6f8 [0203.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe7d76d0, dwHighDateTime=0x1d6076c)) [0203.174] FindNextFileW (in: hFindFile=0x6a8888, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.174] GetCurrentThreadId () returned 0x6f8 [0203.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe7d76d0, dwHighDateTime=0x1d6076c)) [0203.174] FindNextFileW (in: hFindFile=0x6a8888, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcad7040, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x105e7220, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0203.174] GetCurrentThreadId () returned 0x6f8 [0203.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe7d76d0, dwHighDateTime=0x1d6076c)) [0203.174] FindNextFileW (in: hFindFile=0x6a8888, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0203.174] GetCurrentThreadId () returned 0x6f8 [0203.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xfe7d76d0, dwHighDateTime=0x1d6076c)) [0203.174] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe")) returned 0x20 [0203.175] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", dwFileAttributes=0x80) returned 0 [0203.176] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4 [0203.176] GetFileSize (in: hFile=0x4e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x71080 [0203.181] ReadFile (in: hFile=0x4e4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x71080, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x71080, lpOverlapped=0x0) returned 1 [0203.188] GetCurrentThreadId () returned 0x6f8 [0203.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe7d76d0, dwHighDateTime=0x1d6076c)) [0203.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe7d76d0, dwHighDateTime=0x1d6076c)) [0203.188] GetCurrentThreadId () returned 0x6f8 [0203.192] ExtractIconExW (in: lpszFile="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", nIconIndex=0, phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218, nIcons=0x1 | out: phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218) returned 0x2 [0203.204] DestroyCursor (hCursor=0x50147) returned 1 [0203.204] DestroyCursor (hCursor=0x4014d) returned 1 [0203.204] CloseHandle (hObject=0x4e4) returned 1 [0203.204] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", dwFileAttributes=0x20) returned 0 [0203.205] GetCurrentThreadId () returned 0x6f8 [0203.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe823990, dwHighDateTime=0x1d6076c)) [0203.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe823990, dwHighDateTime=0x1d6076c)) [0203.206] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", piIcon=0x4e4f238 | out: pszIconPath="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", piIcon=0x4e4f238) returned 0x7010f [0203.207] GetIconInfo (in: hIcon=0x7010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0203.208] CreateFileW (lpFileName="Ymsk.ico" (normalized: "c:\\windows\\system32\\ymsk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4 [0203.209] GetObjectA (in: h=0x630501fe, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0203.209] GetObjectA (in: h=0x180501fa, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0203.209] CreateCompatibleDC (hdc=0x0) returned 0x930101ca [0203.209] GetDIBits (in: hdc=0x930101ca, hbm=0x630501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0203.209] GetDIBits (in: hdc=0x930101ca, hbm=0x630501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0203.209] GetDIBits (in: hdc=0x930101ca, hbm=0x630501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0203.209] GetDIBits (in: hdc=0x930101ca, hbm=0x180501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0203.209] WriteFile (in: hFile=0x4e4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0203.210] WriteFile (in: hFile=0x4e4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0203.210] WriteFile (in: hFile=0x4e4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0203.210] WriteFile (in: hFile=0x4e4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0203.211] WriteFile (in: hFile=0x4e4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0203.211] DeleteDC (hdc=0x930101ca) returned 1 [0203.211] CloseHandle (hObject=0x4e4) returned 1 [0203.211] DeleteObject (ho=0x630501fe) returned 1 [0203.211] DeleteObject (ho=0x180501fa) returned 1 [0203.211] DestroyCursor (hCursor=0x7010f) returned 1 [0203.212] GetCurrentThreadId () returned 0x6f8 [0203.212] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4 [0203.212] GetFileSize (in: hFile=0x4e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x71080 [0203.217] ReadFile (in: hFile=0x4e4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x71080, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x71080, lpOverlapped=0x0) returned 1 [0203.221] CloseHandle (hObject=0x4e4) returned 1 [0203.221] GetCurrentThreadId () returned 0x6f8 [0203.221] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe849af0, dwHighDateTime=0x1d6076c)) [0203.221] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe849af0, dwHighDateTime=0x1d6076c)) [0203.221] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xfe849af0, dwHighDateTime=0x1d6076c)) [0203.341] GetCurrentThreadId () returned 0x6f8 [0203.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfe954490, dwHighDateTime=0x1d6076c)) [0203.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfe954490, dwHighDateTime=0x1d6076c)) [0203.341] GetCurrentThreadId () returned 0x6f8 [0203.341] CreateFileW (lpFileName="wggO.exe" (normalized: "c:\\windows\\system32\\wggo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.342] CreateFileW (lpFileName="wggO.exe" (normalized: "c:\\windows\\system32\\wggo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.343] GetCurrentThreadId () returned 0x6f8 [0203.343] GetCurrentThreadId () returned 0x6f8 [0203.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfe954490, dwHighDateTime=0x1d6076c)) [0203.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfe954490, dwHighDateTime=0x1d6076c)) [0203.343] CreateFileW (lpFileName="wggO.exe" (normalized: "c:\\windows\\system32\\wggo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.343] GetCurrentThreadId () returned 0x6f8 [0203.343] BeginUpdateResourceW (pFileName="wggO.exe" (normalized: "c:\\windows\\system32\\wggo.exe"), bDeleteExistingResources=0) returned 0x0 [0203.343] CreateFileW (lpFileName="Ymsk.ico" (normalized: "c:\\windows\\system32\\ymsk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4e4 [0203.343] GetFileSize (in: hFile=0x4e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0203.344] ReadFile (in: hFile=0x4e4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0203.344] CloseHandle (hObject=0x4e4) returned 1 [0203.344] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0203.344] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0203.344] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0203.344] CopyFileW (lpExistingFileName="wggO.exe" (normalized: "c:\\windows\\system32\\wggo.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), bFailIfExists=0) returned 0 [0203.344] SetNamedSecurityInfoW () returned 0x5 [0203.346] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa8, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0xa8, lpOverlapped=0x0) returned 1 [0203.346] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0203.346] DeleteFileW (lpFileName="Ymsk.ico" (normalized: "c:\\windows\\system32\\ymsk.ico")) returned 1 [0203.348] DeleteFileW (lpFileName="wggO.exe" (normalized: "c:\\windows\\system32\\wggo.exe")) returned 0 [0203.348] GetCurrentThreadId () returned 0x6f8 [0203.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xfe97a5f0, dwHighDateTime=0x1d6076c)) [0203.348] GetCurrentThreadId () returned 0x6f8 [0203.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe97a5f0, dwHighDateTime=0x1d6076c)) [0203.348] FindNextFileW (in: hFindFile=0x6a8888, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0203.348] GetCurrentThreadId () returned 0x6f8 [0203.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfe97a5f0, dwHighDateTime=0x1d6076c)) [0203.348] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cAlternateFileName="{F325F~1")) returned 1 [0203.348] GetCurrentThreadId () returned 0x6f8 [0203.349] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe97a5f0, dwHighDateTime=0x1d6076c)) [0203.349] GetCurrentThreadId () returned 0x6f8 [0203.349] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe97a5f0, dwHighDateTime=0x1d6076c)) [0203.349] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a88c8 [0203.350] GetCurrentThreadId () returned 0x6f8 [0203.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe97a5f0, dwHighDateTime=0x1d6076c)) [0203.350] FindNextFileW (in: hFindFile=0x6a88c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.350] GetCurrentThreadId () returned 0x6f8 [0203.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe97a5f0, dwHighDateTime=0x1d6076c)) [0203.350] FindNextFileW (in: hFindFile=0x6a88c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf93efac0, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0x6601040, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0203.350] GetCurrentThreadId () returned 0x6f8 [0203.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfe97a5f0, dwHighDateTime=0x1d6076c)) [0203.350] FindNextFileW (in: hFindFile=0x6a88c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0203.350] GetCurrentThreadId () returned 0x6f8 [0203.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xfe97a5f0, dwHighDateTime=0x1d6076c)) [0203.351] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe")) returned 0x80 [0203.351] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", dwFileAttributes=0x80) returned 0 [0203.351] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e8 [0203.351] GetFileSize (in: hFile=0x4e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbee30 [0203.356] ReadFile (in: hFile=0x4e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbee30, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xbee30, lpOverlapped=0x0) returned 1 [0203.367] GetCurrentThreadId () returned 0x6f8 [0203.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe9a0750, dwHighDateTime=0x1d6076c)) [0203.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xfe9a0750, dwHighDateTime=0x1d6076c)) [0203.367] GetCurrentThreadId () returned 0x6f8 [0203.373] ExtractIconExW (in: lpszFile="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", nIconIndex=0, phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218, nIcons=0x1 | out: phiconLarge=0x4e4f21c, phiconSmall=0x4e4f218) returned 0x2 [0203.388] DestroyCursor (hCursor=0x8010f) returned 1 [0203.388] DestroyCursor (hCursor=0x5014d) returned 1 [0203.389] CloseHandle (hObject=0x4e8) returned 1 [0203.389] SetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", dwFileAttributes=0x80) returned 0 [0203.389] GetCurrentThreadId () returned 0x6f8 [0203.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe9c68b0, dwHighDateTime=0x1d6076c)) [0203.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xfe9c68b0, dwHighDateTime=0x1d6076c)) [0203.389] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", piIcon=0x4e4f238 | out: pszIconPath="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", piIcon=0x4e4f238) returned 0x6014d [0203.391] GetIconInfo (in: hIcon=0x6014d, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0203.391] CreateFileW (lpFileName="oGsg.ico" (normalized: "c:\\windows\\system32\\ogsg.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e8 [0203.392] GetObjectA (in: h=0x4305016f, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0203.392] GetObjectA (in: h=0x25050771, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0203.392] CreateCompatibleDC (hdc=0x0) returned 0x34010770 [0203.392] GetDIBits (in: hdc=0x34010770, hbm=0x4305016f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0203.392] GetDIBits (in: hdc=0x34010770, hbm=0x4305016f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0203.392] GetDIBits (in: hdc=0x34010770, hbm=0x4305016f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0203.392] GetDIBits (in: hdc=0x34010770, hbm=0x25050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0203.392] WriteFile (in: hFile=0x4e8, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0203.394] WriteFile (in: hFile=0x4e8, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0203.394] WriteFile (in: hFile=0x4e8, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0203.395] WriteFile (in: hFile=0x4e8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0203.395] WriteFile (in: hFile=0x4e8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0203.395] DeleteDC (hdc=0x34010770) returned 1 [0203.395] CloseHandle (hObject=0x4e8) returned 1 [0203.395] DeleteObject (ho=0x4305016f) returned 1 [0203.395] DeleteObject (ho=0x25050771) returned 1 [0203.395] DestroyCursor (hCursor=0x6014d) returned 1 [0203.396] GetCurrentThreadId () returned 0x6f8 [0203.396] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e8 [0203.396] GetFileSize (in: hFile=0x4e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbee30 [0203.400] ReadFile (in: hFile=0x4e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbee30, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xbee30, lpOverlapped=0x0) returned 1 [0203.406] CloseHandle (hObject=0x4e8) returned 1 [0203.406] GetCurrentThreadId () returned 0x6f8 [0203.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe9eca10, dwHighDateTime=0x1d6076c)) [0203.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xfe9eca10, dwHighDateTime=0x1d6076c)) [0203.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xfe9eca10, dwHighDateTime=0x1d6076c)) [0203.543] GetCurrentThreadId () returned 0x6f8 [0203.543] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.543] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.543] GetCurrentThreadId () returned 0x6f8 [0203.543] CreateFileW (lpFileName="gAgE.exe" (normalized: "c:\\windows\\system32\\gage.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.543] CreateFileW (lpFileName="gAgE.exe" (normalized: "c:\\windows\\system32\\gage.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.544] GetCurrentThreadId () returned 0x6f8 [0203.544] GetCurrentThreadId () returned 0x6f8 [0203.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.544] CreateFileW (lpFileName="gAgE.exe" (normalized: "c:\\windows\\system32\\gage.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.544] GetCurrentThreadId () returned 0x6f8 [0203.544] BeginUpdateResourceW (pFileName="gAgE.exe" (normalized: "c:\\windows\\system32\\gage.exe"), bDeleteExistingResources=0) returned 0x0 [0203.544] CreateFileW (lpFileName="oGsg.ico" (normalized: "c:\\windows\\system32\\ogsg.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4e8 [0203.544] GetFileSize (in: hFile=0x4e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0203.544] ReadFile (in: hFile=0x4e8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0203.544] CloseHandle (hObject=0x4e8) returned 1 [0203.544] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0203.544] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0203.544] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0203.545] CopyFileW (lpExistingFileName="gAgE.exe" (normalized: "c:\\windows\\system32\\gage.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), bFailIfExists=0) returned 0 [0203.545] SetNamedSecurityInfoW () returned 0x5 [0203.545] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xaa, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0xaa, lpOverlapped=0x0) returned 1 [0203.545] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0203.545] DeleteFileW (lpFileName="oGsg.ico" (normalized: "c:\\windows\\system32\\ogsg.ico")) returned 1 [0203.546] DeleteFileW (lpFileName="gAgE.exe" (normalized: "c:\\windows\\system32\\gage.exe")) returned 0 [0203.546] GetCurrentThreadId () returned 0x6f8 [0203.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.546] GetCurrentThreadId () returned 0x6f8 [0203.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.546] FindNextFileW (in: hFindFile=0x6a88c8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0203.547] GetCurrentThreadId () returned 0x6f8 [0203.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.547] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 1 [0203.547] GetCurrentThreadId () returned 0x6f8 [0203.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.547] GetCurrentThreadId () returned 0x6f8 [0203.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.547] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8908 [0203.547] GetCurrentThreadId () returned 0x6f8 [0203.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb43670, dwHighDateTime=0x1d6076c)) [0203.547] FindNextFileW (in: hFindFile=0x6a8908, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.549] GetCurrentThreadId () returned 0x6f8 [0203.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.549] FindNextFileW (in: hFindFile=0x6a8908, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0203.549] GetCurrentThreadId () returned 0x6f8 [0203.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.549] GetCurrentThreadId () returned 0x6f8 [0203.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.549] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8948 [0203.549] GetCurrentThreadId () returned 0x6f8 [0203.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.549] FindNextFileW (in: hFindFile=0x6a8948, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.549] GetCurrentThreadId () returned 0x6f8 [0203.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.549] FindNextFileW (in: hFindFile=0x6a8948, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0203.549] GetCurrentThreadId () returned 0x6f8 [0203.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.549] GetCurrentThreadId () returned 0x6f8 [0203.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.550] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8988 [0203.550] GetCurrentThreadId () returned 0x6f8 [0203.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.550] FindNextFileW (in: hFindFile=0x6a8988, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.550] GetCurrentThreadId () returned 0x6f8 [0203.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.550] FindNextFileW (in: hFindFile=0x6a8988, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532ebf00, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x532ebf00, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x532ebf00, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x4b4520, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0203.550] GetCurrentThreadId () returned 0x6f8 [0203.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.550] FindNextFileW (in: hFindFile=0x6a8988, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x4f9b3800, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0203.550] GetCurrentThreadId () returned 0x6f8 [0203.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.550] FindNextFileW (in: hFindFile=0x6a8988, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x4f9b3800, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0203.550] GetCurrentThreadId () returned 0x6f8 [0203.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.550] FindNextFileW (in: hFindFile=0x6a8948, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0203.550] GetCurrentThreadId () returned 0x6f8 [0203.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.550] FindNextFileW (in: hFindFile=0x6a8908, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0203.550] GetCurrentThreadId () returned 0x6f8 [0203.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.551] FindNextFileW (in: hFindFile=0x667cc8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 0 [0203.551] GetCurrentThreadId () returned 0x6f8 [0203.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.551] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0203.551] GetCurrentThreadId () returned 0x6f8 [0203.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.551] GetCurrentThreadId () returned 0x6f8 [0203.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.551] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Start Menu\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0203.551] GetCurrentThreadId () returned 0x6f8 [0203.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.551] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0203.551] GetCurrentThreadId () returned 0x6f8 [0203.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.551] GetCurrentThreadId () returned 0x6f8 [0203.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.551] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Sun\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a89c8 [0203.552] GetCurrentThreadId () returned 0x6f8 [0203.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.552] FindNextFileW (in: hFindFile=0x6a89c8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.552] GetCurrentThreadId () returned 0x6f8 [0203.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.553] FindNextFileW (in: hFindFile=0x6a89c8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0203.553] GetCurrentThreadId () returned 0x6f8 [0203.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.553] GetCurrentThreadId () returned 0x6f8 [0203.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.553] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Sun\\Java\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8a08 [0203.553] GetCurrentThreadId () returned 0x6f8 [0203.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.554] FindNextFileW (in: hFindFile=0x6a8a08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.554] GetCurrentThreadId () returned 0x6f8 [0203.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.554] FindNextFileW (in: hFindFile=0x6a8a08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 1 [0203.554] GetCurrentThreadId () returned 0x6f8 [0203.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.554] GetCurrentThreadId () returned 0x6f8 [0203.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.554] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Sun\\Java\\Java Update\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8a48 [0203.555] GetCurrentThreadId () returned 0x6f8 [0203.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.555] FindNextFileW (in: hFindFile=0x6a8a48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.555] GetCurrentThreadId () returned 0x6f8 [0203.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.555] FindNextFileW (in: hFindFile=0x6a8a48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0x0, dwReserved1=0x0, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 1 [0203.555] GetCurrentThreadId () returned 0x6f8 [0203.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.555] FindNextFileW (in: hFindFile=0x6a8a48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0x0, dwReserved1=0x0, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 0 [0203.555] GetCurrentThreadId () returned 0x6f8 [0203.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.555] FindNextFileW (in: hFindFile=0x6a8a08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 0 [0203.555] GetCurrentThreadId () returned 0x6f8 [0203.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.555] FindNextFileW (in: hFindFile=0x6a89c8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 0 [0203.555] GetCurrentThreadId () returned 0x6f8 [0203.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.555] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0203.555] GetCurrentThreadId () returned 0x6f8 [0203.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.555] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa747c7d0, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0xa747c7d0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa9ca7b10, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0xb0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vgYI.txt", cAlternateFileName="")) returned 1 [0203.555] GetCurrentThreadId () returned 0x6f8 [0203.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.555] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xa30330b0, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0xa36bed30, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa36bed30, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VWcUEoYI", cAlternateFileName="")) returned 1 [0203.555] GetCurrentThreadId () returned 0x6f8 [0203.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.555] GetCurrentThreadId () returned 0x6f8 [0203.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.555] FindFirstFileW (in: lpFileName="C:\\ProgramData\\VWcUEoYI\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0203.556] GetCurrentThreadId () returned 0x6f8 [0203.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.556] FindNextFileW (in: hFindFile=0x5feba8, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xa30330b0, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0xa36bed30, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa36bed30, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VWcUEoYI", cAlternateFileName="")) returned 0 [0203.556] GetCurrentThreadId () returned 0x6f8 [0203.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.556] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0203.556] GetCurrentThreadId () returned 0x6f8 [0203.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.556] GetCurrentThreadId () returned 0x6f8 [0203.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.556] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0203.557] GetCurrentThreadId () returned 0x6f8 [0203.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.557] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0203.557] GetCurrentThreadId () returned 0x6f8 [0203.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.557] GetCurrentThreadId () returned 0x6f8 [0203.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.557] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0203.557] GetCurrentThreadId () returned 0x6f8 [0203.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.557] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0203.557] GetCurrentThreadId () returned 0x6f8 [0203.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.557] GetCurrentThreadId () returned 0x6f8 [0203.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.557] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8a88 [0203.557] GetCurrentThreadId () returned 0x6f8 [0203.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.557] FindNextFileW (in: hFindFile=0x6a8a88, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.557] GetCurrentThreadId () returned 0x6f8 [0203.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.557] FindNextFileW (in: hFindFile=0x6a8a88, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa175ab10, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa175ab10, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0203.557] GetCurrentThreadId () returned 0x6f8 [0203.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.558] GetCurrentThreadId () returned 0x6f8 [0203.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa175ab10, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa175ab10, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8ac8 [0203.558] GetCurrentThreadId () returned 0x6f8 [0203.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.558] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa175ab10, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa175ab10, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.558] GetCurrentThreadId () returned 0x6f8 [0203.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.558] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0203.558] GetCurrentThreadId () returned 0x6f8 [0203.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.558] GetCurrentThreadId () returned 0x6f8 [0203.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8b08 [0203.558] GetCurrentThreadId () returned 0x6f8 [0203.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.558] FindNextFileW (in: hFindFile=0x6a8b08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.558] GetCurrentThreadId () returned 0x6f8 [0203.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.558] FindNextFileW (in: hFindFile=0x6a8b08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0203.558] GetCurrentThreadId () returned 0x6f8 [0203.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.558] GetCurrentThreadId () returned 0x6f8 [0203.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8b48 [0203.559] GetCurrentThreadId () returned 0x6f8 [0203.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.559] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.559] GetCurrentThreadId () returned 0x6f8 [0203.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.559] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0203.559] GetCurrentThreadId () returned 0x6f8 [0203.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.559] GetCurrentThreadId () returned 0x6f8 [0203.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.559] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8b88 [0203.560] GetCurrentThreadId () returned 0x6f8 [0203.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.560] FindNextFileW (in: hFindFile=0x6a8b88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.560] GetCurrentThreadId () returned 0x6f8 [0203.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.560] FindNextFileW (in: hFindFile=0x6a8b88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0203.560] GetCurrentThreadId () returned 0x6f8 [0203.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.560] GetCurrentThreadId () returned 0x6f8 [0203.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.560] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8bc8 [0203.560] GetCurrentThreadId () returned 0x6f8 [0203.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.560] FindNextFileW (in: hFindFile=0x6a8bc8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.560] GetCurrentThreadId () returned 0x6f8 [0203.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.560] FindNextFileW (in: hFindFile=0x6a8bc8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0203.560] GetCurrentThreadId () returned 0x6f8 [0203.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.560] GetCurrentThreadId () returned 0x6f8 [0203.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.561] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8c08 [0203.577] GetCurrentThreadId () returned 0x6f8 [0203.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfeb8f930, dwHighDateTime=0x1d6076c)) [0203.578] FindNextFileW (in: hFindFile=0x6a8c08, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.578] GetCurrentThreadId () returned 0x6f8 [0203.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfeb8f930, dwHighDateTime=0x1d6076c)) [0203.578] FindNextFileW (in: hFindFile=0x6a8c08, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCMapFnt10.lst", cAlternateFileName="ADOBEC~1.LST")) returned 1 [0203.578] GetCurrentThreadId () returned 0x6f8 [0203.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfeb8f930, dwHighDateTime=0x1d6076c)) [0203.578] FindNextFileW (in: hFindFile=0x6a8c08, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeSysFnt10.lst", cAlternateFileName="ADOBES~1.LST")) returned 1 [0203.578] GetCurrentThreadId () returned 0x6f8 [0203.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfeb8f930, dwHighDateTime=0x1d6076c)) [0203.578] FindNextFileW (in: hFindFile=0x6a8c08, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0203.578] GetCurrentThreadId () returned 0x6f8 [0203.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfeb8f930, dwHighDateTime=0x1d6076c)) [0203.578] GetCurrentThreadId () returned 0x6f8 [0203.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfeb8f930, dwHighDateTime=0x1d6076c)) [0203.578] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8c48 [0203.579] GetCurrentThreadId () returned 0x6f8 [0203.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.579] FindNextFileW (in: hFindFile=0x6a8c48, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.579] GetCurrentThreadId () returned 0x6f8 [0203.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.579] FindNextFileW (in: hFindFile=0x6a8c48, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 1 [0203.579] GetCurrentThreadId () returned 0x6f8 [0203.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.579] FindNextFileW (in: hFindFile=0x6a8c48, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 0 [0203.579] GetCurrentThreadId () returned 0x6f8 [0203.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.579] FindNextFileW (in: hFindFile=0x6a8c08, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3b286a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd3b286a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xee0c3750, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharedDataEvents", cAlternateFileName="SHARED~1")) returned 1 [0203.579] GetCurrentThreadId () returned 0x6f8 [0203.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.579] FindNextFileW (in: hFindFile=0x6a8c08, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 1 [0203.579] GetCurrentThreadId () returned 0x6f8 [0203.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.579] FindNextFileW (in: hFindFile=0x6a8c08, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 0 [0203.580] GetCurrentThreadId () returned 0x6f8 [0203.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.580] FindNextFileW (in: hFindFile=0x6a8bc8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 0 [0203.580] GetCurrentThreadId () returned 0x6f8 [0203.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.580] FindNextFileW (in: hFindFile=0x6a8b88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 1 [0203.580] GetCurrentThreadId () returned 0x6f8 [0203.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.580] GetCurrentThreadId () returned 0x6f8 [0203.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.580] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8c88 [0203.580] GetCurrentThreadId () returned 0x6f8 [0203.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.580] FindNextFileW (in: hFindFile=0x6a8c88, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.580] GetCurrentThreadId () returned 0x6f8 [0203.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.580] FindNextFileW (in: hFindFile=0x6a8c88, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce719dc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x49c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACECache11.lst", cAlternateFileName="ACECAC~1.LST")) returned 1 [0203.580] GetCurrentThreadId () returned 0x6f8 [0203.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.580] FindNextFileW (in: hFindFile=0x6a8c88, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0203.580] GetCurrentThreadId () returned 0x6f8 [0203.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.580] GetCurrentThreadId () returned 0x6f8 [0203.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.581] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8cc8 [0203.581] GetCurrentThreadId () returned 0x6f8 [0203.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.581] FindNextFileW (in: hFindFile=0x6a8cc8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.582] GetCurrentThreadId () returned 0x6f8 [0203.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.582] FindNextFileW (in: hFindFile=0x6a8cc8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x102a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wscRGB.icc", cAlternateFileName="")) returned 1 [0203.582] GetCurrentThreadId () returned 0x6f8 [0203.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.582] FindNextFileW (in: hFindFile=0x6a8cc8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0x0, dwReserved1=0x0, cFileName="wsRGB.icc", cAlternateFileName="")) returned 1 [0203.582] GetCurrentThreadId () returned 0x6f8 [0203.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.582] FindNextFileW (in: hFindFile=0x6a8cc8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0x0, dwReserved1=0x0, cFileName="wsRGB.icc", cAlternateFileName="")) returned 0 [0203.582] GetCurrentThreadId () returned 0x6f8 [0203.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.582] FindNextFileW (in: hFindFile=0x6a8c88, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 0 [0203.582] GetCurrentThreadId () returned 0x6f8 [0203.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.582] FindNextFileW (in: hFindFile=0x6a8b88, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 0 [0203.582] GetCurrentThreadId () returned 0x6f8 [0203.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.582] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0203.582] GetCurrentThreadId () returned 0x6f8 [0203.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.583] GetCurrentThreadId () returned 0x6f8 [0203.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.583] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0203.583] GetCurrentThreadId () returned 0x6f8 [0203.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.583] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 1 [0203.583] GetCurrentThreadId () returned 0x6f8 [0203.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.583] GetCurrentThreadId () returned 0x6f8 [0203.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.583] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8d08 [0203.584] GetCurrentThreadId () returned 0x6f8 [0203.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.584] FindNextFileW (in: hFindFile=0x6a8d08, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.584] GetCurrentThreadId () returned 0x6f8 [0203.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.584] FindNextFileW (in: hFindFile=0x6a8d08, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2.0", cAlternateFileName="")) returned 1 [0203.584] GetCurrentThreadId () returned 0x6f8 [0203.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.584] GetCurrentThreadId () returned 0x6f8 [0203.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.584] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8d48 [0203.585] GetCurrentThreadId () returned 0x6f8 [0203.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.585] FindNextFileW (in: hFindFile=0x6a8d48, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.585] GetCurrentThreadId () returned 0x6f8 [0203.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.585] FindNextFileW (in: hFindFile=0x6a8d48, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0203.585] GetCurrentThreadId () returned 0x6f8 [0203.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.585] GetCurrentThreadId () returned 0x6f8 [0203.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.585] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8d88 [0203.586] GetCurrentThreadId () returned 0x6f8 [0203.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.586] FindNextFileW (in: hFindFile=0x6a8d88, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.587] GetCurrentThreadId () returned 0x6f8 [0203.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.587] FindNextFileW (in: hFindFile=0x6a8d88, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CJW3O3KP.BX7", cAlternateFileName="")) returned 1 [0203.587] GetCurrentThreadId () returned 0x6f8 [0203.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.587] GetCurrentThreadId () returned 0x6f8 [0203.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.587] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8dc8 [0203.587] GetCurrentThreadId () returned 0x6f8 [0203.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.587] FindNextFileW (in: hFindFile=0x6a8dc8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.587] GetCurrentThreadId () returned 0x6f8 [0203.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.587] FindNextFileW (in: hFindFile=0x6a8dc8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6NG60CXZ.9GJ", cAlternateFileName="")) returned 1 [0203.587] GetCurrentThreadId () returned 0x6f8 [0203.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.587] GetCurrentThreadId () returned 0x6f8 [0203.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.587] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8e08 [0203.588] GetCurrentThreadId () returned 0x6f8 [0203.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.588] FindNextFileW (in: hFindFile=0x6a8e08, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.588] GetCurrentThreadId () returned 0x6f8 [0203.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.588] FindNextFileW (in: hFindFile=0x6a8e08, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0203.588] GetCurrentThreadId () returned 0x6f8 [0203.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.588] GetCurrentThreadId () returned 0x6f8 [0203.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.589] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8e48 [0203.590] GetCurrentThreadId () returned 0x6f8 [0203.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.590] FindNextFileW (in: hFindFile=0x6a8e48, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.590] GetCurrentThreadId () returned 0x6f8 [0203.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.590] FindNextFileW (in: hFindFile=0x6a8e48, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0203.591] GetCurrentThreadId () returned 0x6f8 [0203.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.591] GetCurrentThreadId () returned 0x6f8 [0203.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.591] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8e88 [0203.592] GetCurrentThreadId () returned 0x6f8 [0203.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.592] FindNextFileW (in: hFindFile=0x6a8e88, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.592] GetCurrentThreadId () returned 0x6f8 [0203.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.592] FindNextFileW (in: hFindFile=0x6a8e88, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0203.592] GetCurrentThreadId () returned 0x6f8 [0203.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.592] FindNextFileW (in: hFindFile=0x6a8e48, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 0 [0203.592] GetCurrentThreadId () returned 0x6f8 [0203.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.592] FindNextFileW (in: hFindFile=0x6a8e08, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 0 [0203.592] GetCurrentThreadId () returned 0x6f8 [0203.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.592] FindNextFileW (in: hFindFile=0x6a8dc8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6NG60CXZ.9GJ", cAlternateFileName="")) returned 0 [0203.592] GetCurrentThreadId () returned 0x6f8 [0203.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.592] FindNextFileW (in: hFindFile=0x6a8d88, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CJW3O3KP.BX7", cAlternateFileName="")) returned 0 [0203.592] GetCurrentThreadId () returned 0x6f8 [0203.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.592] FindNextFileW (in: hFindFile=0x6a8d48, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DQQ19BCJ.JAX", cAlternateFileName="")) returned 1 [0203.592] GetCurrentThreadId () returned 0x6f8 [0203.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.592] GetCurrentThreadId () returned 0x6f8 [0203.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.592] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8ec8 [0203.593] GetCurrentThreadId () returned 0x6f8 [0203.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.593] FindNextFileW (in: hFindFile=0x6a8ec8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.593] GetCurrentThreadId () returned 0x6f8 [0203.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.593] FindNextFileW (in: hFindFile=0x6a8ec8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YVORLGOR.PNT", cAlternateFileName="")) returned 1 [0203.593] GetCurrentThreadId () returned 0x6f8 [0203.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.593] GetCurrentThreadId () returned 0x6f8 [0203.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfebb5a90, dwHighDateTime=0x1d6076c)) [0203.593] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8f08 [0203.729] GetCurrentThreadId () returned 0x6f8 [0203.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfed0c6f0, dwHighDateTime=0x1d6076c)) [0203.729] FindNextFileW (in: hFindFile=0x6a8f08, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.729] GetCurrentThreadId () returned 0x6f8 [0203.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfed0c6f0, dwHighDateTime=0x1d6076c)) [0203.729] FindNextFileW (in: hFindFile=0x6a8f08, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", cAlternateFileName="CLICEX~1.000")) returned 1 [0203.729] GetCurrentThreadId () returned 0x6f8 [0203.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfed0c6f0, dwHighDateTime=0x1d6076c)) [0203.729] GetCurrentThreadId () returned 0x6f8 [0203.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfed0c6f0, dwHighDateTime=0x1d6076c)) [0203.729] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8f48 [0203.731] GetCurrentThreadId () returned 0x6f8 [0203.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfed0c6f0, dwHighDateTime=0x1d6076c)) [0203.731] FindNextFileW (in: hFindFile=0x6a8f48, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.731] GetCurrentThreadId () returned 0x6f8 [0203.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfed0c6f0, dwHighDateTime=0x1d6076c)) [0203.731] FindNextFileW (in: hFindFile=0x6a8f48, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="GOOGLE~1.EXE")) returned 1 [0203.731] GetCurrentThreadId () returned 0x6f8 [0203.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e39c | out: lpSystemTimeAsFileTime=0x4e4e39c*(dwLowDateTime=0xfed0c6f0, dwHighDateTime=0x1d6076c)) [0203.731] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe")) returned 0x20 [0203.731] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", dwFileAttributes=0x80) returned 1 [0203.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550 [0203.732] GetFileSize (in: hFile=0x550, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x113f58 [0203.737] ReadFile (in: hFile=0x550, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4e374, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e374*=0x100000, lpOverlapped=0x0) returned 1 [0203.752] ReadFile (in: hFile=0x550, lpBuffer=0x57a0000, nNumberOfBytesToRead=0x13f58, lpNumberOfBytesRead=0x4e4e374, lpOverlapped=0x0 | out: lpBuffer=0x57a0000*, lpNumberOfBytesRead=0x4e4e374*=0x13f58, lpOverlapped=0x0) returned 1 [0203.763] GetCurrentThreadId () returned 0x6f8 [0203.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2fc | out: lpSystemTimeAsFileTime=0x4e4e2fc*(dwLowDateTime=0xfed589b0, dwHighDateTime=0x1d6076c)) [0203.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2fc | out: lpSystemTimeAsFileTime=0x4e4e2fc*(dwLowDateTime=0xfed589b0, dwHighDateTime=0x1d6076c)) [0203.763] GetCurrentThreadId () returned 0x6f8 [0203.771] ExtractIconExW (in: lpszFile="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", nIconIndex=0, phiconLarge=0x4e4e364, phiconSmall=0x4e4e360, nIcons=0x1 | out: phiconLarge=0x4e4e364, phiconSmall=0x4e4e360) returned 0x2 [0203.787] DestroyCursor (hCursor=0x7014d) returned 1 [0203.787] DestroyCursor (hCursor=0x9010f) returned 1 [0203.787] CloseHandle (hObject=0x550) returned 1 [0203.787] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", dwFileAttributes=0x20) returned 1 [0203.788] GetCurrentThreadId () returned 0x6f8 [0203.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4da54 | out: lpSystemTimeAsFileTime=0x4e4da54*(dwLowDateTime=0xfeda4c70, dwHighDateTime=0x1d6076c)) [0203.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4da54 | out: lpSystemTimeAsFileTime=0x4e4da54*(dwLowDateTime=0xfeda4c70, dwHighDateTime=0x1d6076c)) [0203.788] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", piIcon=0x4e4e380 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", piIcon=0x4e4e380) returned 0xa010f [0203.789] GetIconInfo (in: hIcon=0xa010f, piconinfo=0x4e4e36c | out: piconinfo=0x4e4e36c) returned 1 [0203.790] CreateFileW (lpFileName="AsII.ico" (normalized: "c:\\windows\\system32\\asii.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550 [0203.790] GetObjectA (in: h=0x700501fe, c=24, pv=0x4e4e330 | out: pv=0x4e4e330) returned 24 [0203.790] GetObjectA (in: h=0x3b050770, c=24, pv=0x4e4e348 | out: pv=0x4e4e348) returned 24 [0203.790] CreateCompatibleDC (hdc=0x0) returned 0x9e0101ca [0203.790] GetDIBits (in: hdc=0x9e0101ca, hbm=0x700501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dee0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dee0) returned 1 [0203.791] GetDIBits (in: hdc=0x9e0101ca, hbm=0x700501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4dee0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4dee0) returned 32 [0203.791] GetDIBits (in: hdc=0x9e0101ca, hbm=0x700501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dab8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dab8) returned 1 [0203.791] GetDIBits (in: hdc=0x9e0101ca, hbm=0x3b050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4dab8, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4dab8) returned 32 [0203.791] WriteFile (in: hFile=0x550, lpBuffer=0x4e4da98*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4da98*, lpNumberOfBytesWritten=0x4e4da80*=0x6, lpOverlapped=0x0) returned 1 [0203.792] WriteFile (in: hFile=0x550, lpBuffer=0x4e4da88*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4da88*, lpNumberOfBytesWritten=0x4e4da80*=0x10, lpOverlapped=0x0) returned 1 [0203.792] WriteFile (in: hFile=0x550, lpBuffer=0x4e4e308*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4e308*, lpNumberOfBytesWritten=0x4e4da80*=0x28, lpOverlapped=0x0) returned 1 [0203.792] WriteFile (in: hFile=0x550, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4da80*=0x1000, lpOverlapped=0x0) returned 1 [0203.793] WriteFile (in: hFile=0x550, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4da80*=0x80, lpOverlapped=0x0) returned 1 [0203.793] DeleteDC (hdc=0x9e0101ca) returned 1 [0203.793] CloseHandle (hObject=0x550) returned 1 [0203.796] DeleteObject (ho=0x700501fe) returned 1 [0203.796] DeleteObject (ho=0x3b050770) returned 1 [0203.796] DestroyCursor (hCursor=0xa010f) returned 1 [0203.796] GetCurrentThreadId () returned 0x6f8 [0203.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550 [0203.796] GetFileSize (in: hFile=0x550, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x113f58 [0203.801] ReadFile (in: hFile=0x550, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4e66c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e66c*=0x100000, lpOverlapped=0x0) returned 1 [0203.809] ReadFile (in: hFile=0x550, lpBuffer=0x57a0000, nNumberOfBytesToRead=0x13f58, lpNumberOfBytesRead=0x4e4e66c, lpOverlapped=0x0 | out: lpBuffer=0x57a0000*, lpNumberOfBytesRead=0x4e4e66c*=0x13f58, lpOverlapped=0x0) returned 1 [0203.821] CloseHandle (hObject=0x550) returned 1 [0203.821] GetCurrentThreadId () returned 0x6f8 [0203.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2cc | out: lpSystemTimeAsFileTime=0x4e4e2cc*(dwLowDateTime=0xfedf0f30, dwHighDateTime=0x1d6076c)) [0203.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2cc | out: lpSystemTimeAsFileTime=0x4e4e2cc*(dwLowDateTime=0xfedf0f30, dwHighDateTime=0x1d6076c)) [0203.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2e8 | out: lpSystemTimeAsFileTime=0x4e4e2e8*(dwLowDateTime=0xfedf0f30, dwHighDateTime=0x1d6076c)) [0203.938] GetCurrentThreadId () returned 0x6f8 [0203.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e29c | out: lpSystemTimeAsFileTime=0x4e4e29c*(dwLowDateTime=0xfef21a30, dwHighDateTime=0x1d6076c)) [0203.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e29c | out: lpSystemTimeAsFileTime=0x4e4e29c*(dwLowDateTime=0xfef21a30, dwHighDateTime=0x1d6076c)) [0203.938] GetCurrentThreadId () returned 0x6f8 [0203.938] CreateFileW (lpFileName="WEAI.exe" (normalized: "c:\\windows\\system32\\weai.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.959] CreateFileW (lpFileName="WEAI.exe" (normalized: "c:\\windows\\system32\\weai.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.960] GetCurrentThreadId () returned 0x6f8 [0203.960] GetCurrentThreadId () returned 0x6f8 [0203.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e35c | out: lpSystemTimeAsFileTime=0x4e4e35c*(dwLowDateTime=0xfef47b90, dwHighDateTime=0x1d6076c)) [0203.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e35c | out: lpSystemTimeAsFileTime=0x4e4e35c*(dwLowDateTime=0xfef47b90, dwHighDateTime=0x1d6076c)) [0203.960] CreateFileW (lpFileName="WEAI.exe" (normalized: "c:\\windows\\system32\\weai.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.960] GetCurrentThreadId () returned 0x6f8 [0203.960] BeginUpdateResourceW (pFileName="WEAI.exe" (normalized: "c:\\windows\\system32\\weai.exe"), bDeleteExistingResources=0) returned 0x0 [0203.960] CreateFileW (lpFileName="AsII.ico" (normalized: "c:\\windows\\system32\\asii.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x550 [0203.960] GetFileSize (in: hFile=0x550, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0203.961] ReadFile (in: hFile=0x550, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4e380, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4e380*=0x10be, lpOverlapped=0x0) returned 1 [0203.961] CloseHandle (hObject=0x550) returned 1 [0203.961] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0203.961] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4e36c, cb=0x14) returned 0 [0203.961] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0203.961] CopyFileW (lpExistingFileName="WEAI.exe" (normalized: "c:\\windows\\system32\\weai.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), bFailIfExists=0) returned 0 [0203.961] SetNamedSecurityInfoW () returned 0x0 [0203.963] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x4e4e3c4, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e3c4*=0x140, lpOverlapped=0x0) returned 1 [0203.963] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4e3c4, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4e3c4*=0x4, lpOverlapped=0x0) returned 1 [0203.963] DeleteFileW (lpFileName="AsII.ico" (normalized: "c:\\windows\\system32\\asii.ico")) returned 1 [0203.964] DeleteFileW (lpFileName="WEAI.exe" (normalized: "c:\\windows\\system32\\weai.exe")) returned 0 [0203.964] GetCurrentThreadId () returned 0x6f8 [0203.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e374 | out: lpSystemTimeAsFileTime=0x4e4e374*(dwLowDateTime=0xfef47b90, dwHighDateTime=0x1d6076c)) [0203.964] GetCurrentThreadId () returned 0x6f8 [0203.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfef47b90, dwHighDateTime=0x1d6076c)) [0203.965] FindNextFileW (in: hFindFile=0x6a8f48, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="GOOGLE~1.EXE")) returned 0 [0203.965] GetCurrentThreadId () returned 0x6f8 [0203.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xfef47b90, dwHighDateTime=0x1d6076c)) [0203.965] FindNextFileW (in: hFindFile=0x6a8f08, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0203.965] GetCurrentThreadId () returned 0x6f8 [0203.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfef47b90, dwHighDateTime=0x1d6076c)) [0203.965] GetCurrentThreadId () returned 0x6f8 [0203.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfef47b90, dwHighDateTime=0x1d6076c)) [0203.965] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8f88 [0203.973] GetCurrentThreadId () returned 0x6f8 [0203.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfef6dcf0, dwHighDateTime=0x1d6076c)) [0203.973] FindNextFileW (in: hFindFile=0x6a8f88, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.973] GetCurrentThreadId () returned 0x6f8 [0203.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfef6dcf0, dwHighDateTime=0x1d6076c)) [0203.973] FindNextFileW (in: hFindFile=0x6a8f88, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a307ea0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe", cAlternateFileName="CLICKO~1.EXE")) returned 1 [0203.973] GetCurrentThreadId () returned 0x6f8 [0203.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e39c | out: lpSystemTimeAsFileTime=0x4e4e39c*(dwLowDateTime=0xfef6dcf0, dwHighDateTime=0x1d6076c)) [0203.973] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe")) returned 0x80 [0203.974] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", dwFileAttributes=0x80) returned 1 [0203.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0203.974] GetFileSize (in: hFile=0x554, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3c50 [0203.979] ReadFile (in: hFile=0x554, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x3c50, lpNumberOfBytesRead=0x4e4e374, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e374*=0x3c50, lpOverlapped=0x0) returned 1 [0203.981] GetCurrentThreadId () returned 0x6f8 [0203.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2fc | out: lpSystemTimeAsFileTime=0x4e4e2fc*(dwLowDateTime=0xfef6dcf0, dwHighDateTime=0x1d6076c)) [0203.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2fc | out: lpSystemTimeAsFileTime=0x4e4e2fc*(dwLowDateTime=0xfef6dcf0, dwHighDateTime=0x1d6076c)) [0203.981] GetCurrentThreadId () returned 0x6f8 [0203.982] ExtractIconExW (in: lpszFile="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", nIconIndex=0, phiconLarge=0x4e4e364, phiconSmall=0x4e4e360, nIcons=0x1 | out: phiconLarge=0x4e4e364, phiconSmall=0x4e4e360) returned 0x0 [0203.984] CloseHandle (hObject=0x554) returned 1 [0203.984] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", dwFileAttributes=0x80) returned 1 [0203.986] CloseHandle (hObject=0x4e4e69c) returned 0 [0203.986] GetCurrentThreadId () returned 0x6f8 [0203.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e374 | out: lpSystemTimeAsFileTime=0x4e4e374*(dwLowDateTime=0xfef93e50, dwHighDateTime=0x1d6076c)) [0203.986] GetCurrentThreadId () returned 0x6f8 [0203.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfef93e50, dwHighDateTime=0x1d6076c)) [0203.986] FindNextFileW (in: hFindFile=0x6a8f88, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe.cdf-ms", cAlternateFileName="")) returned 1 [0203.986] GetCurrentThreadId () returned 0x6f8 [0203.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfef93e50, dwHighDateTime=0x1d6076c)) [0203.986] FindNextFileW (in: hFindFile=0x6a8f88, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe.manifest", cAlternateFileName="")) returned 1 [0203.986] GetCurrentThreadId () returned 0x6f8 [0203.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfef93e50, dwHighDateTime=0x1d6076c)) [0203.986] FindNextFileW (in: hFindFile=0x6a8f88, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap_unsigned.cdf-ms", cAlternateFileName="CLICKO~1.CDF")) returned 1 [0203.986] GetCurrentThreadId () returned 0x6f8 [0203.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfef93e50, dwHighDateTime=0x1d6076c)) [0203.987] FindNextFileW (in: hFindFile=0x6a8f88, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap_unsigned.manifest", cAlternateFileName="CLICKO~1.MAN")) returned 1 [0203.987] GetCurrentThreadId () returned 0x6f8 [0203.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xfef93e50, dwHighDateTime=0x1d6076c)) [0203.987] FindNextFileW (in: hFindFile=0x6a8f88, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="")) returned 1 [0203.987] GetCurrentThreadId () returned 0x6f8 [0203.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e39c | out: lpSystemTimeAsFileTime=0x4e4e39c*(dwLowDateTime=0xfef93e50, dwHighDateTime=0x1d6076c)) [0203.987] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe")) returned 0x20 [0203.987] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", dwFileAttributes=0x80) returned 1 [0203.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0203.988] GetFileSize (in: hFile=0x554, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x113f58 [0203.992] ReadFile (in: hFile=0x554, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4e374, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e374*=0x100000, lpOverlapped=0x0) returned 1 [0204.000] ReadFile (in: hFile=0x554, lpBuffer=0x57a0000, nNumberOfBytesToRead=0x13f58, lpNumberOfBytesRead=0x4e4e374, lpOverlapped=0x0 | out: lpBuffer=0x57a0000*, lpNumberOfBytesRead=0x4e4e374*=0x13f58, lpOverlapped=0x0) returned 1 [0204.000] GetCurrentThreadId () returned 0x6f8 [0204.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2fc | out: lpSystemTimeAsFileTime=0x4e4e2fc*(dwLowDateTime=0xfef93e50, dwHighDateTime=0x1d6076c)) [0204.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2fc | out: lpSystemTimeAsFileTime=0x4e4e2fc*(dwLowDateTime=0xfef93e50, dwHighDateTime=0x1d6076c)) [0204.000] GetCurrentThreadId () returned 0x6f8 [0204.007] ExtractIconExW (in: lpszFile="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", nIconIndex=0, phiconLarge=0x4e4e364, phiconSmall=0x4e4e360, nIcons=0x1 | out: phiconLarge=0x4e4e364, phiconSmall=0x4e4e360) returned 0x2 [0204.022] DestroyCursor (hCursor=0xb010f) returned 1 [0204.022] DestroyCursor (hCursor=0x8014d) returned 1 [0204.022] CloseHandle (hObject=0x554) returned 1 [0204.022] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", dwFileAttributes=0x20) returned 1 [0204.022] GetCurrentThreadId () returned 0x6f8 [0204.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4da54 | out: lpSystemTimeAsFileTime=0x4e4da54*(dwLowDateTime=0xfefe0110, dwHighDateTime=0x1d6076c)) [0204.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4da54 | out: lpSystemTimeAsFileTime=0x4e4da54*(dwLowDateTime=0xfefe0110, dwHighDateTime=0x1d6076c)) [0204.022] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", piIcon=0x4e4e380 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", piIcon=0x4e4e380) returned 0x9014d [0204.024] GetIconInfo (in: hIcon=0x9014d, piconinfo=0x4e4e36c | out: piconinfo=0x4e4e36c) returned 1 [0204.024] CreateFileW (lpFileName="UeEg.ico" (normalized: "c:\\windows\\system32\\ueeg.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0204.025] GetObjectA (in: h=0x31050771, c=24, pv=0x4e4e330 | out: pv=0x4e4e330) returned 24 [0204.025] GetObjectA (in: h=0xa50501ca, c=24, pv=0x4e4e348 | out: pv=0x4e4e348) returned 24 [0204.025] CreateCompatibleDC (hdc=0x0) returned 0x4e01016f [0204.025] GetDIBits (in: hdc=0x4e01016f, hbm=0x31050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dee0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dee0) returned 1 [0204.025] GetDIBits (in: hdc=0x4e01016f, hbm=0x31050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4dee0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4dee0) returned 32 [0204.025] GetDIBits (in: hdc=0x4e01016f, hbm=0x31050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dab8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dab8) returned 1 [0204.025] GetDIBits (in: hdc=0x4e01016f, hbm=0xa50501ca, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4dab8, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4dab8) returned 32 [0204.025] WriteFile (in: hFile=0x554, lpBuffer=0x4e4da98*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4da98*, lpNumberOfBytesWritten=0x4e4da80*=0x6, lpOverlapped=0x0) returned 1 [0204.026] WriteFile (in: hFile=0x554, lpBuffer=0x4e4da88*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4da88*, lpNumberOfBytesWritten=0x4e4da80*=0x10, lpOverlapped=0x0) returned 1 [0204.027] WriteFile (in: hFile=0x554, lpBuffer=0x4e4e308*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4e308*, lpNumberOfBytesWritten=0x4e4da80*=0x28, lpOverlapped=0x0) returned 1 [0204.027] WriteFile (in: hFile=0x554, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4da80*=0x1000, lpOverlapped=0x0) returned 1 [0204.027] WriteFile (in: hFile=0x554, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4da80*=0x80, lpOverlapped=0x0) returned 1 [0204.027] DeleteDC (hdc=0x4e01016f) returned 1 [0204.027] CloseHandle (hObject=0x554) returned 1 [0204.027] DeleteObject (ho=0x31050771) returned 1 [0204.027] DeleteObject (ho=0xa50501ca) returned 1 [0204.028] DestroyCursor (hCursor=0x9014d) returned 1 [0204.028] GetCurrentThreadId () returned 0x6f8 [0204.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0204.028] GetFileSize (in: hFile=0x554, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x113f58 [0204.033] ReadFile (in: hFile=0x554, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4e66c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e66c*=0x100000, lpOverlapped=0x0) returned 1 [0204.040] ReadFile (in: hFile=0x554, lpBuffer=0x57a0000, nNumberOfBytesToRead=0x13f58, lpNumberOfBytesRead=0x4e4e66c, lpOverlapped=0x0 | out: lpBuffer=0x57a0000*, lpNumberOfBytesRead=0x4e4e66c*=0x13f58, lpOverlapped=0x0) returned 1 [0204.053] CloseHandle (hObject=0x554) returned 1 [0204.053] GetCurrentThreadId () returned 0x6f8 [0204.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2cc | out: lpSystemTimeAsFileTime=0x4e4e2cc*(dwLowDateTime=0xff02c3d0, dwHighDateTime=0x1d6076c)) [0204.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2cc | out: lpSystemTimeAsFileTime=0x4e4e2cc*(dwLowDateTime=0xff02c3d0, dwHighDateTime=0x1d6076c)) [0204.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2e8 | out: lpSystemTimeAsFileTime=0x4e4e2e8*(dwLowDateTime=0xff02c3d0, dwHighDateTime=0x1d6076c)) [0204.255] GetCurrentThreadId () returned 0x6f8 [0204.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e29c | out: lpSystemTimeAsFileTime=0x4e4e29c*(dwLowDateTime=0xff21b5b0, dwHighDateTime=0x1d6076c)) [0204.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e29c | out: lpSystemTimeAsFileTime=0x4e4e29c*(dwLowDateTime=0xff21b5b0, dwHighDateTime=0x1d6076c)) [0204.255] GetCurrentThreadId () returned 0x6f8 [0204.255] CreateFileW (lpFileName="UUkA.exe" (normalized: "c:\\windows\\system32\\uuka.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0204.256] CreateFileW (lpFileName="UUkA.exe" (normalized: "c:\\windows\\system32\\uuka.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0204.256] GetCurrentThreadId () returned 0x6f8 [0204.256] GetCurrentThreadId () returned 0x6f8 [0204.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e35c | out: lpSystemTimeAsFileTime=0x4e4e35c*(dwLowDateTime=0xff21b5b0, dwHighDateTime=0x1d6076c)) [0204.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e35c | out: lpSystemTimeAsFileTime=0x4e4e35c*(dwLowDateTime=0xff21b5b0, dwHighDateTime=0x1d6076c)) [0204.256] CreateFileW (lpFileName="UUkA.exe" (normalized: "c:\\windows\\system32\\uuka.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0204.256] GetCurrentThreadId () returned 0x6f8 [0204.256] BeginUpdateResourceW (pFileName="UUkA.exe" (normalized: "c:\\windows\\system32\\uuka.exe"), bDeleteExistingResources=0) returned 0x0 [0204.256] CreateFileW (lpFileName="UeEg.ico" (normalized: "c:\\windows\\system32\\ueeg.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x554 [0204.257] GetFileSize (in: hFile=0x554, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0204.257] ReadFile (in: hFile=0x554, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4e380, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4e380*=0x10be, lpOverlapped=0x0) returned 1 [0204.258] CloseHandle (hObject=0x554) returned 1 [0204.258] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0204.258] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4e36c, cb=0x14) returned 0 [0204.258] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0204.258] CopyFileW (lpExistingFileName="UUkA.exe" (normalized: "c:\\windows\\system32\\uuka.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), bFailIfExists=0) returned 0 [0204.258] SetNamedSecurityInfoW () returned 0x0 [0204.259] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x136, lpNumberOfBytesWritten=0x4e4e3c4, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e3c4*=0x136, lpOverlapped=0x0) returned 1 [0204.260] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4e3c4, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4e3c4*=0x4, lpOverlapped=0x0) returned 1 [0204.260] DeleteFileW (lpFileName="UeEg.ico" (normalized: "c:\\windows\\system32\\ueeg.ico")) returned 1 [0204.261] DeleteFileW (lpFileName="UUkA.exe" (normalized: "c:\\windows\\system32\\uuka.exe")) returned 0 [0204.261] GetCurrentThreadId () returned 0x6f8 [0204.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e374 | out: lpSystemTimeAsFileTime=0x4e4e374*(dwLowDateTime=0xff21b5b0, dwHighDateTime=0x1d6076c)) [0204.261] GetCurrentThreadId () returned 0x6f8 [0204.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff21b5b0, dwHighDateTime=0x1d6076c)) [0204.261] FindNextFileW (in: hFindFile=0x6a8f88, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="")) returned 0 [0204.261] GetCurrentThreadId () returned 0x6f8 [0204.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff21b5b0, dwHighDateTime=0x1d6076c)) [0204.261] FindNextFileW (in: hFindFile=0x6a8f08, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifests", cAlternateFileName="MANIFE~1")) returned 1 [0204.262] GetCurrentThreadId () returned 0x6f8 [0204.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff21b5b0, dwHighDateTime=0x1d6076c)) [0204.262] GetCurrentThreadId () returned 0x6f8 [0204.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff21b5b0, dwHighDateTime=0x1d6076c)) [0204.262] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a8fc8 [0204.271] GetCurrentThreadId () returned 0x6f8 [0204.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.272] FindNextFileW (in: hFindFile=0x6a8fc8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.272] GetCurrentThreadId () returned 0x6f8 [0204.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.272] FindNextFileW (in: hFindFile=0x6a8fc8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", cAlternateFileName="CLICEX~1.CDF")) returned 1 [0204.272] GetCurrentThreadId () returned 0x6f8 [0204.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.272] FindNextFileW (in: hFindFile=0x6a8fc8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", cAlternateFileName="CLICEX~1.MAN")) returned 1 [0204.272] GetCurrentThreadId () returned 0x6f8 [0204.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.272] FindNextFileW (in: hFindFile=0x6a8fc8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x38b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", cAlternateFileName="GOOGAP~1.CDF")) returned 1 [0204.272] GetCurrentThreadId () returned 0x6f8 [0204.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.272] FindNextFileW (in: hFindFile=0x6a8fc8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cAlternateFileName="GOOGAP~1.MAN")) returned 1 [0204.272] GetCurrentThreadId () returned 0x6f8 [0204.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.272] FindNextFileW (in: hFindFile=0x6a8fc8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cAlternateFileName="GOOGAP~1.MAN")) returned 0 [0204.272] GetCurrentThreadId () returned 0x6f8 [0204.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.272] FindNextFileW (in: hFindFile=0x6a8f08, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifests", cAlternateFileName="MANIFE~1")) returned 0 [0204.273] GetCurrentThreadId () returned 0x6f8 [0204.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.273] FindNextFileW (in: hFindFile=0x6a8ec8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YVORLGOR.PNT", cAlternateFileName="")) returned 0 [0204.273] GetCurrentThreadId () returned 0x6f8 [0204.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.273] FindNextFileW (in: hFindFile=0x6a8d48, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DQQ19BCJ.JAX", cAlternateFileName="")) returned 0 [0204.273] GetCurrentThreadId () returned 0x6f8 [0204.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.273] FindNextFileW (in: hFindFile=0x6a8d08, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2.0", cAlternateFileName="")) returned 0 [0204.273] GetCurrentThreadId () returned 0x6f8 [0204.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.273] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0204.273] GetCurrentThreadId () returned 0x6f8 [0204.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.273] GetCurrentThreadId () returned 0x6f8 [0204.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.273] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9008 [0204.274] GetCurrentThreadId () returned 0x6f8 [0204.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.274] FindNextFileW (in: hFindFile=0x6a9008, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.274] GetCurrentThreadId () returned 0x6f8 [0204.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.274] FindNextFileW (in: hFindFile=0x6a9008, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0204.275] GetCurrentThreadId () returned 0x6f8 [0204.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.275] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GDIPFONTCACHEV1.DAT", cAlternateFileName="GDIPFO~1.DAT")) returned 1 [0204.275] GetCurrentThreadId () returned 0x6f8 [0204.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.275] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0204.275] GetCurrentThreadId () returned 0x6f8 [0204.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.275] GetCurrentThreadId () returned 0x6f8 [0204.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.275] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9048 [0204.275] GetCurrentThreadId () returned 0x6f8 [0204.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.275] FindNextFileW (in: hFindFile=0x6a9048, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.276] GetCurrentThreadId () returned 0x6f8 [0204.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.276] FindNextFileW (in: hFindFile=0x6a9048, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrome", cAlternateFileName="")) returned 1 [0204.276] GetCurrentThreadId () returned 0x6f8 [0204.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.276] GetCurrentThreadId () returned 0x6f8 [0204.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.276] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9088 [0204.276] GetCurrentThreadId () returned 0x6f8 [0204.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.276] FindNextFileW (in: hFindFile=0x6a9088, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.276] GetCurrentThreadId () returned 0x6f8 [0204.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.276] FindNextFileW (in: hFindFile=0x6a9088, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 1 [0204.276] GetCurrentThreadId () returned 0x6f8 [0204.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.276] GetCurrentThreadId () returned 0x6f8 [0204.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.276] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a90c8 [0204.279] GetCurrentThreadId () returned 0x6f8 [0204.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xff241710, dwHighDateTime=0x1d6076c)) [0204.279] FindNextFileW (in: hFindFile=0x6a90c8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.285] GetCurrentThreadId () returned 0x6f8 [0204.285] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.285] FindNextFileW (in: hFindFile=0x6a90c8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CertificateTransparency", cAlternateFileName="CERTIF~1")) returned 1 [0204.286] GetCurrentThreadId () returned 0x6f8 [0204.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.286] GetCurrentThreadId () returned 0x6f8 [0204.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.286] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9108 [0204.288] GetCurrentThreadId () returned 0x6f8 [0204.288] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.288] FindNextFileW (in: hFindFile=0x6a9108, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.288] GetCurrentThreadId () returned 0x6f8 [0204.288] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.288] FindNextFileW (in: hFindFile=0x6a9108, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0204.288] GetCurrentThreadId () returned 0x6f8 [0204.288] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.288] FindNextFileW (in: hFindFile=0x6a90c8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crashpad", cAlternateFileName="")) returned 1 [0204.288] GetCurrentThreadId () returned 0x6f8 [0204.288] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.288] GetCurrentThreadId () returned 0x6f8 [0204.288] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.288] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9148 [0204.289] GetCurrentThreadId () returned 0x6f8 [0204.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.289] FindNextFileW (in: hFindFile=0x6a9148, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.289] GetCurrentThreadId () returned 0x6f8 [0204.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.289] FindNextFileW (in: hFindFile=0x6a9148, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f5beda0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="metadata", cAlternateFileName="")) returned 1 [0204.289] GetCurrentThreadId () returned 0x6f8 [0204.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.289] FindNextFileW (in: hFindFile=0x6a9148, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="reports", cAlternateFileName="")) returned 1 [0204.289] GetCurrentThreadId () returned 0x6f8 [0204.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.289] GetCurrentThreadId () returned 0x6f8 [0204.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.290] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9188 [0204.291] GetCurrentThreadId () returned 0x6f8 [0204.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.291] FindNextFileW (in: hFindFile=0x6a9188, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.291] GetCurrentThreadId () returned 0x6f8 [0204.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.291] FindNextFileW (in: hFindFile=0x6a9188, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0204.291] GetCurrentThreadId () returned 0x6f8 [0204.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.291] FindNextFileW (in: hFindFile=0x6a9148, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.dat", cAlternateFileName="")) returned 1 [0204.291] GetCurrentThreadId () returned 0x6f8 [0204.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.292] FindNextFileW (in: hFindFile=0x6a9148, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.dat", cAlternateFileName="")) returned 0 [0204.292] GetCurrentThreadId () returned 0x6f8 [0204.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.292] FindNextFileW (in: hFindFile=0x6a90c8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0204.292] GetCurrentThreadId () returned 0x6f8 [0204.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.292] GetCurrentThreadId () returned 0x6f8 [0204.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff267870, dwHighDateTime=0x1d6076c)) [0204.292] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a91c8 [0204.304] GetCurrentThreadId () returned 0x6f8 [0204.304] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.304] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.306] GetCurrentThreadId () returned 0x6f8 [0204.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.306] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0204.306] GetCurrentThreadId () returned 0x6f8 [0204.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.306] GetCurrentThreadId () returned 0x6f8 [0204.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.306] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9208 [0204.307] GetCurrentThreadId () returned 0x6f8 [0204.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.307] FindNextFileW (in: hFindFile=0x6a9208, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.307] GetCurrentThreadId () returned 0x6f8 [0204.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.308] FindNextFileW (in: hFindFile=0x6a9208, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_0", cAlternateFileName="")) returned 1 [0204.308] GetCurrentThreadId () returned 0x6f8 [0204.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.308] FindNextFileW (in: hFindFile=0x6a9208, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_1", cAlternateFileName="")) returned 1 [0204.308] GetCurrentThreadId () returned 0x6f8 [0204.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.308] FindNextFileW (in: hFindFile=0x6a9208, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_2", cAlternateFileName="")) returned 1 [0204.308] GetCurrentThreadId () returned 0x6f8 [0204.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.308] FindNextFileW (in: hFindFile=0x6a9208, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x402000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_3", cAlternateFileName="")) returned 1 [0204.308] GetCurrentThreadId () returned 0x6f8 [0204.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.308] FindNextFileW (in: hFindFile=0x6a9208, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x0, dwReserved1=0x0, cFileName="index", cAlternateFileName="")) returned 1 [0204.308] GetCurrentThreadId () returned 0x6f8 [0204.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.308] FindNextFileW (in: hFindFile=0x6a9208, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x0, dwReserved1=0x0, cFileName="index", cAlternateFileName="")) returned 0 [0204.308] GetCurrentThreadId () returned 0x6f8 [0204.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.308] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d406e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d406e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d1e730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0204.308] GetCurrentThreadId () returned 0x6f8 [0204.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.308] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d44890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies-journal", cAlternateFileName="COOKIE~1")) returned 1 [0204.308] GetCurrentThreadId () returned 0x6f8 [0204.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.309] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83b08a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83b08a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0b57b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Session", cAlternateFileName="CURREN~1")) returned 1 [0204.309] GetCurrentThreadId () returned 0x6f8 [0204.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.309] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3b6860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3b6860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b8f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x126, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Tabs", cAlternateFileName="CURREN~2")) returned 1 [0204.309] GetCurrentThreadId () returned 0x6f8 [0204.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.309] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_reduction_proxy_leveldb", cAlternateFileName="DATA_R~1")) returned 1 [0204.309] GetCurrentThreadId () returned 0x6f8 [0204.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.309] GetCurrentThreadId () returned 0x6f8 [0204.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9248 [0204.311] GetCurrentThreadId () returned 0x6f8 [0204.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.311] FindNextFileW (in: hFindFile=0x6a9248, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.311] GetCurrentThreadId () returned 0x6f8 [0204.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.311] FindNextFileW (in: hFindFile=0x6a9248, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0204.311] GetCurrentThreadId () returned 0x6f8 [0204.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.311] FindNextFileW (in: hFindFile=0x6a9248, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x804795c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0204.312] GetCurrentThreadId () returned 0x6f8 [0204.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.312] FindNextFileW (in: hFindFile=0x6a9248, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0204.312] GetCurrentThreadId () returned 0x6f8 [0204.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.312] FindNextFileW (in: hFindFile=0x6a9248, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9ab9e110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0204.312] GetCurrentThreadId () returned 0x6f8 [0204.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.312] FindNextFileW (in: hFindFile=0x6a9248, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0204.312] GetCurrentThreadId () returned 0x6f8 [0204.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.312] FindNextFileW (in: hFindFile=0x6a9248, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0204.312] GetCurrentThreadId () returned 0x6f8 [0204.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff28d9d0, dwHighDateTime=0x1d6076c)) [0204.312] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension Rules", cAlternateFileName="EXTENS~3")) returned 1 [0204.312] GetCurrentThreadId () returned 0x6f8 [0204.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.312] GetCurrentThreadId () returned 0x6f8 [0204.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.312] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9288 [0204.325] GetCurrentThreadId () returned 0x6f8 [0204.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.325] FindNextFileW (in: hFindFile=0x6a9288, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.325] GetCurrentThreadId () returned 0x6f8 [0204.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.325] FindNextFileW (in: hFindFile=0x6a9288, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0204.325] GetCurrentThreadId () returned 0x6f8 [0204.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.325] FindNextFileW (in: hFindFile=0x6a9288, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82adc050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82adc050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0204.325] GetCurrentThreadId () returned 0x6f8 [0204.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.325] FindNextFileW (in: hFindFile=0x6a9288, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ad9940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0204.325] GetCurrentThreadId () returned 0x6f8 [0204.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.325] FindNextFileW (in: hFindFile=0x6a9288, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0204.325] GetCurrentThreadId () returned 0x6f8 [0204.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.325] FindNextFileW (in: hFindFile=0x6a9288, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0204.325] GetCurrentThreadId () returned 0x6f8 [0204.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.326] FindNextFileW (in: hFindFile=0x6a9288, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0204.326] GetCurrentThreadId () returned 0x6f8 [0204.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.326] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension State", cAlternateFileName="EXTENS~2")) returned 1 [0204.326] GetCurrentThreadId () returned 0x6f8 [0204.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.326] GetCurrentThreadId () returned 0x6f8 [0204.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2b3b30, dwHighDateTime=0x1d6076c)) [0204.326] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a92c8 [0204.338] GetCurrentThreadId () returned 0x6f8 [0204.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2d9c90, dwHighDateTime=0x1d6076c)) [0204.339] FindNextFileW (in: hFindFile=0x6a92c8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.339] GetCurrentThreadId () returned 0x6f8 [0204.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2d9c90, dwHighDateTime=0x1d6076c)) [0204.339] FindNextFileW (in: hFindFile=0x6a92c8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0204.339] GetCurrentThreadId () returned 0x6f8 [0204.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2d9c90, dwHighDateTime=0x1d6076c)) [0204.339] FindNextFileW (in: hFindFile=0x6a92c8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824d3190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0204.339] GetCurrentThreadId () returned 0x6f8 [0204.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2d9c90, dwHighDateTime=0x1d6076c)) [0204.339] FindNextFileW (in: hFindFile=0x6a92c8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0204.339] GetCurrentThreadId () returned 0x6f8 [0204.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2d9c90, dwHighDateTime=0x1d6076c)) [0204.339] FindNextFileW (in: hFindFile=0x6a92c8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0204.339] GetCurrentThreadId () returned 0x6f8 [0204.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2d9c90, dwHighDateTime=0x1d6076c)) [0204.339] FindNextFileW (in: hFindFile=0x6a92c8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0204.339] GetCurrentThreadId () returned 0x6f8 [0204.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2d9c90, dwHighDateTime=0x1d6076c)) [0204.339] FindNextFileW (in: hFindFile=0x6a92c8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0204.340] GetCurrentThreadId () returned 0x6f8 [0204.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0xff2d9c90, dwHighDateTime=0x1d6076c)) [0204.340] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0204.340] GetCurrentThreadId () returned 0x6f8 [0204.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2d9c90, dwHighDateTime=0x1d6076c)) [0204.340] GetCurrentThreadId () returned 0x6f8 [0204.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2d9c90, dwHighDateTime=0x1d6076c)) [0204.340] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9308 [0204.343] GetCurrentThreadId () returned 0x6f8 [0204.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2ffdf0, dwHighDateTime=0x1d6076c)) [0204.343] FindNextFileW (in: hFindFile=0x6a9308, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.344] GetCurrentThreadId () returned 0x6f8 [0204.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0xff2ffdf0, dwHighDateTime=0x1d6076c)) [0204.344] FindNextFileW (in: hFindFile=0x6a9308, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aapocclcgogkmnckokdopfmhonfmgoek", cAlternateFileName="AAPOCC~1")) returned 1 [0204.346] GetCurrentThreadId () returned 0x6f8 [0204.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0xff2ffdf0, dwHighDateTime=0x1d6076c)) [0204.346] GetCurrentThreadId () returned 0x6f8 [0204.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0xff2ffdf0, dwHighDateTime=0x1d6076c)) [0204.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9348 [0204.357] GetCurrentThreadId () returned 0x6f8 [0204.357] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0xff2ffdf0, dwHighDateTime=0x1d6076c)) [0204.357] FindNextFileW (in: hFindFile=0x6a9348, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.357] GetCurrentThreadId () returned 0x6f8 [0204.357] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0xff2ffdf0, dwHighDateTime=0x1d6076c)) [0204.357] FindNextFileW (in: hFindFile=0x6a9348, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0204.357] GetCurrentThreadId () returned 0x6f8 [0204.357] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xff2ffdf0, dwHighDateTime=0x1d6076c)) [0204.357] GetCurrentThreadId () returned 0x6f8 [0204.357] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xff2ffdf0, dwHighDateTime=0x1d6076c)) [0204.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9388 [0204.361] GetCurrentThreadId () returned 0x6f8 [0204.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xff325f50, dwHighDateTime=0x1d6076c)) [0204.361] FindNextFileW (in: hFindFile=0x6a9388, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.361] GetCurrentThreadId () returned 0x6f8 [0204.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xff325f50, dwHighDateTime=0x1d6076c)) [0204.361] FindNextFileW (in: hFindFile=0x6a9388, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0204.361] GetCurrentThreadId () returned 0x6f8 [0204.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4deb4 | out: lpSystemTimeAsFileTime=0x4e4deb4*(dwLowDateTime=0xff325f50, dwHighDateTime=0x1d6076c)) [0204.361] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png")) returned 0x2020 [0204.372] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", dwFileAttributes=0x80) returned 1 [0204.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x594 [0204.372] GetFileSize (in: hFile=0x594, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd2c [0204.378] ReadFile (in: hFile=0x594, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xd2c, lpNumberOfBytesRead=0x4e4de8c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4de8c*=0xd2c, lpOverlapped=0x0) returned 1 [0204.380] GetCurrentThreadId () returned 0x6f8 [0204.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de14 | out: lpSystemTimeAsFileTime=0x4e4de14*(dwLowDateTime=0xff34c0b0, dwHighDateTime=0x1d6076c)) [0204.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de14 | out: lpSystemTimeAsFileTime=0x4e4de14*(dwLowDateTime=0xff34c0b0, dwHighDateTime=0x1d6076c)) [0204.380] GetCurrentThreadId () returned 0x6f8 [0204.380] CloseHandle (hObject=0x594) returned 1 [0204.381] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", dwFileAttributes=0x2020) returned 1 [0204.381] GetCurrentThreadId () returned 0x6f8 [0204.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4d56c | out: lpSystemTimeAsFileTime=0x4e4d56c*(dwLowDateTime=0xff34c0b0, dwHighDateTime=0x1d6076c)) [0204.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4d56c | out: lpSystemTimeAsFileTime=0x4e4d56c*(dwLowDateTime=0xff34c0b0, dwHighDateTime=0x1d6076c)) [0204.381] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", piIcon=0x4e4de98 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", piIcon=0x4e4de98) returned 0xa014d [0205.631] GetIconInfo (in: hIcon=0xa014d, piconinfo=0x4e4de84 | out: piconinfo=0x4e4de84) returned 1 [0205.631] CreateFileW (lpFileName="gics.ico" (normalized: "c:\\windows\\system32\\gics.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f8 [0205.632] GetObjectA (in: h=0x33050771, c=24, pv=0x4e4de48 | out: pv=0x4e4de48) returned 24 [0205.632] GetObjectA (in: h=0x780501fe, c=24, pv=0x4e4de60 | out: pv=0x4e4de60) returned 24 [0205.632] CreateCompatibleDC (hdc=0x0) returned 0xa70101ca [0205.632] GetDIBits (in: hdc=0xa70101ca, hbm=0x33050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d9f8) returned 1 [0205.632] GetDIBits (in: hdc=0xa70101ca, hbm=0x33050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4d9f8) returned 32 [0205.632] GetDIBits (in: hdc=0xa70101ca, hbm=0x33050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d5d0) returned 1 [0205.632] GetDIBits (in: hdc=0xa70101ca, hbm=0x780501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4d5d0) returned 32 [0205.632] WriteFile (in: hFile=0x5f8, lpBuffer=0x4e4d5b0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5b0*, lpNumberOfBytesWritten=0x4e4d598*=0x6, lpOverlapped=0x0) returned 1 [0205.635] WriteFile (in: hFile=0x5f8, lpBuffer=0x4e4d5a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5a0*, lpNumberOfBytesWritten=0x4e4d598*=0x10, lpOverlapped=0x0) returned 1 [0205.635] WriteFile (in: hFile=0x5f8, lpBuffer=0x4e4de20*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4de20*, lpNumberOfBytesWritten=0x4e4d598*=0x28, lpOverlapped=0x0) returned 1 [0205.635] WriteFile (in: hFile=0x5f8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4d598*=0x1000, lpOverlapped=0x0) returned 1 [0205.636] WriteFile (in: hFile=0x5f8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4d598*=0x80, lpOverlapped=0x0) returned 1 [0205.636] DeleteDC (hdc=0xa70101ca) returned 1 [0205.636] CloseHandle (hObject=0x5f8) returned 1 [0205.636] DeleteObject (ho=0x33050771) returned 1 [0205.636] DeleteObject (ho=0x780501fe) returned 1 [0205.636] DestroyCursor (hCursor=0xa014d) returned 1 [0205.636] GetCurrentThreadId () returned 0x6f8 [0205.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f8 [0205.636] GetFileSize (in: hFile=0x5f8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd2c [0205.654] ReadFile (in: hFile=0x5f8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xd2c, lpNumberOfBytesRead=0x4e4e184, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e184*=0xd2c, lpOverlapped=0x0) returned 1 [0205.654] CloseHandle (hObject=0x5f8) returned 1 [0205.654] GetCurrentThreadId () returned 0x6f8 [0205.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0xff5ad6b0, dwHighDateTime=0x1d6076c)) [0205.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0xff5ad6b0, dwHighDateTime=0x1d6076c)) [0205.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de00 | out: lpSystemTimeAsFileTime=0x4e4de00*(dwLowDateTime=0xff5ad6b0, dwHighDateTime=0x1d6076c)) [0205.789] GetCurrentThreadId () returned 0x6f8 [0205.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0xff6de1b0, dwHighDateTime=0x1d6076c)) [0205.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0xff6de1b0, dwHighDateTime=0x1d6076c)) [0205.790] GetCurrentThreadId () returned 0x6f8 [0205.790] CreateFileW (lpFileName="Usog.exe" (normalized: "c:\\windows\\system32\\usog.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0205.795] CreateFileW (lpFileName="Usog.exe" (normalized: "c:\\windows\\system32\\usog.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0205.795] GetCurrentThreadId () returned 0x6f8 [0205.795] GetCurrentThreadId () returned 0x6f8 [0205.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0xff704310, dwHighDateTime=0x1d6076c)) [0205.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0xff704310, dwHighDateTime=0x1d6076c)) [0205.795] CreateFileW (lpFileName="Usog.exe" (normalized: "c:\\windows\\system32\\usog.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0205.795] GetCurrentThreadId () returned 0x6f8 [0205.795] BeginUpdateResourceW (pFileName="Usog.exe" (normalized: "c:\\windows\\system32\\usog.exe"), bDeleteExistingResources=0) returned 0x0 [0205.796] CreateFileW (lpFileName="gics.ico" (normalized: "c:\\windows\\system32\\gics.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8 [0205.796] GetFileSize (in: hFile=0x5f8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0205.797] ReadFile (in: hFile=0x5f8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4de98, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4de98*=0x10be, lpOverlapped=0x0) returned 1 [0205.797] CloseHandle (hObject=0x5f8) returned 1 [0205.797] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0205.797] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4de84, cb=0x14) returned 0 [0205.797] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0205.797] CopyFileW (lpExistingFileName="Usog.exe" (normalized: "c:\\windows\\system32\\usog.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.exe"), bFailIfExists=0) returned 0 [0205.798] SetNamedSecurityInfoW () returned 0x2 [0205.798] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png")) returned 1 [0205.800] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x114, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4dedc*=0x114, lpOverlapped=0x0) returned 1 [0205.800] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4dedc*=0x4, lpOverlapped=0x0) returned 1 [0205.800] DeleteFileW (lpFileName="gics.ico" (normalized: "c:\\windows\\system32\\gics.ico")) returned 1 [0205.802] DeleteFileW (lpFileName="Usog.exe" (normalized: "c:\\windows\\system32\\usog.exe")) returned 0 [0205.802] GetCurrentThreadId () returned 0x6f8 [0205.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de8c | out: lpSystemTimeAsFileTime=0x4e4de8c*(dwLowDateTime=0xff704310, dwHighDateTime=0x1d6076c)) [0205.802] GetCurrentThreadId () returned 0x6f8 [0205.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xff704310, dwHighDateTime=0x1d6076c)) [0205.802] FindNextFileW (in: hFindFile=0x6a9388, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0205.802] GetCurrentThreadId () returned 0x6f8 [0205.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4deb4 | out: lpSystemTimeAsFileTime=0x4e4deb4*(dwLowDateTime=0xff704310, dwHighDateTime=0x1d6076c)) [0205.802] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png")) returned 0x2020 [0205.803] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", dwFileAttributes=0x80) returned 1 [0205.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f8 [0205.803] GetFileSize (in: hFile=0x5f8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa0 [0205.809] ReadFile (in: hFile=0x5f8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4e4de8c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4de8c*=0xa0, lpOverlapped=0x0) returned 1 [0205.811] CloseHandle (hObject=0x5f8) returned 1 [0205.811] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", dwFileAttributes=0x2020) returned 1 [0205.811] CloseHandle (hObject=0x4e4e1b4) returned 0 [0205.811] GetCurrentThreadId () returned 0x6f8 [0205.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de8c | out: lpSystemTimeAsFileTime=0x4e4de8c*(dwLowDateTime=0xff72a470, dwHighDateTime=0x1d6076c)) [0205.811] GetCurrentThreadId () returned 0x6f8 [0205.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xff72a470, dwHighDateTime=0x1d6076c)) [0205.811] FindNextFileW (in: hFindFile=0x6a9388, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0205.812] GetCurrentThreadId () returned 0x6f8 [0205.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xff72a470, dwHighDateTime=0x1d6076c)) [0205.812] FindNextFileW (in: hFindFile=0x6a9388, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0205.812] GetCurrentThreadId () returned 0x6f8 [0205.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xff72a470, dwHighDateTime=0x1d6076c)) [0205.812] FindNextFileW (in: hFindFile=0x6a9388, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0205.812] GetCurrentThreadId () returned 0x6f8 [0205.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xff72a470, dwHighDateTime=0x1d6076c)) [0205.812] FindNextFileW (in: hFindFile=0x6a9388, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0205.812] GetCurrentThreadId () returned 0x6f8 [0205.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff72a470, dwHighDateTime=0x1d6076c)) [0205.812] GetCurrentThreadId () returned 0x6f8 [0205.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff72a470, dwHighDateTime=0x1d6076c)) [0205.812] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a93c8 [0205.846] GetCurrentThreadId () returned 0x6f8 [0205.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.846] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0205.846] GetCurrentThreadId () returned 0x6f8 [0205.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.847] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0205.847] GetCurrentThreadId () returned 0x6f8 [0205.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.847] GetCurrentThreadId () returned 0x6f8 [0205.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.847] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a9448 [0205.847] GetCurrentThreadId () returned 0x6f8 [0205.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.848] FindNextFileW (in: hFindFile=0x6a9448, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0205.848] GetCurrentThreadId () returned 0x6f8 [0205.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.848] FindNextFileW (in: hFindFile=0x6a9448, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0205.848] GetCurrentThreadId () returned 0x6f8 [0205.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.848] FindNextFileW (in: hFindFile=0x6a9448, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0205.848] GetCurrentThreadId () returned 0x6f8 [0205.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.848] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0205.848] GetCurrentThreadId () returned 0x6f8 [0205.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.848] GetCurrentThreadId () returned 0x6f8 [0205.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.848] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b53c0 [0205.849] GetCurrentThreadId () returned 0x6f8 [0205.849] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.849] FindNextFileW (in: hFindFile=0x6b53c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0205.849] GetCurrentThreadId () returned 0x6f8 [0205.849] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.849] FindNextFileW (in: hFindFile=0x6b53c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0205.849] GetCurrentThreadId () returned 0x6f8 [0205.849] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.849] FindNextFileW (in: hFindFile=0x6b53c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0205.849] GetCurrentThreadId () returned 0x6f8 [0205.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.850] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0205.850] GetCurrentThreadId () returned 0x6f8 [0205.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.850] GetCurrentThreadId () returned 0x6f8 [0205.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5400 [0205.852] GetCurrentThreadId () returned 0x6f8 [0205.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.852] FindNextFileW (in: hFindFile=0x6b5400, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0205.852] GetCurrentThreadId () returned 0x6f8 [0205.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.852] FindNextFileW (in: hFindFile=0x6b5400, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0205.852] GetCurrentThreadId () returned 0x6f8 [0205.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.852] FindNextFileW (in: hFindFile=0x6b5400, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0205.852] GetCurrentThreadId () returned 0x6f8 [0205.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.852] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0205.853] GetCurrentThreadId () returned 0x6f8 [0205.853] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.853] GetCurrentThreadId () returned 0x6f8 [0205.853] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.853] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5440 [0205.853] GetCurrentThreadId () returned 0x6f8 [0205.853] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.853] FindNextFileW (in: hFindFile=0x6b5440, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0205.853] GetCurrentThreadId () returned 0x6f8 [0205.853] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.853] FindNextFileW (in: hFindFile=0x6b5440, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0205.853] GetCurrentThreadId () returned 0x6f8 [0205.853] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.853] FindNextFileW (in: hFindFile=0x6b5440, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0205.854] GetCurrentThreadId () returned 0x6f8 [0205.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.854] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0205.854] GetCurrentThreadId () returned 0x6f8 [0205.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.854] GetCurrentThreadId () returned 0x6f8 [0205.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.854] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5480 [0205.855] GetCurrentThreadId () returned 0x6f8 [0205.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.855] FindNextFileW (in: hFindFile=0x6b5480, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0205.855] GetCurrentThreadId () returned 0x6f8 [0205.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.855] FindNextFileW (in: hFindFile=0x6b5480, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0205.855] GetCurrentThreadId () returned 0x6f8 [0205.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.855] FindNextFileW (in: hFindFile=0x6b5480, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0205.855] GetCurrentThreadId () returned 0x6f8 [0205.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.856] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0205.856] GetCurrentThreadId () returned 0x6f8 [0205.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.856] GetCurrentThreadId () returned 0x6f8 [0205.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.856] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b54c0 [0205.856] GetCurrentThreadId () returned 0x6f8 [0205.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.856] FindNextFileW (in: hFindFile=0x6b54c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0205.856] GetCurrentThreadId () returned 0x6f8 [0205.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.856] FindNextFileW (in: hFindFile=0x6b54c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0205.856] GetCurrentThreadId () returned 0x6f8 [0205.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.856] FindNextFileW (in: hFindFile=0x6b54c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0205.856] GetCurrentThreadId () returned 0x6f8 [0205.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.856] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0205.857] GetCurrentThreadId () returned 0x6f8 [0205.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.857] GetCurrentThreadId () returned 0x6f8 [0205.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff776730, dwHighDateTime=0x1d6076c)) [0205.857] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5500 [0205.860] GetCurrentThreadId () returned 0x6f8 [0205.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff79c890, dwHighDateTime=0x1d6076c)) [0205.860] FindNextFileW (in: hFindFile=0x6b5500, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0205.861] GetCurrentThreadId () returned 0x6f8 [0205.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff79c890, dwHighDateTime=0x1d6076c)) [0205.861] FindNextFileW (in: hFindFile=0x6b5500, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0205.861] GetCurrentThreadId () returned 0x6f8 [0205.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff79c890, dwHighDateTime=0x1d6076c)) [0205.861] FindNextFileW (in: hFindFile=0x6b5500, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0205.861] GetCurrentThreadId () returned 0x6f8 [0205.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xff79c890, dwHighDateTime=0x1d6076c)) [0205.861] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0205.861] GetCurrentThreadId () returned 0x6f8 [0205.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff79c890, dwHighDateTime=0x1d6076c)) [0205.861] GetCurrentThreadId () returned 0x6f8 [0205.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xff79c890, dwHighDateTime=0x1d6076c)) [0205.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5540 [0207.565] GetCurrentThreadId () returned 0x6f8 [0207.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.565] FindNextFileW (in: hFindFile=0x6b5540, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.565] GetCurrentThreadId () returned 0x6f8 [0207.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.565] FindNextFileW (in: hFindFile=0x6b5540, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.565] GetCurrentThreadId () returned 0x6f8 [0207.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.565] FindNextFileW (in: hFindFile=0x6b5540, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.565] GetCurrentThreadId () returned 0x6f8 [0207.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.565] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0207.565] GetCurrentThreadId () returned 0x6f8 [0207.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.566] GetCurrentThreadId () returned 0x6f8 [0207.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.566] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5580 [0207.567] GetCurrentThreadId () returned 0x6f8 [0207.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.567] FindNextFileW (in: hFindFile=0x6b5580, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.567] GetCurrentThreadId () returned 0x6f8 [0207.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.567] FindNextFileW (in: hFindFile=0x6b5580, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.567] GetCurrentThreadId () returned 0x6f8 [0207.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.567] FindNextFileW (in: hFindFile=0x6b5580, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.567] GetCurrentThreadId () returned 0x6f8 [0207.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.567] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0207.567] GetCurrentThreadId () returned 0x6f8 [0207.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.567] GetCurrentThreadId () returned 0x6f8 [0207.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.567] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b55c0 [0207.568] GetCurrentThreadId () returned 0x6f8 [0207.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.568] FindNextFileW (in: hFindFile=0x6b55c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.569] GetCurrentThreadId () returned 0x6f8 [0207.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.569] FindNextFileW (in: hFindFile=0x6b55c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.569] GetCurrentThreadId () returned 0x6f8 [0207.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.569] FindNextFileW (in: hFindFile=0x6b55c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.569] GetCurrentThreadId () returned 0x6f8 [0207.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.569] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0207.569] GetCurrentThreadId () returned 0x6f8 [0207.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.569] GetCurrentThreadId () returned 0x6f8 [0207.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.569] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5600 [0207.569] GetCurrentThreadId () returned 0x6f8 [0207.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.569] FindNextFileW (in: hFindFile=0x6b5600, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.570] GetCurrentThreadId () returned 0x6f8 [0207.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.570] FindNextFileW (in: hFindFile=0x6b5600, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.570] GetCurrentThreadId () returned 0x6f8 [0207.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.570] FindNextFileW (in: hFindFile=0x6b5600, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.570] GetCurrentThreadId () returned 0x6f8 [0207.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.570] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0207.570] GetCurrentThreadId () returned 0x6f8 [0207.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.570] GetCurrentThreadId () returned 0x6f8 [0207.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.570] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5640 [0207.571] GetCurrentThreadId () returned 0x6f8 [0207.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.571] FindNextFileW (in: hFindFile=0x6b5640, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.571] GetCurrentThreadId () returned 0x6f8 [0207.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.571] FindNextFileW (in: hFindFile=0x6b5640, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.571] GetCurrentThreadId () returned 0x6f8 [0207.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.571] FindNextFileW (in: hFindFile=0x6b5640, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.571] GetCurrentThreadId () returned 0x6f8 [0207.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.572] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0207.572] GetCurrentThreadId () returned 0x6f8 [0207.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.572] GetCurrentThreadId () returned 0x6f8 [0207.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.572] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5680 [0207.572] GetCurrentThreadId () returned 0x6f8 [0207.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.572] FindNextFileW (in: hFindFile=0x6b5680, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.572] GetCurrentThreadId () returned 0x6f8 [0207.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.572] FindNextFileW (in: hFindFile=0x6b5680, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.572] GetCurrentThreadId () returned 0x6f8 [0207.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7d3e70, dwHighDateTime=0x1d6076d)) [0207.572] FindNextFileW (in: hFindFile=0x6b5680, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.572] GetCurrentThreadId () returned 0x6f8 [0207.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.573] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0207.573] GetCurrentThreadId () returned 0x6f8 [0207.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.573] GetCurrentThreadId () returned 0x6f8 [0207.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.573] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b56c0 [0207.574] GetCurrentThreadId () returned 0x6f8 [0207.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.574] FindNextFileW (in: hFindFile=0x6b56c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.574] GetCurrentThreadId () returned 0x6f8 [0207.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.574] FindNextFileW (in: hFindFile=0x6b56c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.574] GetCurrentThreadId () returned 0x6f8 [0207.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.574] FindNextFileW (in: hFindFile=0x6b56c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.574] GetCurrentThreadId () returned 0x6f8 [0207.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.574] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0207.574] GetCurrentThreadId () returned 0x6f8 [0207.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.574] GetCurrentThreadId () returned 0x6f8 [0207.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.575] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5700 [0207.575] GetCurrentThreadId () returned 0x6f8 [0207.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.575] FindNextFileW (in: hFindFile=0x6b5700, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.575] GetCurrentThreadId () returned 0x6f8 [0207.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.575] FindNextFileW (in: hFindFile=0x6b5700, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.575] GetCurrentThreadId () returned 0x6f8 [0207.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.575] FindNextFileW (in: hFindFile=0x6b5700, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.575] GetCurrentThreadId () returned 0x6f8 [0207.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.575] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0207.575] GetCurrentThreadId () returned 0x6f8 [0207.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.575] GetCurrentThreadId () returned 0x6f8 [0207.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.576] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5740 [0207.577] GetCurrentThreadId () returned 0x6f8 [0207.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.577] FindNextFileW (in: hFindFile=0x6b5740, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.577] GetCurrentThreadId () returned 0x6f8 [0207.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.577] FindNextFileW (in: hFindFile=0x6b5740, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.577] GetCurrentThreadId () returned 0x6f8 [0207.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.577] FindNextFileW (in: hFindFile=0x6b5740, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.577] GetCurrentThreadId () returned 0x6f8 [0207.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.577] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0207.577] GetCurrentThreadId () returned 0x6f8 [0207.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.577] GetCurrentThreadId () returned 0x6f8 [0207.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.577] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5780 [0207.578] GetCurrentThreadId () returned 0x6f8 [0207.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.578] FindNextFileW (in: hFindFile=0x6b5780, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.578] GetCurrentThreadId () returned 0x6f8 [0207.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.578] FindNextFileW (in: hFindFile=0x6b5780, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.578] GetCurrentThreadId () returned 0x6f8 [0207.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.578] FindNextFileW (in: hFindFile=0x6b5780, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.578] GetCurrentThreadId () returned 0x6f8 [0207.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.578] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0207.578] GetCurrentThreadId () returned 0x6f8 [0207.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.578] GetCurrentThreadId () returned 0x6f8 [0207.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.578] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b57c0 [0207.579] GetCurrentThreadId () returned 0x6f8 [0207.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.580] FindNextFileW (in: hFindFile=0x6b57c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.580] GetCurrentThreadId () returned 0x6f8 [0207.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.580] FindNextFileW (in: hFindFile=0x6b57c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.580] GetCurrentThreadId () returned 0x6f8 [0207.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.580] FindNextFileW (in: hFindFile=0x6b57c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.580] GetCurrentThreadId () returned 0x6f8 [0207.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.580] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0207.580] GetCurrentThreadId () returned 0x6f8 [0207.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.580] GetCurrentThreadId () returned 0x6f8 [0207.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.580] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5800 [0207.580] GetCurrentThreadId () returned 0x6f8 [0207.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.581] FindNextFileW (in: hFindFile=0x6b5800, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.582] GetCurrentThreadId () returned 0x6f8 [0207.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.582] FindNextFileW (in: hFindFile=0x6b5800, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.582] GetCurrentThreadId () returned 0x6f8 [0207.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.582] FindNextFileW (in: hFindFile=0x6b5800, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.583] GetCurrentThreadId () returned 0x6f8 [0207.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.583] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0207.583] GetCurrentThreadId () returned 0x6f8 [0207.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.583] GetCurrentThreadId () returned 0x6f8 [0207.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.583] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5840 [0207.584] GetCurrentThreadId () returned 0x6f8 [0207.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.584] FindNextFileW (in: hFindFile=0x6b5840, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.584] GetCurrentThreadId () returned 0x6f8 [0207.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.584] FindNextFileW (in: hFindFile=0x6b5840, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.584] GetCurrentThreadId () returned 0x6f8 [0207.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.584] FindNextFileW (in: hFindFile=0x6b5840, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.584] GetCurrentThreadId () returned 0x6f8 [0207.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.584] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0207.584] GetCurrentThreadId () returned 0x6f8 [0207.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.584] GetCurrentThreadId () returned 0x6f8 [0207.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.584] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5880 [0207.585] GetCurrentThreadId () returned 0x6f8 [0207.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.585] FindNextFileW (in: hFindFile=0x6b5880, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.585] GetCurrentThreadId () returned 0x6f8 [0207.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.585] FindNextFileW (in: hFindFile=0x6b5880, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.585] GetCurrentThreadId () returned 0x6f8 [0207.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.585] FindNextFileW (in: hFindFile=0x6b5880, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.585] GetCurrentThreadId () returned 0x6f8 [0207.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.585] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0207.585] GetCurrentThreadId () returned 0x6f8 [0207.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.585] GetCurrentThreadId () returned 0x6f8 [0207.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.586] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b58c0 [0207.586] GetCurrentThreadId () returned 0x6f8 [0207.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.587] FindNextFileW (in: hFindFile=0x6b58c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.587] GetCurrentThreadId () returned 0x6f8 [0207.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.587] FindNextFileW (in: hFindFile=0x6b58c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.587] GetCurrentThreadId () returned 0x6f8 [0207.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.587] FindNextFileW (in: hFindFile=0x6b58c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.587] GetCurrentThreadId () returned 0x6f8 [0207.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.587] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0207.587] GetCurrentThreadId () returned 0x6f8 [0207.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.587] GetCurrentThreadId () returned 0x6f8 [0207.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x7f9fd0, dwHighDateTime=0x1d6076d)) [0207.587] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5900 [0207.590] GetCurrentThreadId () returned 0x6f8 [0207.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.590] FindNextFileW (in: hFindFile=0x6b5900, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.590] GetCurrentThreadId () returned 0x6f8 [0207.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.590] FindNextFileW (in: hFindFile=0x6b5900, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.590] GetCurrentThreadId () returned 0x6f8 [0207.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.590] FindNextFileW (in: hFindFile=0x6b5900, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.590] GetCurrentThreadId () returned 0x6f8 [0207.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.591] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0207.591] GetCurrentThreadId () returned 0x6f8 [0207.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.591] GetCurrentThreadId () returned 0x6f8 [0207.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.591] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5940 [0207.592] GetCurrentThreadId () returned 0x6f8 [0207.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.592] FindNextFileW (in: hFindFile=0x6b5940, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.592] GetCurrentThreadId () returned 0x6f8 [0207.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.593] FindNextFileW (in: hFindFile=0x6b5940, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.593] GetCurrentThreadId () returned 0x6f8 [0207.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.593] FindNextFileW (in: hFindFile=0x6b5940, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.593] GetCurrentThreadId () returned 0x6f8 [0207.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.593] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0207.593] GetCurrentThreadId () returned 0x6f8 [0207.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.593] GetCurrentThreadId () returned 0x6f8 [0207.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.593] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5980 [0207.593] GetCurrentThreadId () returned 0x6f8 [0207.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.593] FindNextFileW (in: hFindFile=0x6b5980, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.593] GetCurrentThreadId () returned 0x6f8 [0207.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.593] FindNextFileW (in: hFindFile=0x6b5980, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.594] GetCurrentThreadId () returned 0x6f8 [0207.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.594] FindNextFileW (in: hFindFile=0x6b5980, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.594] GetCurrentThreadId () returned 0x6f8 [0207.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.594] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0207.594] GetCurrentThreadId () returned 0x6f8 [0207.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.594] GetCurrentThreadId () returned 0x6f8 [0207.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.594] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b59c0 [0207.595] GetCurrentThreadId () returned 0x6f8 [0207.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.595] FindNextFileW (in: hFindFile=0x6b59c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.595] GetCurrentThreadId () returned 0x6f8 [0207.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.595] FindNextFileW (in: hFindFile=0x6b59c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.595] GetCurrentThreadId () returned 0x6f8 [0207.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.595] FindNextFileW (in: hFindFile=0x6b59c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.595] GetCurrentThreadId () returned 0x6f8 [0207.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.596] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0207.596] GetCurrentThreadId () returned 0x6f8 [0207.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.596] GetCurrentThreadId () returned 0x6f8 [0207.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.596] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5a00 [0207.596] GetCurrentThreadId () returned 0x6f8 [0207.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.596] FindNextFileW (in: hFindFile=0x6b5a00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.596] GetCurrentThreadId () returned 0x6f8 [0207.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.596] FindNextFileW (in: hFindFile=0x6b5a00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.596] GetCurrentThreadId () returned 0x6f8 [0207.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.596] FindNextFileW (in: hFindFile=0x6b5a00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.596] GetCurrentThreadId () returned 0x6f8 [0207.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.596] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0207.597] GetCurrentThreadId () returned 0x6f8 [0207.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.597] GetCurrentThreadId () returned 0x6f8 [0207.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.597] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5a40 [0207.598] GetCurrentThreadId () returned 0x6f8 [0207.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.598] FindNextFileW (in: hFindFile=0x6b5a40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.598] GetCurrentThreadId () returned 0x6f8 [0207.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.598] FindNextFileW (in: hFindFile=0x6b5a40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.598] GetCurrentThreadId () returned 0x6f8 [0207.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.598] FindNextFileW (in: hFindFile=0x6b5a40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.598] GetCurrentThreadId () returned 0x6f8 [0207.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.598] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0207.598] GetCurrentThreadId () returned 0x6f8 [0207.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.598] GetCurrentThreadId () returned 0x6f8 [0207.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.598] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5a80 [0207.599] GetCurrentThreadId () returned 0x6f8 [0207.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.599] FindNextFileW (in: hFindFile=0x6b5a80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.599] GetCurrentThreadId () returned 0x6f8 [0207.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.599] FindNextFileW (in: hFindFile=0x6b5a80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.599] GetCurrentThreadId () returned 0x6f8 [0207.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.599] FindNextFileW (in: hFindFile=0x6b5a80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.599] GetCurrentThreadId () returned 0x6f8 [0207.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.599] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0207.599] GetCurrentThreadId () returned 0x6f8 [0207.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.599] GetCurrentThreadId () returned 0x6f8 [0207.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.599] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5ac0 [0207.600] GetCurrentThreadId () returned 0x6f8 [0207.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.600] FindNextFileW (in: hFindFile=0x6b5ac0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.600] GetCurrentThreadId () returned 0x6f8 [0207.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.600] FindNextFileW (in: hFindFile=0x6b5ac0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.600] GetCurrentThreadId () returned 0x6f8 [0207.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.600] FindNextFileW (in: hFindFile=0x6b5ac0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.600] GetCurrentThreadId () returned 0x6f8 [0207.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.600] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0207.600] GetCurrentThreadId () returned 0x6f8 [0207.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.600] GetCurrentThreadId () returned 0x6f8 [0207.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.600] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5b00 [0207.601] GetCurrentThreadId () returned 0x6f8 [0207.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.601] FindNextFileW (in: hFindFile=0x6b5b00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.601] GetCurrentThreadId () returned 0x6f8 [0207.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.601] FindNextFileW (in: hFindFile=0x6b5b00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.601] GetCurrentThreadId () returned 0x6f8 [0207.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.601] FindNextFileW (in: hFindFile=0x6b5b00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.601] GetCurrentThreadId () returned 0x6f8 [0207.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.601] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0207.601] GetCurrentThreadId () returned 0x6f8 [0207.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.601] GetCurrentThreadId () returned 0x6f8 [0207.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.601] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5b40 [0207.602] GetCurrentThreadId () returned 0x6f8 [0207.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.602] FindNextFileW (in: hFindFile=0x6b5b40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.602] GetCurrentThreadId () returned 0x6f8 [0207.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.602] FindNextFileW (in: hFindFile=0x6b5b40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.602] GetCurrentThreadId () returned 0x6f8 [0207.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.602] FindNextFileW (in: hFindFile=0x6b5b40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.602] GetCurrentThreadId () returned 0x6f8 [0207.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.602] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0207.603] GetCurrentThreadId () returned 0x6f8 [0207.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.603] GetCurrentThreadId () returned 0x6f8 [0207.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.603] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5b80 [0207.604] GetCurrentThreadId () returned 0x6f8 [0207.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.604] FindNextFileW (in: hFindFile=0x6b5b80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.604] GetCurrentThreadId () returned 0x6f8 [0207.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.604] FindNextFileW (in: hFindFile=0x6b5b80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.604] GetCurrentThreadId () returned 0x6f8 [0207.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.604] FindNextFileW (in: hFindFile=0x6b5b80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.604] GetCurrentThreadId () returned 0x6f8 [0207.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.604] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0207.604] GetCurrentThreadId () returned 0x6f8 [0207.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.604] GetCurrentThreadId () returned 0x6f8 [0207.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.604] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5bc0 [0207.605] GetCurrentThreadId () returned 0x6f8 [0207.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.605] FindNextFileW (in: hFindFile=0x6b5bc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.605] GetCurrentThreadId () returned 0x6f8 [0207.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.605] FindNextFileW (in: hFindFile=0x6b5bc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.605] GetCurrentThreadId () returned 0x6f8 [0207.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.605] FindNextFileW (in: hFindFile=0x6b5bc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.606] GetCurrentThreadId () returned 0x6f8 [0207.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.606] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0207.606] GetCurrentThreadId () returned 0x6f8 [0207.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.606] GetCurrentThreadId () returned 0x6f8 [0207.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.606] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5c00 [0207.606] GetCurrentThreadId () returned 0x6f8 [0207.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.606] FindNextFileW (in: hFindFile=0x6b5c00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.606] GetCurrentThreadId () returned 0x6f8 [0207.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.606] FindNextFileW (in: hFindFile=0x6b5c00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.606] GetCurrentThreadId () returned 0x6f8 [0207.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.606] FindNextFileW (in: hFindFile=0x6b5c00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.606] GetCurrentThreadId () returned 0x6f8 [0207.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.606] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0207.606] GetCurrentThreadId () returned 0x6f8 [0207.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.607] GetCurrentThreadId () returned 0x6f8 [0207.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.607] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5c40 [0207.608] GetCurrentThreadId () returned 0x6f8 [0207.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.608] FindNextFileW (in: hFindFile=0x6b5c40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.608] GetCurrentThreadId () returned 0x6f8 [0207.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.608] FindNextFileW (in: hFindFile=0x6b5c40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.608] GetCurrentThreadId () returned 0x6f8 [0207.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.608] FindNextFileW (in: hFindFile=0x6b5c40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.608] GetCurrentThreadId () returned 0x6f8 [0207.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.608] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0207.608] GetCurrentThreadId () returned 0x6f8 [0207.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.608] GetCurrentThreadId () returned 0x6f8 [0207.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.608] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5c80 [0207.608] GetCurrentThreadId () returned 0x6f8 [0207.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.608] FindNextFileW (in: hFindFile=0x6b5c80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.608] GetCurrentThreadId () returned 0x6f8 [0207.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.608] FindNextFileW (in: hFindFile=0x6b5c80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.608] GetCurrentThreadId () returned 0x6f8 [0207.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.609] FindNextFileW (in: hFindFile=0x6b5c80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.609] GetCurrentThreadId () returned 0x6f8 [0207.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.609] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0207.609] GetCurrentThreadId () returned 0x6f8 [0207.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.609] GetCurrentThreadId () returned 0x6f8 [0207.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.609] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5cc0 [0207.610] GetCurrentThreadId () returned 0x6f8 [0207.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.610] FindNextFileW (in: hFindFile=0x6b5cc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.610] GetCurrentThreadId () returned 0x6f8 [0207.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.610] FindNextFileW (in: hFindFile=0x6b5cc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.610] GetCurrentThreadId () returned 0x6f8 [0207.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.610] FindNextFileW (in: hFindFile=0x6b5cc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.610] GetCurrentThreadId () returned 0x6f8 [0207.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.610] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0207.610] GetCurrentThreadId () returned 0x6f8 [0207.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.610] GetCurrentThreadId () returned 0x6f8 [0207.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.610] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5d00 [0207.610] GetCurrentThreadId () returned 0x6f8 [0207.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.610] FindNextFileW (in: hFindFile=0x6b5d00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.610] GetCurrentThreadId () returned 0x6f8 [0207.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.610] FindNextFileW (in: hFindFile=0x6b5d00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.611] GetCurrentThreadId () returned 0x6f8 [0207.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.611] FindNextFileW (in: hFindFile=0x6b5d00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.611] GetCurrentThreadId () returned 0x6f8 [0207.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.611] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0207.611] GetCurrentThreadId () returned 0x6f8 [0207.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.611] GetCurrentThreadId () returned 0x6f8 [0207.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.611] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5d40 [0207.612] GetCurrentThreadId () returned 0x6f8 [0207.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.612] FindNextFileW (in: hFindFile=0x6b5d40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.612] GetCurrentThreadId () returned 0x6f8 [0207.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.612] FindNextFileW (in: hFindFile=0x6b5d40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.612] GetCurrentThreadId () returned 0x6f8 [0207.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.612] FindNextFileW (in: hFindFile=0x6b5d40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.612] GetCurrentThreadId () returned 0x6f8 [0207.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.612] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0207.612] GetCurrentThreadId () returned 0x6f8 [0207.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.612] GetCurrentThreadId () returned 0x6f8 [0207.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.612] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5d80 [0207.612] GetCurrentThreadId () returned 0x6f8 [0207.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.612] FindNextFileW (in: hFindFile=0x6b5d80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.613] GetCurrentThreadId () returned 0x6f8 [0207.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.613] FindNextFileW (in: hFindFile=0x6b5d80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.613] GetCurrentThreadId () returned 0x6f8 [0207.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.613] FindNextFileW (in: hFindFile=0x6b5d80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.613] GetCurrentThreadId () returned 0x6f8 [0207.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.613] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0207.613] GetCurrentThreadId () returned 0x6f8 [0207.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.613] GetCurrentThreadId () returned 0x6f8 [0207.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.613] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5dc0 [0207.613] GetCurrentThreadId () returned 0x6f8 [0207.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.613] FindNextFileW (in: hFindFile=0x6b5dc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.613] GetCurrentThreadId () returned 0x6f8 [0207.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.613] FindNextFileW (in: hFindFile=0x6b5dc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.613] GetCurrentThreadId () returned 0x6f8 [0207.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.613] FindNextFileW (in: hFindFile=0x6b5dc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.613] GetCurrentThreadId () returned 0x6f8 [0207.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.614] FindNextFileW (in: hFindFile=0x6a93c8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0207.614] GetCurrentThreadId () returned 0x6f8 [0207.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.614] FindNextFileW (in: hFindFile=0x6a9388, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0207.614] GetCurrentThreadId () returned 0x6f8 [0207.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.614] GetCurrentThreadId () returned 0x6f8 [0207.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x846290, dwHighDateTime=0x1d6076d)) [0207.614] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5e00 [0207.668] GetCurrentThreadId () returned 0x6f8 [0207.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.668] FindNextFileW (in: hFindFile=0x6b5e00, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.668] GetCurrentThreadId () returned 0x6f8 [0207.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.668] FindNextFileW (in: hFindFile=0x6b5e00, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85d166b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x0, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0207.668] GetCurrentThreadId () returned 0x6f8 [0207.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.668] FindNextFileW (in: hFindFile=0x6b5e00, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0207.668] GetCurrentThreadId () returned 0x6f8 [0207.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.668] FindNextFileW (in: hFindFile=0x6b5e00, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0207.668] GetCurrentThreadId () returned 0x6f8 [0207.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.668] FindNextFileW (in: hFindFile=0x6a9388, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0207.668] GetCurrentThreadId () returned 0x6f8 [0207.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.669] FindNextFileW (in: hFindFile=0x6a9348, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 0 [0207.669] GetCurrentThreadId () returned 0x6f8 [0207.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.669] FindNextFileW (in: hFindFile=0x6a9308, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aohghmighlieiainnegkcijnfilokake", cAlternateFileName="AOHGHM~1")) returned 1 [0207.669] GetCurrentThreadId () returned 0x6f8 [0207.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.669] GetCurrentThreadId () returned 0x6f8 [0207.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.669] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5e40 [0207.670] GetCurrentThreadId () returned 0x6f8 [0207.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.670] FindNextFileW (in: hFindFile=0x6b5e40, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.670] GetCurrentThreadId () returned 0x6f8 [0207.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.670] FindNextFileW (in: hFindFile=0x6b5e40, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0207.670] GetCurrentThreadId () returned 0x6f8 [0207.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.670] GetCurrentThreadId () returned 0x6f8 [0207.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x8de810, dwHighDateTime=0x1d6076d)) [0207.670] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5e80 [0207.703] GetCurrentThreadId () returned 0x6f8 [0207.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x92aad0, dwHighDateTime=0x1d6076d)) [0207.703] FindNextFileW (in: hFindFile=0x6b5e80, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.703] GetCurrentThreadId () returned 0x6f8 [0207.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x92aad0, dwHighDateTime=0x1d6076d)) [0207.704] FindNextFileW (in: hFindFile=0x6b5e80, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0207.704] GetCurrentThreadId () returned 0x6f8 [0207.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4deb4 | out: lpSystemTimeAsFileTime=0x4e4deb4*(dwLowDateTime=0x92aad0, dwHighDateTime=0x1d6076d)) [0207.704] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png")) returned 0x2020 [0207.708] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", dwFileAttributes=0x80) returned 1 [0207.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b4 [0207.718] GetFileSize (in: hFile=0x6b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc8d [0207.723] ReadFile (in: hFile=0x6b4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc8d, lpNumberOfBytesRead=0x4e4de8c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4de8c*=0xc8d, lpOverlapped=0x0) returned 1 [0207.755] GetCurrentThreadId () returned 0x6f8 [0207.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de14 | out: lpSystemTimeAsFileTime=0x4e4de14*(dwLowDateTime=0x99cef0, dwHighDateTime=0x1d6076d)) [0207.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de14 | out: lpSystemTimeAsFileTime=0x4e4de14*(dwLowDateTime=0x99cef0, dwHighDateTime=0x1d6076d)) [0207.755] GetCurrentThreadId () returned 0x6f8 [0207.755] CloseHandle (hObject=0x6b4) returned 1 [0207.755] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", dwFileAttributes=0x2020) returned 1 [0207.755] GetCurrentThreadId () returned 0x6f8 [0207.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4d56c | out: lpSystemTimeAsFileTime=0x4e4d56c*(dwLowDateTime=0x99cef0, dwHighDateTime=0x1d6076d)) [0207.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4d56c | out: lpSystemTimeAsFileTime=0x4e4d56c*(dwLowDateTime=0x99cef0, dwHighDateTime=0x1d6076d)) [0207.756] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", piIcon=0x4e4de98 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", piIcon=0x4e4de98) returned 0xb014d [0207.772] GetIconInfo (in: hIcon=0xb014d, piconinfo=0x4e4de84 | out: piconinfo=0x4e4de84) returned 1 [0207.773] CreateFileW (lpFileName="MKMQ.ico" (normalized: "c:\\windows\\system32\\mkmq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b8 [0207.773] GetObjectA (in: h=0x370501fa, c=24, pv=0x4e4de48 | out: pv=0x4e4de48) returned 24 [0207.773] GetObjectA (in: h=0x53050772, c=24, pv=0x4e4de60 | out: pv=0x4e4de60) returned 24 [0207.773] CreateCompatibleDC (hdc=0x0) returned 0x5501016f [0207.774] GetDIBits (in: hdc=0x5501016f, hbm=0x370501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d9f8) returned 1 [0207.774] GetDIBits (in: hdc=0x5501016f, hbm=0x370501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4d9f8) returned 32 [0207.774] GetDIBits (in: hdc=0x5501016f, hbm=0x370501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d5d0) returned 1 [0207.774] GetDIBits (in: hdc=0x5501016f, hbm=0x53050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4d5d0) returned 32 [0207.774] WriteFile (in: hFile=0x6b8, lpBuffer=0x4e4d5b0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5b0*, lpNumberOfBytesWritten=0x4e4d598*=0x6, lpOverlapped=0x0) returned 1 [0207.775] WriteFile (in: hFile=0x6b8, lpBuffer=0x4e4d5a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5a0*, lpNumberOfBytesWritten=0x4e4d598*=0x10, lpOverlapped=0x0) returned 1 [0207.776] WriteFile (in: hFile=0x6b8, lpBuffer=0x4e4de20*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4de20*, lpNumberOfBytesWritten=0x4e4d598*=0x28, lpOverlapped=0x0) returned 1 [0207.776] WriteFile (in: hFile=0x6b8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4d598*=0x1000, lpOverlapped=0x0) returned 1 [0207.776] WriteFile (in: hFile=0x6b8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4d598*=0x80, lpOverlapped=0x0) returned 1 [0207.776] DeleteDC (hdc=0x5501016f) returned 1 [0207.776] CloseHandle (hObject=0x6b8) returned 1 [0207.777] DeleteObject (ho=0x370501fa) returned 1 [0207.777] DeleteObject (ho=0x53050772) returned 1 [0207.777] DestroyCursor (hCursor=0xb014d) returned 1 [0207.777] GetCurrentThreadId () returned 0x6f8 [0207.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b8 [0207.777] GetFileSize (in: hFile=0x6b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc8d [0207.781] ReadFile (in: hFile=0x6b8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc8d, lpNumberOfBytesRead=0x4e4e184, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e184*=0xc8d, lpOverlapped=0x0) returned 1 [0207.781] CloseHandle (hObject=0x6b8) returned 1 [0207.782] GetCurrentThreadId () returned 0x6f8 [0207.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0x9e91b0, dwHighDateTime=0x1d6076d)) [0207.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0x9e91b0, dwHighDateTime=0x1d6076d)) [0207.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de00 | out: lpSystemTimeAsFileTime=0x4e4de00*(dwLowDateTime=0x9e91b0, dwHighDateTime=0x1d6076d)) [0207.873] GetCurrentThreadId () returned 0x6f8 [0207.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0xacd9f0, dwHighDateTime=0x1d6076d)) [0207.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0xacd9f0, dwHighDateTime=0x1d6076d)) [0207.873] GetCurrentThreadId () returned 0x6f8 [0207.873] CreateFileW (lpFileName="KcsQ.exe" (normalized: "c:\\windows\\system32\\kcsq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.874] CreateFileW (lpFileName="KcsQ.exe" (normalized: "c:\\windows\\system32\\kcsq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.874] GetCurrentThreadId () returned 0x6f8 [0207.874] GetCurrentThreadId () returned 0x6f8 [0207.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0xacd9f0, dwHighDateTime=0x1d6076d)) [0207.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0xacd9f0, dwHighDateTime=0x1d6076d)) [0207.874] CreateFileW (lpFileName="KcsQ.exe" (normalized: "c:\\windows\\system32\\kcsq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.874] GetCurrentThreadId () returned 0x6f8 [0207.874] BeginUpdateResourceW (pFileName="KcsQ.exe" (normalized: "c:\\windows\\system32\\kcsq.exe"), bDeleteExistingResources=0) returned 0x0 [0207.874] CreateFileW (lpFileName="MKMQ.ico" (normalized: "c:\\windows\\system32\\mkmq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b8 [0207.874] GetFileSize (in: hFile=0x6b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0207.875] ReadFile (in: hFile=0x6b8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4de98, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4de98*=0x10be, lpOverlapped=0x0) returned 1 [0207.875] CloseHandle (hObject=0x6b8) returned 1 [0207.875] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0207.875] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4de84, cb=0x14) returned 0 [0207.875] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0207.875] CopyFileW (lpExistingFileName="KcsQ.exe" (normalized: "c:\\windows\\system32\\kcsq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.exe"), bFailIfExists=0) returned 0 [0207.875] SetNamedSecurityInfoW () returned 0x2 [0207.875] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png")) returned 1 [0207.876] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x114, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4dedc*=0x114, lpOverlapped=0x0) returned 1 [0207.877] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4dedc*=0x4, lpOverlapped=0x0) returned 1 [0207.877] DeleteFileW (lpFileName="MKMQ.ico" (normalized: "c:\\windows\\system32\\mkmq.ico")) returned 1 [0207.878] DeleteFileW (lpFileName="KcsQ.exe" (normalized: "c:\\windows\\system32\\kcsq.exe")) returned 0 [0207.878] GetCurrentThreadId () returned 0x6f8 [0207.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de8c | out: lpSystemTimeAsFileTime=0x4e4de8c*(dwLowDateTime=0xacd9f0, dwHighDateTime=0x1d6076d)) [0207.878] GetCurrentThreadId () returned 0x6f8 [0207.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xacd9f0, dwHighDateTime=0x1d6076d)) [0207.879] FindNextFileW (in: hFindFile=0x6b5e80, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0207.879] GetCurrentThreadId () returned 0x6f8 [0207.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4deb4 | out: lpSystemTimeAsFileTime=0x4e4deb4*(dwLowDateTime=0xacd9f0, dwHighDateTime=0x1d6076d)) [0207.879] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png")) returned 0x2020 [0207.880] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", dwFileAttributes=0x80) returned 1 [0207.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b8 [0207.880] GetFileSize (in: hFile=0x6b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8f [0207.885] ReadFile (in: hFile=0x6b8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x8f, lpNumberOfBytesRead=0x4e4de8c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4de8c*=0x8f, lpOverlapped=0x0) returned 1 [0207.886] CloseHandle (hObject=0x6b8) returned 1 [0207.886] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", dwFileAttributes=0x2020) returned 1 [0207.886] CloseHandle (hObject=0x4e4e1b4) returned 0 [0207.886] GetCurrentThreadId () returned 0x6f8 [0207.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de8c | out: lpSystemTimeAsFileTime=0x4e4de8c*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.886] GetCurrentThreadId () returned 0x6f8 [0207.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.887] FindNextFileW (in: hFindFile=0x6b5e80, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0207.887] GetCurrentThreadId () returned 0x6f8 [0207.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.887] FindNextFileW (in: hFindFile=0x6b5e80, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0207.887] GetCurrentThreadId () returned 0x6f8 [0207.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.887] FindNextFileW (in: hFindFile=0x6b5e80, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0207.887] GetCurrentThreadId () returned 0x6f8 [0207.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.887] FindNextFileW (in: hFindFile=0x6b5e80, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0207.887] GetCurrentThreadId () returned 0x6f8 [0207.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.887] GetCurrentThreadId () returned 0x6f8 [0207.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.887] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5ec0 [0207.890] GetCurrentThreadId () returned 0x6f8 [0207.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.890] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.890] GetCurrentThreadId () returned 0x6f8 [0207.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.891] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0207.891] GetCurrentThreadId () returned 0x6f8 [0207.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.891] GetCurrentThreadId () returned 0x6f8 [0207.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.891] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5f00 [0207.891] GetCurrentThreadId () returned 0x6f8 [0207.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.891] FindNextFileW (in: hFindFile=0x6b5f00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.891] GetCurrentThreadId () returned 0x6f8 [0207.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.891] FindNextFileW (in: hFindFile=0x6b5f00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.891] GetCurrentThreadId () returned 0x6f8 [0207.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.891] FindNextFileW (in: hFindFile=0x6b5f00, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.891] GetCurrentThreadId () returned 0x6f8 [0207.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.892] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0207.892] GetCurrentThreadId () returned 0x6f8 [0207.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.892] GetCurrentThreadId () returned 0x6f8 [0207.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.892] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5f40 [0207.892] GetCurrentThreadId () returned 0x6f8 [0207.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.892] FindNextFileW (in: hFindFile=0x6b5f40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.892] GetCurrentThreadId () returned 0x6f8 [0207.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.892] FindNextFileW (in: hFindFile=0x6b5f40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.892] GetCurrentThreadId () returned 0x6f8 [0207.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.892] FindNextFileW (in: hFindFile=0x6b5f40, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.892] GetCurrentThreadId () returned 0x6f8 [0207.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.893] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0207.893] GetCurrentThreadId () returned 0x6f8 [0207.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.893] GetCurrentThreadId () returned 0x6f8 [0207.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.893] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5f80 [0207.894] GetCurrentThreadId () returned 0x6f8 [0207.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.894] FindNextFileW (in: hFindFile=0x6b5f80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.894] GetCurrentThreadId () returned 0x6f8 [0207.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.895] FindNextFileW (in: hFindFile=0x6b5f80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.895] GetCurrentThreadId () returned 0x6f8 [0207.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.895] FindNextFileW (in: hFindFile=0x6b5f80, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.895] GetCurrentThreadId () returned 0x6f8 [0207.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.895] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0207.895] GetCurrentThreadId () returned 0x6f8 [0207.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.895] GetCurrentThreadId () returned 0x6f8 [0207.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b5fc0 [0207.895] GetCurrentThreadId () returned 0x6f8 [0207.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.895] FindNextFileW (in: hFindFile=0x6b5fc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.897] GetCurrentThreadId () returned 0x6f8 [0207.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.897] FindNextFileW (in: hFindFile=0x6b5fc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.897] GetCurrentThreadId () returned 0x6f8 [0207.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.897] FindNextFileW (in: hFindFile=0x6b5fc0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.897] GetCurrentThreadId () returned 0x6f8 [0207.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.897] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0207.897] GetCurrentThreadId () returned 0x6f8 [0207.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.898] GetCurrentThreadId () returned 0x6f8 [0207.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.898] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b6000 [0207.899] GetCurrentThreadId () returned 0x6f8 [0207.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.899] FindNextFileW (in: hFindFile=0x6b6000, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.899] GetCurrentThreadId () returned 0x6f8 [0207.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.899] FindNextFileW (in: hFindFile=0x6b6000, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.899] GetCurrentThreadId () returned 0x6f8 [0207.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.899] FindNextFileW (in: hFindFile=0x6b6000, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.899] GetCurrentThreadId () returned 0x6f8 [0207.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.899] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0207.899] GetCurrentThreadId () returned 0x6f8 [0207.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.899] GetCurrentThreadId () returned 0x6f8 [0207.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.899] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b6040 [0207.900] GetCurrentThreadId () returned 0x6f8 [0207.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.900] FindNextFileW (in: hFindFile=0x6b6040, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.900] GetCurrentThreadId () returned 0x6f8 [0207.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.900] FindNextFileW (in: hFindFile=0x6b6040, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.900] GetCurrentThreadId () returned 0x6f8 [0207.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.900] FindNextFileW (in: hFindFile=0x6b6040, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.900] GetCurrentThreadId () returned 0x6f8 [0207.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xaf3b50, dwHighDateTime=0x1d6076d)) [0207.900] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0207.900] GetCurrentThreadId () returned 0x6f8 [0207.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.900] GetCurrentThreadId () returned 0x6f8 [0207.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.900] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b6080 [0207.902] GetCurrentThreadId () returned 0x6f8 [0207.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.902] FindNextFileW (in: hFindFile=0x6b6080, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.902] GetCurrentThreadId () returned 0x6f8 [0207.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.902] FindNextFileW (in: hFindFile=0x6b6080, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.902] GetCurrentThreadId () returned 0x6f8 [0207.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.902] FindNextFileW (in: hFindFile=0x6b6080, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.903] GetCurrentThreadId () returned 0x6f8 [0207.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.903] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0207.903] GetCurrentThreadId () returned 0x6f8 [0207.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.903] GetCurrentThreadId () returned 0x6f8 [0207.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.903] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b60c0 [0207.903] GetCurrentThreadId () returned 0x6f8 [0207.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.903] FindNextFileW (in: hFindFile=0x6b60c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.903] GetCurrentThreadId () returned 0x6f8 [0207.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.903] FindNextFileW (in: hFindFile=0x6b60c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.903] GetCurrentThreadId () returned 0x6f8 [0207.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.904] FindNextFileW (in: hFindFile=0x6b60c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.904] GetCurrentThreadId () returned 0x6f8 [0207.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.904] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0207.904] GetCurrentThreadId () returned 0x6f8 [0207.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.904] GetCurrentThreadId () returned 0x6f8 [0207.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.904] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b6100 [0207.905] GetCurrentThreadId () returned 0x6f8 [0207.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.905] FindNextFileW (in: hFindFile=0x6b6100, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.905] GetCurrentThreadId () returned 0x6f8 [0207.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.905] FindNextFileW (in: hFindFile=0x6b6100, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.905] GetCurrentThreadId () returned 0x6f8 [0207.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.905] FindNextFileW (in: hFindFile=0x6b6100, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.905] GetCurrentThreadId () returned 0x6f8 [0207.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.905] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0207.906] GetCurrentThreadId () returned 0x6f8 [0207.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.906] GetCurrentThreadId () returned 0x6f8 [0207.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b6140 [0207.907] GetCurrentThreadId () returned 0x6f8 [0207.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.907] FindNextFileW (in: hFindFile=0x6b6140, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.907] GetCurrentThreadId () returned 0x6f8 [0207.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.907] FindNextFileW (in: hFindFile=0x6b6140, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.907] GetCurrentThreadId () returned 0x6f8 [0207.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.907] FindNextFileW (in: hFindFile=0x6b6140, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.907] GetCurrentThreadId () returned 0x6f8 [0207.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.907] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0207.907] GetCurrentThreadId () returned 0x6f8 [0207.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.907] GetCurrentThreadId () returned 0x6f8 [0207.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.907] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b6180 [0207.908] GetCurrentThreadId () returned 0x6f8 [0207.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.908] FindNextFileW (in: hFindFile=0x6b6180, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.908] GetCurrentThreadId () returned 0x6f8 [0207.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.908] FindNextFileW (in: hFindFile=0x6b6180, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.908] GetCurrentThreadId () returned 0x6f8 [0207.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.908] FindNextFileW (in: hFindFile=0x6b6180, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.908] GetCurrentThreadId () returned 0x6f8 [0207.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.909] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0207.909] GetCurrentThreadId () returned 0x6f8 [0207.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.909] GetCurrentThreadId () returned 0x6f8 [0207.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.909] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b61c0 [0207.910] GetCurrentThreadId () returned 0x6f8 [0207.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.910] FindNextFileW (in: hFindFile=0x6b61c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.910] GetCurrentThreadId () returned 0x6f8 [0207.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.910] FindNextFileW (in: hFindFile=0x6b61c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.910] GetCurrentThreadId () returned 0x6f8 [0207.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.910] FindNextFileW (in: hFindFile=0x6b61c0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.910] GetCurrentThreadId () returned 0x6f8 [0207.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.910] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0207.910] GetCurrentThreadId () returned 0x6f8 [0207.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.910] GetCurrentThreadId () returned 0x6f8 [0207.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.911] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b6200 [0207.911] GetCurrentThreadId () returned 0x6f8 [0207.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.911] FindNextFileW (in: hFindFile=0x6b6200, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.911] GetCurrentThreadId () returned 0x6f8 [0207.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.911] FindNextFileW (in: hFindFile=0x6b6200, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.925] GetCurrentThreadId () returned 0x6f8 [0207.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.925] FindNextFileW (in: hFindFile=0x6b6200, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.925] GetCurrentThreadId () returned 0x6f8 [0207.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.925] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0207.925] GetCurrentThreadId () returned 0x6f8 [0207.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.925] GetCurrentThreadId () returned 0x6f8 [0207.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.926] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b6240 [0207.927] GetCurrentThreadId () returned 0x6f8 [0207.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.927] FindNextFileW (in: hFindFile=0x6b6240, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.927] GetCurrentThreadId () returned 0x6f8 [0207.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.927] FindNextFileW (in: hFindFile=0x6b6240, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.927] GetCurrentThreadId () returned 0x6f8 [0207.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.927] FindNextFileW (in: hFindFile=0x6b6240, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.927] GetCurrentThreadId () returned 0x6f8 [0207.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.927] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0207.927] GetCurrentThreadId () returned 0x6f8 [0207.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.927] GetCurrentThreadId () returned 0x6f8 [0207.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.927] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6b6280 [0207.928] GetCurrentThreadId () returned 0x6f8 [0207.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.928] FindNextFileW (in: hFindFile=0x6b6280, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.928] GetCurrentThreadId () returned 0x6f8 [0207.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.928] FindNextFileW (in: hFindFile=0x6b6280, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.928] GetCurrentThreadId () returned 0x6f8 [0207.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.928] FindNextFileW (in: hFindFile=0x6b6280, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.928] GetCurrentThreadId () returned 0x6f8 [0207.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.928] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0207.928] GetCurrentThreadId () returned 0x6f8 [0207.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.928] GetCurrentThreadId () returned 0x6f8 [0207.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.928] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcaa8 [0207.930] GetCurrentThreadId () returned 0x6f8 [0207.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.930] FindNextFileW (in: hFindFile=0x6bcaa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.930] GetCurrentThreadId () returned 0x6f8 [0207.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.930] FindNextFileW (in: hFindFile=0x6bcaa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.930] GetCurrentThreadId () returned 0x6f8 [0207.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.930] FindNextFileW (in: hFindFile=0x6bcaa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.930] GetCurrentThreadId () returned 0x6f8 [0207.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.930] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0207.930] GetCurrentThreadId () returned 0x6f8 [0207.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.930] GetCurrentThreadId () returned 0x6f8 [0207.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.930] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcae8 [0207.930] GetCurrentThreadId () returned 0x6f8 [0207.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.931] FindNextFileW (in: hFindFile=0x6bcae8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.931] GetCurrentThreadId () returned 0x6f8 [0207.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.931] FindNextFileW (in: hFindFile=0x6bcae8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.931] GetCurrentThreadId () returned 0x6f8 [0207.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.931] FindNextFileW (in: hFindFile=0x6bcae8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.931] GetCurrentThreadId () returned 0x6f8 [0207.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.931] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0207.931] GetCurrentThreadId () returned 0x6f8 [0207.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.931] GetCurrentThreadId () returned 0x6f8 [0207.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb3fe10, dwHighDateTime=0x1d6076d)) [0207.931] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcb28 [0207.932] GetCurrentThreadId () returned 0x6f8 [0207.932] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.932] FindNextFileW (in: hFindFile=0x6bcb28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.932] GetCurrentThreadId () returned 0x6f8 [0207.932] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.932] FindNextFileW (in: hFindFile=0x6bcb28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.932] GetCurrentThreadId () returned 0x6f8 [0207.932] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.933] FindNextFileW (in: hFindFile=0x6bcb28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.933] GetCurrentThreadId () returned 0x6f8 [0207.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.933] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0207.933] GetCurrentThreadId () returned 0x6f8 [0207.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.933] GetCurrentThreadId () returned 0x6f8 [0207.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.933] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcb68 [0207.933] GetCurrentThreadId () returned 0x6f8 [0207.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.933] FindNextFileW (in: hFindFile=0x6bcb68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.933] GetCurrentThreadId () returned 0x6f8 [0207.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.933] FindNextFileW (in: hFindFile=0x6bcb68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.934] GetCurrentThreadId () returned 0x6f8 [0207.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.934] FindNextFileW (in: hFindFile=0x6bcb68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.934] GetCurrentThreadId () returned 0x6f8 [0207.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.934] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0207.934] GetCurrentThreadId () returned 0x6f8 [0207.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.934] GetCurrentThreadId () returned 0x6f8 [0207.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.934] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcba8 [0207.935] GetCurrentThreadId () returned 0x6f8 [0207.935] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.935] FindNextFileW (in: hFindFile=0x6bcba8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.935] GetCurrentThreadId () returned 0x6f8 [0207.935] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.935] FindNextFileW (in: hFindFile=0x6bcba8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.935] GetCurrentThreadId () returned 0x6f8 [0207.935] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.935] FindNextFileW (in: hFindFile=0x6bcba8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.935] GetCurrentThreadId () returned 0x6f8 [0207.935] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.935] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0207.936] GetCurrentThreadId () returned 0x6f8 [0207.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.936] GetCurrentThreadId () returned 0x6f8 [0207.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.936] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcbe8 [0207.936] GetCurrentThreadId () returned 0x6f8 [0207.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.936] FindNextFileW (in: hFindFile=0x6bcbe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.936] GetCurrentThreadId () returned 0x6f8 [0207.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.936] FindNextFileW (in: hFindFile=0x6bcbe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.936] GetCurrentThreadId () returned 0x6f8 [0207.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.936] FindNextFileW (in: hFindFile=0x6bcbe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.936] GetCurrentThreadId () returned 0x6f8 [0207.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.936] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0207.937] GetCurrentThreadId () returned 0x6f8 [0207.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.937] GetCurrentThreadId () returned 0x6f8 [0207.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.937] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcc28 [0207.938] GetCurrentThreadId () returned 0x6f8 [0207.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.938] FindNextFileW (in: hFindFile=0x6bcc28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.938] GetCurrentThreadId () returned 0x6f8 [0207.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.938] FindNextFileW (in: hFindFile=0x6bcc28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.938] GetCurrentThreadId () returned 0x6f8 [0207.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.938] FindNextFileW (in: hFindFile=0x6bcc28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.938] GetCurrentThreadId () returned 0x6f8 [0207.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.938] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0207.938] GetCurrentThreadId () returned 0x6f8 [0207.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.938] GetCurrentThreadId () returned 0x6f8 [0207.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.938] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcc68 [0207.939] GetCurrentThreadId () returned 0x6f8 [0207.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.939] FindNextFileW (in: hFindFile=0x6bcc68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.939] GetCurrentThreadId () returned 0x6f8 [0207.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.939] FindNextFileW (in: hFindFile=0x6bcc68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.939] GetCurrentThreadId () returned 0x6f8 [0207.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.939] FindNextFileW (in: hFindFile=0x6bcc68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.939] GetCurrentThreadId () returned 0x6f8 [0207.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.939] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0207.939] GetCurrentThreadId () returned 0x6f8 [0207.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.939] GetCurrentThreadId () returned 0x6f8 [0207.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.939] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcca8 [0207.940] GetCurrentThreadId () returned 0x6f8 [0207.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.940] FindNextFileW (in: hFindFile=0x6bcca8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.940] GetCurrentThreadId () returned 0x6f8 [0207.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.941] FindNextFileW (in: hFindFile=0x6bcca8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.941] GetCurrentThreadId () returned 0x6f8 [0207.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.941] FindNextFileW (in: hFindFile=0x6bcca8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.941] GetCurrentThreadId () returned 0x6f8 [0207.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.941] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0207.941] GetCurrentThreadId () returned 0x6f8 [0207.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.941] GetCurrentThreadId () returned 0x6f8 [0207.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.941] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcce8 [0207.941] GetCurrentThreadId () returned 0x6f8 [0207.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.941] FindNextFileW (in: hFindFile=0x6bcce8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.942] GetCurrentThreadId () returned 0x6f8 [0207.942] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.942] FindNextFileW (in: hFindFile=0x6bcce8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.942] GetCurrentThreadId () returned 0x6f8 [0207.942] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.942] FindNextFileW (in: hFindFile=0x6bcce8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.942] GetCurrentThreadId () returned 0x6f8 [0207.942] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.942] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0207.942] GetCurrentThreadId () returned 0x6f8 [0207.942] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.942] GetCurrentThreadId () returned 0x6f8 [0207.942] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.942] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcd28 [0207.943] GetCurrentThreadId () returned 0x6f8 [0207.943] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.943] FindNextFileW (in: hFindFile=0x6bcd28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.943] GetCurrentThreadId () returned 0x6f8 [0207.943] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.943] FindNextFileW (in: hFindFile=0x6bcd28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f8580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.943] GetCurrentThreadId () returned 0x6f8 [0207.943] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.943] FindNextFileW (in: hFindFile=0x6bcd28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f8580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.943] GetCurrentThreadId () returned 0x6f8 [0207.943] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.944] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0207.944] GetCurrentThreadId () returned 0x6f8 [0207.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.944] GetCurrentThreadId () returned 0x6f8 [0207.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.944] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcd68 [0207.944] GetCurrentThreadId () returned 0x6f8 [0207.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.944] FindNextFileW (in: hFindFile=0x6bcd68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.944] GetCurrentThreadId () returned 0x6f8 [0207.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.944] FindNextFileW (in: hFindFile=0x6bcd68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.944] GetCurrentThreadId () returned 0x6f8 [0207.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.944] FindNextFileW (in: hFindFile=0x6bcd68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.944] GetCurrentThreadId () returned 0x6f8 [0207.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.945] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0207.945] GetCurrentThreadId () returned 0x6f8 [0207.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.945] GetCurrentThreadId () returned 0x6f8 [0207.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.945] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcda8 [0207.946] GetCurrentThreadId () returned 0x6f8 [0207.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.946] FindNextFileW (in: hFindFile=0x6bcda8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.946] GetCurrentThreadId () returned 0x6f8 [0207.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.946] FindNextFileW (in: hFindFile=0x6bcda8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.946] GetCurrentThreadId () returned 0x6f8 [0207.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.946] FindNextFileW (in: hFindFile=0x6bcda8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.946] GetCurrentThreadId () returned 0x6f8 [0207.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.946] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0207.946] GetCurrentThreadId () returned 0x6f8 [0207.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.946] GetCurrentThreadId () returned 0x6f8 [0207.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.946] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcde8 [0207.947] GetCurrentThreadId () returned 0x6f8 [0207.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb65f70, dwHighDateTime=0x1d6076d)) [0207.947] FindNextFileW (in: hFindFile=0x6bcde8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.947] GetCurrentThreadId () returned 0x6f8 [0207.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.947] FindNextFileW (in: hFindFile=0x6bcde8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.947] GetCurrentThreadId () returned 0x6f8 [0207.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.947] FindNextFileW (in: hFindFile=0x6bcde8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.947] GetCurrentThreadId () returned 0x6f8 [0207.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.947] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0207.947] GetCurrentThreadId () returned 0x6f8 [0207.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.947] GetCurrentThreadId () returned 0x6f8 [0207.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.947] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bce28 [0207.948] GetCurrentThreadId () returned 0x6f8 [0207.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.949] FindNextFileW (in: hFindFile=0x6bce28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.949] GetCurrentThreadId () returned 0x6f8 [0207.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.949] FindNextFileW (in: hFindFile=0x6bce28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.949] GetCurrentThreadId () returned 0x6f8 [0207.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.949] FindNextFileW (in: hFindFile=0x6bce28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.949] GetCurrentThreadId () returned 0x6f8 [0207.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.949] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0207.949] GetCurrentThreadId () returned 0x6f8 [0207.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.949] GetCurrentThreadId () returned 0x6f8 [0207.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.949] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bce68 [0207.949] GetCurrentThreadId () returned 0x6f8 [0207.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.950] FindNextFileW (in: hFindFile=0x6bce68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.950] GetCurrentThreadId () returned 0x6f8 [0207.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.950] FindNextFileW (in: hFindFile=0x6bce68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.950] GetCurrentThreadId () returned 0x6f8 [0207.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.950] FindNextFileW (in: hFindFile=0x6bce68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.950] GetCurrentThreadId () returned 0x6f8 [0207.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.950] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0207.950] GetCurrentThreadId () returned 0x6f8 [0207.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.950] GetCurrentThreadId () returned 0x6f8 [0207.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.950] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcea8 [0207.951] GetCurrentThreadId () returned 0x6f8 [0207.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.951] FindNextFileW (in: hFindFile=0x6bcea8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.951] GetCurrentThreadId () returned 0x6f8 [0207.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.951] FindNextFileW (in: hFindFile=0x6bcea8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.951] GetCurrentThreadId () returned 0x6f8 [0207.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.951] FindNextFileW (in: hFindFile=0x6bcea8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.952] GetCurrentThreadId () returned 0x6f8 [0207.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.952] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0207.952] GetCurrentThreadId () returned 0x6f8 [0207.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.952] GetCurrentThreadId () returned 0x6f8 [0207.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.952] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcee8 [0207.952] GetCurrentThreadId () returned 0x6f8 [0207.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.952] FindNextFileW (in: hFindFile=0x6bcee8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.952] GetCurrentThreadId () returned 0x6f8 [0207.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.952] FindNextFileW (in: hFindFile=0x6bcee8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.952] GetCurrentThreadId () returned 0x6f8 [0207.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.952] FindNextFileW (in: hFindFile=0x6bcee8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.952] GetCurrentThreadId () returned 0x6f8 [0207.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.953] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0207.953] GetCurrentThreadId () returned 0x6f8 [0207.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.953] GetCurrentThreadId () returned 0x6f8 [0207.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.953] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcf28 [0207.954] GetCurrentThreadId () returned 0x6f8 [0207.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.954] FindNextFileW (in: hFindFile=0x6bcf28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.954] GetCurrentThreadId () returned 0x6f8 [0207.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.954] FindNextFileW (in: hFindFile=0x6bcf28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.954] GetCurrentThreadId () returned 0x6f8 [0207.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.954] FindNextFileW (in: hFindFile=0x6bcf28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.954] GetCurrentThreadId () returned 0x6f8 [0207.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.954] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0207.954] GetCurrentThreadId () returned 0x6f8 [0207.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.954] GetCurrentThreadId () returned 0x6f8 [0207.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.954] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcf68 [0207.955] GetCurrentThreadId () returned 0x6f8 [0207.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.955] FindNextFileW (in: hFindFile=0x6bcf68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.957] GetCurrentThreadId () returned 0x6f8 [0207.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.957] FindNextFileW (in: hFindFile=0x6bcf68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.957] GetCurrentThreadId () returned 0x6f8 [0207.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.957] FindNextFileW (in: hFindFile=0x6bcf68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.957] GetCurrentThreadId () returned 0x6f8 [0207.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.957] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0207.957] GetCurrentThreadId () returned 0x6f8 [0207.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.957] GetCurrentThreadId () returned 0x6f8 [0207.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.957] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcfa8 [0207.958] GetCurrentThreadId () returned 0x6f8 [0207.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.958] FindNextFileW (in: hFindFile=0x6bcfa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.958] GetCurrentThreadId () returned 0x6f8 [0207.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.958] FindNextFileW (in: hFindFile=0x6bcfa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.958] GetCurrentThreadId () returned 0x6f8 [0207.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.958] FindNextFileW (in: hFindFile=0x6bcfa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.959] GetCurrentThreadId () returned 0x6f8 [0207.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.959] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0207.959] GetCurrentThreadId () returned 0x6f8 [0207.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.959] GetCurrentThreadId () returned 0x6f8 [0207.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.959] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bcfe8 [0207.959] GetCurrentThreadId () returned 0x6f8 [0207.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.959] FindNextFileW (in: hFindFile=0x6bcfe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.959] GetCurrentThreadId () returned 0x6f8 [0207.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.960] FindNextFileW (in: hFindFile=0x6bcfe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.960] GetCurrentThreadId () returned 0x6f8 [0207.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.960] FindNextFileW (in: hFindFile=0x6bcfe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.960] GetCurrentThreadId () returned 0x6f8 [0207.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.960] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0207.960] GetCurrentThreadId () returned 0x6f8 [0207.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.960] GetCurrentThreadId () returned 0x6f8 [0207.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.960] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bd028 [0207.961] GetCurrentThreadId () returned 0x6f8 [0207.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.961] FindNextFileW (in: hFindFile=0x6bd028, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.961] GetCurrentThreadId () returned 0x6f8 [0207.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.961] FindNextFileW (in: hFindFile=0x6bd028, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.961] GetCurrentThreadId () returned 0x6f8 [0207.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.961] FindNextFileW (in: hFindFile=0x6bd028, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.962] GetCurrentThreadId () returned 0x6f8 [0207.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.962] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0207.962] GetCurrentThreadId () returned 0x6f8 [0207.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.962] GetCurrentThreadId () returned 0x6f8 [0207.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.962] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bd068 [0207.962] GetCurrentThreadId () returned 0x6f8 [0207.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.962] FindNextFileW (in: hFindFile=0x6bd068, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.962] GetCurrentThreadId () returned 0x6f8 [0207.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xb8c0d0, dwHighDateTime=0x1d6076d)) [0207.962] FindNextFileW (in: hFindFile=0x6bd068, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.962] GetCurrentThreadId () returned 0x6f8 [0207.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xbb2230, dwHighDateTime=0x1d6076d)) [0207.963] FindNextFileW (in: hFindFile=0x6bd068, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.963] GetCurrentThreadId () returned 0x6f8 [0207.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xbb2230, dwHighDateTime=0x1d6076d)) [0207.963] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0207.963] GetCurrentThreadId () returned 0x6f8 [0207.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xbb2230, dwHighDateTime=0x1d6076d)) [0207.963] GetCurrentThreadId () returned 0x6f8 [0207.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xbb2230, dwHighDateTime=0x1d6076d)) [0207.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bd0a8 [0207.964] GetCurrentThreadId () returned 0x6f8 [0207.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xbb2230, dwHighDateTime=0x1d6076d)) [0207.964] FindNextFileW (in: hFindFile=0x6bd0a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.964] GetCurrentThreadId () returned 0x6f8 [0207.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xbb2230, dwHighDateTime=0x1d6076d)) [0207.964] FindNextFileW (in: hFindFile=0x6bd0a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.964] GetCurrentThreadId () returned 0x6f8 [0207.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xbb2230, dwHighDateTime=0x1d6076d)) [0207.964] FindNextFileW (in: hFindFile=0x6bd0a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.964] GetCurrentThreadId () returned 0x6f8 [0207.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xbb2230, dwHighDateTime=0x1d6076d)) [0207.964] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0207.965] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bd0e8 [0207.965] FindNextFileW (in: hFindFile=0x6bd0e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.965] FindNextFileW (in: hFindFile=0x6bd0e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.965] FindNextFileW (in: hFindFile=0x6bd0e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.965] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0207.965] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bd128 [0207.966] FindNextFileW (in: hFindFile=0x6bd128, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.966] FindNextFileW (in: hFindFile=0x6bd128, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.966] FindNextFileW (in: hFindFile=0x6bd128, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.966] FindNextFileW (in: hFindFile=0x6b5ec0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0207.966] FindNextFileW (in: hFindFile=0x6b5e80, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0207.966] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bd168 [0207.966] FindNextFileW (in: hFindFile=0x6bd168, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.966] FindNextFileW (in: hFindFile=0x6bd168, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x0, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0207.966] FindNextFileW (in: hFindFile=0x6bd168, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0207.967] FindNextFileW (in: hFindFile=0x6bd168, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0207.967] FindNextFileW (in: hFindFile=0x6b5e80, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0207.967] FindNextFileW (in: hFindFile=0x6b5e40, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 0 [0207.967] FindNextFileW (in: hFindFile=0x6a9308, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="apdfllckaahabafndbhieahigkjlhalf", cAlternateFileName="APDFLL~1")) returned 1 [0207.967] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bd1a8 [0207.967] FindNextFileW (in: hFindFile=0x6bd1a8, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.967] FindNextFileW (in: hFindFile=0x6bd1a8, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14.1_0", cAlternateFileName="")) returned 1 [0207.967] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bd1e8 [0207.979] FindNextFileW (in: hFindFile=0x6bd1e8, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.979] FindNextFileW (in: hFindFile=0x6bd1e8, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a33, dwReserved0=0x0, dwReserved1=0x0, cFileName="128.png", cAlternateFileName="")) returned 1 [0207.985] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", dwFileAttributes=0x80) returned 1 [0207.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x76c [0207.986] GetFileSize (in: hFile=0x76c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a33 [0207.993] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", dwFileAttributes=0x2020) returned 1 [0207.994] GetCurrentThreadId () returned 0x6f8 [0207.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4d56c | out: lpSystemTimeAsFileTime=0x4e4d56c*(dwLowDateTime=0xbfe4f0, dwHighDateTime=0x1d6076d)) [0207.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4d56c | out: lpSystemTimeAsFileTime=0x4e4d56c*(dwLowDateTime=0xbfe4f0, dwHighDateTime=0x1d6076d)) [0207.994] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", piIcon=0x4e4de98 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", piIcon=0x4e4de98) returned 0xc014d [0208.007] GetIconInfo (in: hIcon=0xc014d, piconinfo=0x4e4de84 | out: piconinfo=0x4e4de84) returned 1 [0208.007] CreateFileW (lpFileName="WuUo.ico" (normalized: "c:\\windows\\system32\\wuuo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0208.008] GetObjectA (in: h=0x7b0501fe, c=24, pv=0x4e4de48 | out: pv=0x4e4de48) returned 24 [0208.008] GetObjectA (in: h=0x38050771, c=24, pv=0x4e4de60 | out: pv=0x4e4de60) returned 24 [0208.008] CreateCompatibleDC (hdc=0x0) returned 0x4a010770 [0208.008] GetDIBits (in: hdc=0x4a010770, hbm=0x7b0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d9f8) returned 1 [0208.008] GetDIBits (in: hdc=0x4a010770, hbm=0x7b0501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4d9f8) returned 32 [0208.008] GetDIBits (in: hdc=0x4a010770, hbm=0x7b0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d5d0) returned 1 [0208.008] GetDIBits (in: hdc=0x4a010770, hbm=0x38050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4d5d0) returned 32 [0208.008] WriteFile (in: hFile=0x770, lpBuffer=0x4e4d5b0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5b0*, lpNumberOfBytesWritten=0x4e4d598*=0x6, lpOverlapped=0x0) returned 1 [0208.010] WriteFile (in: hFile=0x770, lpBuffer=0x4e4d5a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5a0*, lpNumberOfBytesWritten=0x4e4d598*=0x10, lpOverlapped=0x0) returned 1 [0208.010] WriteFile (in: hFile=0x770, lpBuffer=0x4e4de20*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4de20*, lpNumberOfBytesWritten=0x4e4d598*=0x28, lpOverlapped=0x0) returned 1 [0208.011] WriteFile (in: hFile=0x770, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4d598*=0x1000, lpOverlapped=0x0) returned 1 [0208.011] WriteFile (in: hFile=0x770, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4d598*=0x80, lpOverlapped=0x0) returned 1 [0208.011] DeleteDC (hdc=0x4a010770) returned 1 [0208.011] CloseHandle (hObject=0x770) returned 1 [0208.011] DeleteObject (ho=0x7b0501fe) returned 1 [0208.011] DeleteObject (ho=0x38050771) returned 1 [0208.011] DestroyCursor (hCursor=0xc014d) returned 1 [0208.011] GetCurrentThreadId () returned 0x6f8 [0208.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0208.012] GetFileSize (in: hFile=0x770, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a33 [0208.016] ReadFile (in: hFile=0x770, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1a33, lpNumberOfBytesRead=0x4e4e184, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e184*=0x1a33, lpOverlapped=0x0) returned 1 [0208.016] CloseHandle (hObject=0x770) returned 1 [0208.016] GetCurrentThreadId () returned 0x6f8 [0208.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0xc24650, dwHighDateTime=0x1d6076d)) [0208.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0xc24650, dwHighDateTime=0x1d6076d)) [0208.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de00 | out: lpSystemTimeAsFileTime=0x4e4de00*(dwLowDateTime=0xc24650, dwHighDateTime=0x1d6076d)) [0208.120] GetCurrentThreadId () returned 0x6f8 [0208.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.120] GetCurrentThreadId () returned 0x6f8 [0208.121] CreateFileW (lpFileName="WsQq.exe" (normalized: "c:\\windows\\system32\\wsqq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.121] CreateFileW (lpFileName="WsQq.exe" (normalized: "c:\\windows\\system32\\wsqq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.122] GetCurrentThreadId () returned 0x6f8 [0208.122] GetCurrentThreadId () returned 0x6f8 [0208.122] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.122] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.122] CreateFileW (lpFileName="WsQq.exe" (normalized: "c:\\windows\\system32\\wsqq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.122] GetCurrentThreadId () returned 0x6f8 [0208.122] BeginUpdateResourceW (pFileName="WsQq.exe" (normalized: "c:\\windows\\system32\\wsqq.exe"), bDeleteExistingResources=0) returned 0x0 [0208.122] CreateFileW (lpFileName="WuUo.ico" (normalized: "c:\\windows\\system32\\wuuo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x770 [0208.122] GetFileSize (in: hFile=0x770, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0208.122] ReadFile (in: hFile=0x770, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4de98, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4de98*=0x10be, lpOverlapped=0x0) returned 1 [0208.122] CloseHandle (hObject=0x770) returned 1 [0208.123] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0208.123] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4de84, cb=0x14) returned 0 [0208.123] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0208.123] CopyFileW (lpExistingFileName="WsQq.exe" (normalized: "c:\\windows\\system32\\wsqq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.exe"), bFailIfExists=0) returned 0 [0208.123] SetNamedSecurityInfoW () returned 0x2 [0208.123] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png")) returned 1 [0208.125] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x10c, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4dedc*=0x10c, lpOverlapped=0x0) returned 1 [0208.125] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4dedc*=0x4, lpOverlapped=0x0) returned 1 [0208.125] DeleteFileW (lpFileName="WuUo.ico" (normalized: "c:\\windows\\system32\\wuuo.ico")) returned 1 [0208.126] DeleteFileW (lpFileName="WsQq.exe" (normalized: "c:\\windows\\system32\\wsqq.exe")) returned 0 [0208.126] GetCurrentThreadId () returned 0x6f8 [0208.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de8c | out: lpSystemTimeAsFileTime=0x4e4de8c*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.126] GetCurrentThreadId () returned 0x6f8 [0208.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.126] FindNextFileW (in: hFindFile=0x6bd1e8, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8716c790, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0208.127] GetCurrentThreadId () returned 0x6f8 [0208.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.127] FindNextFileW (in: hFindFile=0x6bd1e8, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0208.127] GetCurrentThreadId () returned 0x6f8 [0208.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.127] GetCurrentThreadId () returned 0x6f8 [0208.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.127] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bd228 [0208.129] GetCurrentThreadId () returned 0x6f8 [0208.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.129] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.129] GetCurrentThreadId () returned 0x6f8 [0208.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.129] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0208.130] GetCurrentThreadId () returned 0x6f8 [0208.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.130] GetCurrentThreadId () returned 0x6f8 [0208.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.130] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6beaa8 [0208.130] GetCurrentThreadId () returned 0x6f8 [0208.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.130] FindNextFileW (in: hFindFile=0x6beaa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.130] GetCurrentThreadId () returned 0x6f8 [0208.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.130] FindNextFileW (in: hFindFile=0x6beaa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.130] GetCurrentThreadId () returned 0x6f8 [0208.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.130] FindNextFileW (in: hFindFile=0x6beaa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.131] GetCurrentThreadId () returned 0x6f8 [0208.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.131] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0208.131] GetCurrentThreadId () returned 0x6f8 [0208.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.131] GetCurrentThreadId () returned 0x6f8 [0208.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.131] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6beae8 [0208.133] GetCurrentThreadId () returned 0x6f8 [0208.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.133] FindNextFileW (in: hFindFile=0x6beae8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.133] GetCurrentThreadId () returned 0x6f8 [0208.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.133] FindNextFileW (in: hFindFile=0x6beae8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.133] GetCurrentThreadId () returned 0x6f8 [0208.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.133] FindNextFileW (in: hFindFile=0x6beae8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.133] GetCurrentThreadId () returned 0x6f8 [0208.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.133] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0208.133] GetCurrentThreadId () returned 0x6f8 [0208.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.133] GetCurrentThreadId () returned 0x6f8 [0208.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.133] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6beb28 [0208.133] GetCurrentThreadId () returned 0x6f8 [0208.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.134] FindNextFileW (in: hFindFile=0x6beb28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.134] GetCurrentThreadId () returned 0x6f8 [0208.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.134] FindNextFileW (in: hFindFile=0x6beb28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.134] GetCurrentThreadId () returned 0x6f8 [0208.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.134] FindNextFileW (in: hFindFile=0x6beb28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.134] GetCurrentThreadId () returned 0x6f8 [0208.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.134] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0208.134] GetCurrentThreadId () returned 0x6f8 [0208.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd2eff0, dwHighDateTime=0x1d6076d)) [0208.134] GetCurrentThreadId () returned 0x6f8 [0208.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.134] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6beb68 [0208.135] GetCurrentThreadId () returned 0x6f8 [0208.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.135] FindNextFileW (in: hFindFile=0x6beb68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.135] GetCurrentThreadId () returned 0x6f8 [0208.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.135] FindNextFileW (in: hFindFile=0x6beb68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.136] GetCurrentThreadId () returned 0x6f8 [0208.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.136] FindNextFileW (in: hFindFile=0x6beb68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.136] GetCurrentThreadId () returned 0x6f8 [0208.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.136] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0208.136] GetCurrentThreadId () returned 0x6f8 [0208.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.136] GetCurrentThreadId () returned 0x6f8 [0208.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.136] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6beba8 [0208.136] GetCurrentThreadId () returned 0x6f8 [0208.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.136] FindNextFileW (in: hFindFile=0x6beba8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.136] GetCurrentThreadId () returned 0x6f8 [0208.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.136] FindNextFileW (in: hFindFile=0x6beba8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.137] GetCurrentThreadId () returned 0x6f8 [0208.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.137] FindNextFileW (in: hFindFile=0x6beba8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.137] GetCurrentThreadId () returned 0x6f8 [0208.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.137] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0208.137] GetCurrentThreadId () returned 0x6f8 [0208.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.137] GetCurrentThreadId () returned 0x6f8 [0208.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bebe8 [0208.138] GetCurrentThreadId () returned 0x6f8 [0208.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.138] FindNextFileW (in: hFindFile=0x6bebe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.138] GetCurrentThreadId () returned 0x6f8 [0208.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.138] FindNextFileW (in: hFindFile=0x6bebe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.138] GetCurrentThreadId () returned 0x6f8 [0208.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.138] FindNextFileW (in: hFindFile=0x6bebe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.138] GetCurrentThreadId () returned 0x6f8 [0208.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.138] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0208.138] GetCurrentThreadId () returned 0x6f8 [0208.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.139] GetCurrentThreadId () returned 0x6f8 [0208.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.139] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bec28 [0208.139] GetCurrentThreadId () returned 0x6f8 [0208.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.139] FindNextFileW (in: hFindFile=0x6bec28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.139] GetCurrentThreadId () returned 0x6f8 [0208.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.139] FindNextFileW (in: hFindFile=0x6bec28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x149, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.139] GetCurrentThreadId () returned 0x6f8 [0208.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.139] FindNextFileW (in: hFindFile=0x6bec28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x149, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.139] GetCurrentThreadId () returned 0x6f8 [0208.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.139] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0208.140] GetCurrentThreadId () returned 0x6f8 [0208.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.140] GetCurrentThreadId () returned 0x6f8 [0208.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.140] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bec68 [0208.141] GetCurrentThreadId () returned 0x6f8 [0208.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.141] FindNextFileW (in: hFindFile=0x6bec68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.141] GetCurrentThreadId () returned 0x6f8 [0208.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.141] FindNextFileW (in: hFindFile=0x6bec68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.141] GetCurrentThreadId () returned 0x6f8 [0208.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.141] FindNextFileW (in: hFindFile=0x6bec68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.141] GetCurrentThreadId () returned 0x6f8 [0208.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.141] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0208.141] GetCurrentThreadId () returned 0x6f8 [0208.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.142] GetCurrentThreadId () returned 0x6f8 [0208.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.142] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6beca8 [0208.142] GetCurrentThreadId () returned 0x6f8 [0208.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.142] FindNextFileW (in: hFindFile=0x6beca8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.142] GetCurrentThreadId () returned 0x6f8 [0208.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.142] FindNextFileW (in: hFindFile=0x6beca8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.142] GetCurrentThreadId () returned 0x6f8 [0208.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.142] FindNextFileW (in: hFindFile=0x6beca8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.142] GetCurrentThreadId () returned 0x6f8 [0208.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.142] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0208.142] GetCurrentThreadId () returned 0x6f8 [0208.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.143] GetCurrentThreadId () returned 0x6f8 [0208.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.143] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bece8 [0208.144] GetCurrentThreadId () returned 0x6f8 [0208.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.144] FindNextFileW (in: hFindFile=0x6bece8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.144] GetCurrentThreadId () returned 0x6f8 [0208.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.144] FindNextFileW (in: hFindFile=0x6bece8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.144] GetCurrentThreadId () returned 0x6f8 [0208.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.144] FindNextFileW (in: hFindFile=0x6bece8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.144] GetCurrentThreadId () returned 0x6f8 [0208.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.144] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0208.144] GetCurrentThreadId () returned 0x6f8 [0208.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.144] GetCurrentThreadId () returned 0x6f8 [0208.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.144] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bed28 [0208.145] GetCurrentThreadId () returned 0x6f8 [0208.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.145] FindNextFileW (in: hFindFile=0x6bed28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.145] GetCurrentThreadId () returned 0x6f8 [0208.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.145] FindNextFileW (in: hFindFile=0x6bed28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.145] GetCurrentThreadId () returned 0x6f8 [0208.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.145] FindNextFileW (in: hFindFile=0x6bed28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.145] GetCurrentThreadId () returned 0x6f8 [0208.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.145] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0208.145] GetCurrentThreadId () returned 0x6f8 [0208.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.145] GetCurrentThreadId () returned 0x6f8 [0208.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.145] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bed68 [0208.146] GetCurrentThreadId () returned 0x6f8 [0208.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.146] FindNextFileW (in: hFindFile=0x6bed68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.146] GetCurrentThreadId () returned 0x6f8 [0208.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.147] FindNextFileW (in: hFindFile=0x6bed68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.147] GetCurrentThreadId () returned 0x6f8 [0208.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.147] FindNextFileW (in: hFindFile=0x6bed68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.147] GetCurrentThreadId () returned 0x6f8 [0208.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.147] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eu", cAlternateFileName="")) returned 1 [0208.147] GetCurrentThreadId () returned 0x6f8 [0208.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.147] GetCurrentThreadId () returned 0x6f8 [0208.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.147] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6beda8 [0208.147] GetCurrentThreadId () returned 0x6f8 [0208.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.147] FindNextFileW (in: hFindFile=0x6beda8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.148] GetCurrentThreadId () returned 0x6f8 [0208.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.148] FindNextFileW (in: hFindFile=0x6beda8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.148] GetCurrentThreadId () returned 0x6f8 [0208.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.148] FindNextFileW (in: hFindFile=0x6beda8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.148] GetCurrentThreadId () returned 0x6f8 [0208.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.148] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0208.148] GetCurrentThreadId () returned 0x6f8 [0208.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.148] GetCurrentThreadId () returned 0x6f8 [0208.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd55150, dwHighDateTime=0x1d6076d)) [0208.148] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bede8 [0208.150] GetCurrentThreadId () returned 0x6f8 [0208.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.150] FindNextFileW (in: hFindFile=0x6bede8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.150] GetCurrentThreadId () returned 0x6f8 [0208.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.150] FindNextFileW (in: hFindFile=0x6bede8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.150] GetCurrentThreadId () returned 0x6f8 [0208.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.151] FindNextFileW (in: hFindFile=0x6bede8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.151] GetCurrentThreadId () returned 0x6f8 [0208.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.151] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0208.151] GetCurrentThreadId () returned 0x6f8 [0208.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.151] GetCurrentThreadId () returned 0x6f8 [0208.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.151] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bee28 [0208.151] GetCurrentThreadId () returned 0x6f8 [0208.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.151] FindNextFileW (in: hFindFile=0x6bee28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.151] GetCurrentThreadId () returned 0x6f8 [0208.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.151] FindNextFileW (in: hFindFile=0x6bee28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.152] GetCurrentThreadId () returned 0x6f8 [0208.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.152] FindNextFileW (in: hFindFile=0x6bee28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.152] GetCurrentThreadId () returned 0x6f8 [0208.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.152] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0208.152] GetCurrentThreadId () returned 0x6f8 [0208.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.152] GetCurrentThreadId () returned 0x6f8 [0208.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.152] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bee68 [0208.153] GetCurrentThreadId () returned 0x6f8 [0208.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.153] FindNextFileW (in: hFindFile=0x6bee68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.153] GetCurrentThreadId () returned 0x6f8 [0208.154] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.154] FindNextFileW (in: hFindFile=0x6bee68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.154] GetCurrentThreadId () returned 0x6f8 [0208.154] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.154] FindNextFileW (in: hFindFile=0x6bee68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.154] GetCurrentThreadId () returned 0x6f8 [0208.154] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.154] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0208.154] GetCurrentThreadId () returned 0x6f8 [0208.154] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.154] GetCurrentThreadId () returned 0x6f8 [0208.154] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.154] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6beea8 [0208.154] GetCurrentThreadId () returned 0x6f8 [0208.154] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.154] FindNextFileW (in: hFindFile=0x6beea8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.155] GetCurrentThreadId () returned 0x6f8 [0208.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.155] FindNextFileW (in: hFindFile=0x6beea8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.155] GetCurrentThreadId () returned 0x6f8 [0208.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.155] FindNextFileW (in: hFindFile=0x6beea8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.155] GetCurrentThreadId () returned 0x6f8 [0208.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.155] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0208.155] GetCurrentThreadId () returned 0x6f8 [0208.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.155] GetCurrentThreadId () returned 0x6f8 [0208.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.155] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6beee8 [0208.156] GetCurrentThreadId () returned 0x6f8 [0208.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.156] FindNextFileW (in: hFindFile=0x6beee8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.156] GetCurrentThreadId () returned 0x6f8 [0208.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.156] FindNextFileW (in: hFindFile=0x6beee8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x159, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.156] GetCurrentThreadId () returned 0x6f8 [0208.157] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.157] FindNextFileW (in: hFindFile=0x6beee8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x159, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.157] GetCurrentThreadId () returned 0x6f8 [0208.157] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.157] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0208.157] GetCurrentThreadId () returned 0x6f8 [0208.157] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.157] GetCurrentThreadId () returned 0x6f8 [0208.157] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bef28 [0208.157] GetCurrentThreadId () returned 0x6f8 [0208.157] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.157] FindNextFileW (in: hFindFile=0x6bef28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.157] GetCurrentThreadId () returned 0x6f8 [0208.157] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.158] FindNextFileW (in: hFindFile=0x6bef28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x107, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.158] GetCurrentThreadId () returned 0x6f8 [0208.158] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.158] FindNextFileW (in: hFindFile=0x6bef28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x107, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.158] GetCurrentThreadId () returned 0x6f8 [0208.158] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.158] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0208.158] GetCurrentThreadId () returned 0x6f8 [0208.158] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.158] GetCurrentThreadId () returned 0x6f8 [0208.158] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.158] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bef68 [0208.159] GetCurrentThreadId () returned 0x6f8 [0208.159] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.159] FindNextFileW (in: hFindFile=0x6bef68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.161] GetCurrentThreadId () returned 0x6f8 [0208.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.161] FindNextFileW (in: hFindFile=0x6bef68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.161] GetCurrentThreadId () returned 0x6f8 [0208.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.161] FindNextFileW (in: hFindFile=0x6bef68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.161] GetCurrentThreadId () returned 0x6f8 [0208.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.161] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0208.161] GetCurrentThreadId () returned 0x6f8 [0208.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.161] GetCurrentThreadId () returned 0x6f8 [0208.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.161] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6befa8 [0208.162] GetCurrentThreadId () returned 0x6f8 [0208.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.162] FindNextFileW (in: hFindFile=0x6befa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.162] GetCurrentThreadId () returned 0x6f8 [0208.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.162] FindNextFileW (in: hFindFile=0x6befa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x105, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.162] GetCurrentThreadId () returned 0x6f8 [0208.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.162] FindNextFileW (in: hFindFile=0x6befa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x105, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.162] GetCurrentThreadId () returned 0x6f8 [0208.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.162] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0208.162] GetCurrentThreadId () returned 0x6f8 [0208.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.162] GetCurrentThreadId () returned 0x6f8 [0208.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.162] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6befe8 [0208.163] GetCurrentThreadId () returned 0x6f8 [0208.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.164] FindNextFileW (in: hFindFile=0x6befe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.164] GetCurrentThreadId () returned 0x6f8 [0208.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.164] FindNextFileW (in: hFindFile=0x6befe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.164] GetCurrentThreadId () returned 0x6f8 [0208.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.164] FindNextFileW (in: hFindFile=0x6befe8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.164] GetCurrentThreadId () returned 0x6f8 [0208.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.164] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0208.164] GetCurrentThreadId () returned 0x6f8 [0208.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.164] GetCurrentThreadId () returned 0x6f8 [0208.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.164] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf028 [0208.164] GetCurrentThreadId () returned 0x6f8 [0208.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.165] FindNextFileW (in: hFindFile=0x6bf028, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.165] GetCurrentThreadId () returned 0x6f8 [0208.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.165] FindNextFileW (in: hFindFile=0x6bf028, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.165] GetCurrentThreadId () returned 0x6f8 [0208.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.165] FindNextFileW (in: hFindFile=0x6bf028, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.165] GetCurrentThreadId () returned 0x6f8 [0208.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.165] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0208.165] GetCurrentThreadId () returned 0x6f8 [0208.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.165] GetCurrentThreadId () returned 0x6f8 [0208.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xd7b2b0, dwHighDateTime=0x1d6076d)) [0208.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf068 [0208.166] GetCurrentThreadId () returned 0x6f8 [0208.166] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.166] FindNextFileW (in: hFindFile=0x6bf068, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.166] GetCurrentThreadId () returned 0x6f8 [0208.166] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.166] FindNextFileW (in: hFindFile=0x6bf068, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.166] GetCurrentThreadId () returned 0x6f8 [0208.166] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.166] FindNextFileW (in: hFindFile=0x6bf068, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.167] GetCurrentThreadId () returned 0x6f8 [0208.167] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.167] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0208.167] GetCurrentThreadId () returned 0x6f8 [0208.167] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.167] GetCurrentThreadId () returned 0x6f8 [0208.167] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.167] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf0a8 [0208.167] GetCurrentThreadId () returned 0x6f8 [0208.167] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.167] FindNextFileW (in: hFindFile=0x6bf0a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.167] GetCurrentThreadId () returned 0x6f8 [0208.167] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.167] FindNextFileW (in: hFindFile=0x6bf0a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.168] GetCurrentThreadId () returned 0x6f8 [0208.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.168] FindNextFileW (in: hFindFile=0x6bf0a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.168] GetCurrentThreadId () returned 0x6f8 [0208.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.168] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0208.168] GetCurrentThreadId () returned 0x6f8 [0208.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.168] GetCurrentThreadId () returned 0x6f8 [0208.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.168] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf0e8 [0208.172] GetCurrentThreadId () returned 0x6f8 [0208.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.172] FindNextFileW (in: hFindFile=0x6bf0e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.172] GetCurrentThreadId () returned 0x6f8 [0208.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.172] FindNextFileW (in: hFindFile=0x6bf0e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.172] GetCurrentThreadId () returned 0x6f8 [0208.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.172] FindNextFileW (in: hFindFile=0x6bf0e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.172] GetCurrentThreadId () returned 0x6f8 [0208.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.172] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0208.173] GetCurrentThreadId () returned 0x6f8 [0208.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.173] GetCurrentThreadId () returned 0x6f8 [0208.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.173] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf128 [0208.173] GetCurrentThreadId () returned 0x6f8 [0208.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.173] FindNextFileW (in: hFindFile=0x6bf128, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.173] GetCurrentThreadId () returned 0x6f8 [0208.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.173] FindNextFileW (in: hFindFile=0x6bf128, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.173] GetCurrentThreadId () returned 0x6f8 [0208.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.173] FindNextFileW (in: hFindFile=0x6bf128, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.173] GetCurrentThreadId () returned 0x6f8 [0208.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.173] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0208.173] GetCurrentThreadId () returned 0x6f8 [0208.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.174] GetCurrentThreadId () returned 0x6f8 [0208.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.174] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf168 [0208.175] GetCurrentThreadId () returned 0x6f8 [0208.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.175] FindNextFileW (in: hFindFile=0x6bf168, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.175] GetCurrentThreadId () returned 0x6f8 [0208.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.175] FindNextFileW (in: hFindFile=0x6bf168, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.175] GetCurrentThreadId () returned 0x6f8 [0208.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.175] FindNextFileW (in: hFindFile=0x6bf168, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.175] GetCurrentThreadId () returned 0x6f8 [0208.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.175] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0208.175] GetCurrentThreadId () returned 0x6f8 [0208.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.175] GetCurrentThreadId () returned 0x6f8 [0208.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.175] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf1a8 [0208.176] GetCurrentThreadId () returned 0x6f8 [0208.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.176] FindNextFileW (in: hFindFile=0x6bf1a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.176] GetCurrentThreadId () returned 0x6f8 [0208.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.176] FindNextFileW (in: hFindFile=0x6bf1a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.176] GetCurrentThreadId () returned 0x6f8 [0208.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.176] FindNextFileW (in: hFindFile=0x6bf1a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.176] GetCurrentThreadId () returned 0x6f8 [0208.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.176] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0208.176] GetCurrentThreadId () returned 0x6f8 [0208.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.176] GetCurrentThreadId () returned 0x6f8 [0208.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.176] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf1e8 [0208.177] GetCurrentThreadId () returned 0x6f8 [0208.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.177] FindNextFileW (in: hFindFile=0x6bf1e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.177] GetCurrentThreadId () returned 0x6f8 [0208.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.177] FindNextFileW (in: hFindFile=0x6bf1e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.177] GetCurrentThreadId () returned 0x6f8 [0208.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.177] FindNextFileW (in: hFindFile=0x6bf1e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.178] GetCurrentThreadId () returned 0x6f8 [0208.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.178] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0208.178] GetCurrentThreadId () returned 0x6f8 [0208.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.178] GetCurrentThreadId () returned 0x6f8 [0208.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.178] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf228 [0208.178] GetCurrentThreadId () returned 0x6f8 [0208.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.178] FindNextFileW (in: hFindFile=0x6bf228, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.178] GetCurrentThreadId () returned 0x6f8 [0208.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.178] FindNextFileW (in: hFindFile=0x6bf228, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.178] GetCurrentThreadId () returned 0x6f8 [0208.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.178] FindNextFileW (in: hFindFile=0x6bf228, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.178] GetCurrentThreadId () returned 0x6f8 [0208.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.178] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0208.179] GetCurrentThreadId () returned 0x6f8 [0208.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.179] GetCurrentThreadId () returned 0x6f8 [0208.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.179] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf268 [0208.179] GetCurrentThreadId () returned 0x6f8 [0208.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.180] FindNextFileW (in: hFindFile=0x6bf268, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.180] GetCurrentThreadId () returned 0x6f8 [0208.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.180] FindNextFileW (in: hFindFile=0x6bf268, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.180] GetCurrentThreadId () returned 0x6f8 [0208.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.180] FindNextFileW (in: hFindFile=0x6bf268, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.180] GetCurrentThreadId () returned 0x6f8 [0208.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.180] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0208.180] GetCurrentThreadId () returned 0x6f8 [0208.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.180] GetCurrentThreadId () returned 0x6f8 [0208.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.180] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf2a8 [0208.181] GetCurrentThreadId () returned 0x6f8 [0208.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.181] FindNextFileW (in: hFindFile=0x6bf2a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.181] GetCurrentThreadId () returned 0x6f8 [0208.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.181] FindNextFileW (in: hFindFile=0x6bf2a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.181] GetCurrentThreadId () returned 0x6f8 [0208.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.181] FindNextFileW (in: hFindFile=0x6bf2a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.181] GetCurrentThreadId () returned 0x6f8 [0208.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.181] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0208.182] GetCurrentThreadId () returned 0x6f8 [0208.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.182] GetCurrentThreadId () returned 0x6f8 [0208.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.182] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf2e8 [0208.183] GetCurrentThreadId () returned 0x6f8 [0208.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.183] FindNextFileW (in: hFindFile=0x6bf2e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.183] GetCurrentThreadId () returned 0x6f8 [0208.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.183] FindNextFileW (in: hFindFile=0x6bf2e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.183] GetCurrentThreadId () returned 0x6f8 [0208.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.183] FindNextFileW (in: hFindFile=0x6bf2e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.183] GetCurrentThreadId () returned 0x6f8 [0208.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.183] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0208.183] GetCurrentThreadId () returned 0x6f8 [0208.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.183] GetCurrentThreadId () returned 0x6f8 [0208.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.183] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf328 [0208.183] GetCurrentThreadId () returned 0x6f8 [0208.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.183] FindNextFileW (in: hFindFile=0x6bf328, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.184] GetCurrentThreadId () returned 0x6f8 [0208.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.184] FindNextFileW (in: hFindFile=0x6bf328, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f7ed20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.184] GetCurrentThreadId () returned 0x6f8 [0208.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.184] FindNextFileW (in: hFindFile=0x6bf328, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f7ed20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.184] GetCurrentThreadId () returned 0x6f8 [0208.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.184] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0208.184] GetCurrentThreadId () returned 0x6f8 [0208.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.184] GetCurrentThreadId () returned 0x6f8 [0208.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.184] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf368 [0208.185] GetCurrentThreadId () returned 0x6f8 [0208.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.185] FindNextFileW (in: hFindFile=0x6bf368, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.185] GetCurrentThreadId () returned 0x6f8 [0208.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.185] FindNextFileW (in: hFindFile=0x6bf368, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.185] GetCurrentThreadId () returned 0x6f8 [0208.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.185] FindNextFileW (in: hFindFile=0x6bf368, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.185] GetCurrentThreadId () returned 0x6f8 [0208.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.185] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0208.185] GetCurrentThreadId () returned 0x6f8 [0208.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.185] GetCurrentThreadId () returned 0x6f8 [0208.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.185] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf3a8 [0208.186] GetCurrentThreadId () returned 0x6f8 [0208.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.186] FindNextFileW (in: hFindFile=0x6bf3a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.186] GetCurrentThreadId () returned 0x6f8 [0208.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.186] FindNextFileW (in: hFindFile=0x6bf3a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.186] GetCurrentThreadId () returned 0x6f8 [0208.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.186] FindNextFileW (in: hFindFile=0x6bf3a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.186] GetCurrentThreadId () returned 0x6f8 [0208.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.186] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0208.186] GetCurrentThreadId () returned 0x6f8 [0208.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.186] GetCurrentThreadId () returned 0x6f8 [0208.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.186] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf3e8 [0208.187] GetCurrentThreadId () returned 0x6f8 [0208.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.187] FindNextFileW (in: hFindFile=0x6bf3e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.187] GetCurrentThreadId () returned 0x6f8 [0208.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.187] FindNextFileW (in: hFindFile=0x6bf3e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.188] GetCurrentThreadId () returned 0x6f8 [0208.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.188] FindNextFileW (in: hFindFile=0x6bf3e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.188] GetCurrentThreadId () returned 0x6f8 [0208.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.188] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0208.188] GetCurrentThreadId () returned 0x6f8 [0208.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.188] GetCurrentThreadId () returned 0x6f8 [0208.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.188] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf428 [0208.188] GetCurrentThreadId () returned 0x6f8 [0208.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.188] FindNextFileW (in: hFindFile=0x6bf428, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.188] GetCurrentThreadId () returned 0x6f8 [0208.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.188] FindNextFileW (in: hFindFile=0x6bf428, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x164, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.188] GetCurrentThreadId () returned 0x6f8 [0208.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.189] FindNextFileW (in: hFindFile=0x6bf428, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x164, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.189] GetCurrentThreadId () returned 0x6f8 [0208.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.189] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0208.189] GetCurrentThreadId () returned 0x6f8 [0208.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.189] GetCurrentThreadId () returned 0x6f8 [0208.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.189] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf468 [0208.190] GetCurrentThreadId () returned 0x6f8 [0208.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.190] FindNextFileW (in: hFindFile=0x6bf468, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.190] GetCurrentThreadId () returned 0x6f8 [0208.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.190] FindNextFileW (in: hFindFile=0x6bf468, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.190] GetCurrentThreadId () returned 0x6f8 [0208.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.190] FindNextFileW (in: hFindFile=0x6bf468, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.190] GetCurrentThreadId () returned 0x6f8 [0208.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.190] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0208.191] GetCurrentThreadId () returned 0x6f8 [0208.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.191] GetCurrentThreadId () returned 0x6f8 [0208.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xdc7570, dwHighDateTime=0x1d6076d)) [0208.191] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf4a8 [0208.191] FindNextFileW (in: hFindFile=0x6bf4a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.191] FindNextFileW (in: hFindFile=0x6bf4a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.191] FindNextFileW (in: hFindFile=0x6bf4a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.191] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0208.192] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf4e8 [0208.192] FindNextFileW (in: hFindFile=0x6bf4e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.192] FindNextFileW (in: hFindFile=0x6bf4e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.193] FindNextFileW (in: hFindFile=0x6bf4e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.193] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0208.193] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf528 [0208.193] FindNextFileW (in: hFindFile=0x6bf528, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.193] FindNextFileW (in: hFindFile=0x6bf528, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x111, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.193] FindNextFileW (in: hFindFile=0x6bf528, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x111, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.193] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0208.193] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf568 [0208.194] FindNextFileW (in: hFindFile=0x6bf568, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.194] FindNextFileW (in: hFindFile=0x6bf568, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.194] FindNextFileW (in: hFindFile=0x6bf568, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.194] FindNextFileW (in: hFindFile=0x6bd228, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0208.194] FindNextFileW (in: hFindFile=0x6bd1e8, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0208.194] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf5a8 [0208.195] FindNextFileW (in: hFindFile=0x6bf5a8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.195] FindNextFileW (in: hFindFile=0x6bf5a8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0x2bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0208.195] FindNextFileW (in: hFindFile=0x6bf5a8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0x2bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0208.195] FindNextFileW (in: hFindFile=0x6bd1e8, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0208.195] FindNextFileW (in: hFindFile=0x6bd1a8, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14.1_0", cAlternateFileName="")) returned 0 [0208.195] FindNextFileW (in: hFindFile=0x6a9308, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="blpcfgokakmgnkcojhhkbfbldkacnbeo", cAlternateFileName="BLPCFG~1")) returned 1 [0208.195] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf5e8 [0208.195] FindNextFileW (in: hFindFile=0x6bf5e8, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.195] FindNextFileW (in: hFindFile=0x6bf5e8, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4.2.8_0", cAlternateFileName="4278E1~1.8_0")) returned 1 [0208.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf628 [0208.199] FindNextFileW (in: hFindFile=0x6bf628, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.199] FindNextFileW (in: hFindFile=0x6bf628, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="128.png", cAlternateFileName="")) returned 1 [0208.201] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", dwFileAttributes=0x80) returned 1 [0208.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x830 [0208.201] GetFileSize (in: hFile=0x830, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd4e [0208.208] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", dwFileAttributes=0x2020) returned 1 [0208.208] GetCurrentThreadId () returned 0x6f8 [0208.208] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", piIcon=0x4e4de98 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", piIcon=0x4e4de98) returned 0xd014d [0208.221] GetIconInfo (in: hIcon=0xd014d, piconinfo=0x4e4de84 | out: piconinfo=0x4e4de84) returned 1 [0208.221] CreateFileW (lpFileName="Kmsc.ico" (normalized: "c:\\windows\\system32\\kmsc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x834 [0208.222] GetObjectA (in: h=0x56050772, c=24, pv=0x4e4de48 | out: pv=0x4e4de48) returned 24 [0208.222] GetObjectA (in: h=0x3c0501fa, c=24, pv=0x4e4de60 | out: pv=0x4e4de60) returned 24 [0208.222] CreateCompatibleDC (hdc=0x0) returned 0x8d01076f [0208.222] GetDIBits (in: hdc=0x8d01076f, hbm=0x56050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d9f8) returned 1 [0208.222] GetDIBits (in: hdc=0x8d01076f, hbm=0x56050772, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4d9f8) returned 32 [0208.222] GetDIBits (in: hdc=0x8d01076f, hbm=0x56050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d5d0) returned 1 [0208.222] GetDIBits (in: hdc=0x8d01076f, hbm=0x3c0501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4d5d0) returned 32 [0208.222] WriteFile (in: hFile=0x834, lpBuffer=0x4e4d5b0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5b0*, lpNumberOfBytesWritten=0x4e4d598*=0x6, lpOverlapped=0x0) returned 1 [0208.223] WriteFile (in: hFile=0x834, lpBuffer=0x4e4d5a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5a0*, lpNumberOfBytesWritten=0x4e4d598*=0x10, lpOverlapped=0x0) returned 1 [0208.223] WriteFile (in: hFile=0x834, lpBuffer=0x4e4de20*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4de20*, lpNumberOfBytesWritten=0x4e4d598*=0x28, lpOverlapped=0x0) returned 1 [0208.224] WriteFile (in: hFile=0x834, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4d598*=0x1000, lpOverlapped=0x0) returned 1 [0208.224] WriteFile (in: hFile=0x834, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4d598*=0x80, lpOverlapped=0x0) returned 1 [0208.224] DeleteDC (hdc=0x8d01076f) returned 1 [0208.224] CloseHandle (hObject=0x834) returned 1 [0208.224] DeleteObject (ho=0x56050772) returned 1 [0208.224] DeleteObject (ho=0x3c0501fa) returned 1 [0208.224] DestroyCursor (hCursor=0xd014d) returned 1 [0208.224] GetCurrentThreadId () returned 0x6f8 [0208.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x834 [0208.225] GetFileSize (in: hFile=0x834, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd4e [0208.230] ReadFile (in: hFile=0x834, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xd4e, lpNumberOfBytesRead=0x4e4e184, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e184*=0xd4e, lpOverlapped=0x0) returned 1 [0208.230] CloseHandle (hObject=0x834) returned 1 [0208.231] GetCurrentThreadId () returned 0x6f8 [0208.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0xe39990, dwHighDateTime=0x1d6076d)) [0208.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0xe39990, dwHighDateTime=0x1d6076d)) [0208.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de00 | out: lpSystemTimeAsFileTime=0x4e4de00*(dwLowDateTime=0xe39990, dwHighDateTime=0x1d6076d)) [0208.316] GetCurrentThreadId () returned 0x6f8 [0208.316] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0xef8070, dwHighDateTime=0x1d6076d)) [0208.316] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0xef8070, dwHighDateTime=0x1d6076d)) [0208.316] GetCurrentThreadId () returned 0x6f8 [0208.316] CreateFileW (lpFileName="wIMU.exe" (normalized: "c:\\windows\\system32\\wimu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.317] CreateFileW (lpFileName="wIMU.exe" (normalized: "c:\\windows\\system32\\wimu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.317] GetCurrentThreadId () returned 0x6f8 [0208.317] GetCurrentThreadId () returned 0x6f8 [0208.317] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0xef8070, dwHighDateTime=0x1d6076d)) [0208.317] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0xef8070, dwHighDateTime=0x1d6076d)) [0208.317] CreateFileW (lpFileName="wIMU.exe" (normalized: "c:\\windows\\system32\\wimu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.317] GetCurrentThreadId () returned 0x6f8 [0208.317] BeginUpdateResourceW (pFileName="wIMU.exe" (normalized: "c:\\windows\\system32\\wimu.exe"), bDeleteExistingResources=0) returned 0x0 [0208.317] CreateFileW (lpFileName="Kmsc.ico" (normalized: "c:\\windows\\system32\\kmsc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x834 [0208.318] GetFileSize (in: hFile=0x834, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0208.318] ReadFile (in: hFile=0x834, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4de98, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4de98*=0x10be, lpOverlapped=0x0) returned 1 [0208.318] CloseHandle (hObject=0x834) returned 1 [0208.318] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0208.318] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4de84, cb=0x14) returned 0 [0208.318] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0208.318] CopyFileW (lpExistingFileName="wIMU.exe" (normalized: "c:\\windows\\system32\\wimu.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.exe"), bFailIfExists=0) returned 0 [0208.319] SetNamedSecurityInfoW () returned 0x2 [0208.319] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png")) returned 1 [0208.320] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x10e, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4dedc*=0x10e, lpOverlapped=0x0) returned 1 [0208.320] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4dedc*=0x4, lpOverlapped=0x0) returned 1 [0208.320] DeleteFileW (lpFileName="Kmsc.ico" (normalized: "c:\\windows\\system32\\kmsc.ico")) returned 1 [0208.321] DeleteFileW (lpFileName="wIMU.exe" (normalized: "c:\\windows\\system32\\wimu.exe")) returned 0 [0208.321] GetCurrentThreadId () returned 0x6f8 [0208.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de8c | out: lpSystemTimeAsFileTime=0x4e4de8c*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.322] GetCurrentThreadId () returned 0x6f8 [0208.322] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.322] FindNextFileW (in: hFindFile=0x6bf628, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0208.322] GetCurrentThreadId () returned 0x6f8 [0208.322] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.322] FindNextFileW (in: hFindFile=0x6bf628, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0208.322] GetCurrentThreadId () returned 0x6f8 [0208.322] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.322] GetCurrentThreadId () returned 0x6f8 [0208.322] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.322] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf668 [0208.324] GetCurrentThreadId () returned 0x6f8 [0208.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.324] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.324] GetCurrentThreadId () returned 0x6f8 [0208.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.324] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0208.324] GetCurrentThreadId () returned 0x6f8 [0208.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.324] GetCurrentThreadId () returned 0x6f8 [0208.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.324] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf6a8 [0208.325] GetCurrentThreadId () returned 0x6f8 [0208.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.325] FindNextFileW (in: hFindFile=0x6bf6a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.325] GetCurrentThreadId () returned 0x6f8 [0208.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.325] FindNextFileW (in: hFindFile=0x6bf6a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.325] GetCurrentThreadId () returned 0x6f8 [0208.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.325] FindNextFileW (in: hFindFile=0x6bf6a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.325] GetCurrentThreadId () returned 0x6f8 [0208.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.325] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0208.325] GetCurrentThreadId () returned 0x6f8 [0208.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.325] GetCurrentThreadId () returned 0x6f8 [0208.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.325] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf6e8 [0208.326] GetCurrentThreadId () returned 0x6f8 [0208.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.326] FindNextFileW (in: hFindFile=0x6bf6e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.326] GetCurrentThreadId () returned 0x6f8 [0208.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.326] FindNextFileW (in: hFindFile=0x6bf6e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.326] GetCurrentThreadId () returned 0x6f8 [0208.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.326] FindNextFileW (in: hFindFile=0x6bf6e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.327] GetCurrentThreadId () returned 0x6f8 [0208.327] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.327] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0208.327] GetCurrentThreadId () returned 0x6f8 [0208.327] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.327] GetCurrentThreadId () returned 0x6f8 [0208.327] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.327] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf728 [0208.327] GetCurrentThreadId () returned 0x6f8 [0208.327] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.327] FindNextFileW (in: hFindFile=0x6bf728, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.329] GetCurrentThreadId () returned 0x6f8 [0208.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.329] FindNextFileW (in: hFindFile=0x6bf728, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.329] GetCurrentThreadId () returned 0x6f8 [0208.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.329] FindNextFileW (in: hFindFile=0x6bf728, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.329] GetCurrentThreadId () returned 0x6f8 [0208.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.329] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0208.329] GetCurrentThreadId () returned 0x6f8 [0208.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.329] GetCurrentThreadId () returned 0x6f8 [0208.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.329] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf768 [0208.330] GetCurrentThreadId () returned 0x6f8 [0208.330] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.330] FindNextFileW (in: hFindFile=0x6bf768, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.330] GetCurrentThreadId () returned 0x6f8 [0208.330] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.330] FindNextFileW (in: hFindFile=0x6bf768, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.330] GetCurrentThreadId () returned 0x6f8 [0208.330] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.330] FindNextFileW (in: hFindFile=0x6bf768, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.330] GetCurrentThreadId () returned 0x6f8 [0208.330] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.331] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0208.331] GetCurrentThreadId () returned 0x6f8 [0208.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.331] GetCurrentThreadId () returned 0x6f8 [0208.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf7a8 [0208.331] GetCurrentThreadId () returned 0x6f8 [0208.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.331] FindNextFileW (in: hFindFile=0x6bf7a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.331] GetCurrentThreadId () returned 0x6f8 [0208.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.331] FindNextFileW (in: hFindFile=0x6bf7a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.331] GetCurrentThreadId () returned 0x6f8 [0208.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.331] FindNextFileW (in: hFindFile=0x6bf7a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.331] GetCurrentThreadId () returned 0x6f8 [0208.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.331] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0208.331] GetCurrentThreadId () returned 0x6f8 [0208.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.332] GetCurrentThreadId () returned 0x6f8 [0208.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.332] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf7e8 [0208.332] GetCurrentThreadId () returned 0x6f8 [0208.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.332] FindNextFileW (in: hFindFile=0x6bf7e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.333] GetCurrentThreadId () returned 0x6f8 [0208.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.333] FindNextFileW (in: hFindFile=0x6bf7e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.333] GetCurrentThreadId () returned 0x6f8 [0208.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.333] FindNextFileW (in: hFindFile=0x6bf7e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.333] GetCurrentThreadId () returned 0x6f8 [0208.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.333] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0208.333] GetCurrentThreadId () returned 0x6f8 [0208.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.333] GetCurrentThreadId () returned 0x6f8 [0208.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.333] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf828 [0208.333] GetCurrentThreadId () returned 0x6f8 [0208.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.333] FindNextFileW (in: hFindFile=0x6bf828, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.333] GetCurrentThreadId () returned 0x6f8 [0208.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.333] FindNextFileW (in: hFindFile=0x6bf828, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.333] GetCurrentThreadId () returned 0x6f8 [0208.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.334] FindNextFileW (in: hFindFile=0x6bf828, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.334] GetCurrentThreadId () returned 0x6f8 [0208.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.334] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0208.334] GetCurrentThreadId () returned 0x6f8 [0208.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.334] GetCurrentThreadId () returned 0x6f8 [0208.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.334] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf868 [0208.335] GetCurrentThreadId () returned 0x6f8 [0208.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.335] FindNextFileW (in: hFindFile=0x6bf868, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.335] GetCurrentThreadId () returned 0x6f8 [0208.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.335] FindNextFileW (in: hFindFile=0x6bf868, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.335] GetCurrentThreadId () returned 0x6f8 [0208.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.335] FindNextFileW (in: hFindFile=0x6bf868, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.335] GetCurrentThreadId () returned 0x6f8 [0208.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.335] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0208.335] GetCurrentThreadId () returned 0x6f8 [0208.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.336] GetCurrentThreadId () returned 0x6f8 [0208.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.336] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf8a8 [0208.336] GetCurrentThreadId () returned 0x6f8 [0208.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.336] FindNextFileW (in: hFindFile=0x6bf8a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.336] GetCurrentThreadId () returned 0x6f8 [0208.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.336] FindNextFileW (in: hFindFile=0x6bf8a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.336] GetCurrentThreadId () returned 0x6f8 [0208.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.336] FindNextFileW (in: hFindFile=0x6bf8a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.336] GetCurrentThreadId () returned 0x6f8 [0208.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.336] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0208.336] GetCurrentThreadId () returned 0x6f8 [0208.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.336] GetCurrentThreadId () returned 0x6f8 [0208.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf1e1d0, dwHighDateTime=0x1d6076d)) [0208.336] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf8e8 [0208.337] GetCurrentThreadId () returned 0x6f8 [0208.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.337] FindNextFileW (in: hFindFile=0x6bf8e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.337] GetCurrentThreadId () returned 0x6f8 [0208.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.338] FindNextFileW (in: hFindFile=0x6bf8e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.338] GetCurrentThreadId () returned 0x6f8 [0208.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.338] FindNextFileW (in: hFindFile=0x6bf8e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.338] GetCurrentThreadId () returned 0x6f8 [0208.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.338] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0208.338] GetCurrentThreadId () returned 0x6f8 [0208.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.338] GetCurrentThreadId () returned 0x6f8 [0208.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.338] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf928 [0208.338] GetCurrentThreadId () returned 0x6f8 [0208.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.338] FindNextFileW (in: hFindFile=0x6bf928, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.338] GetCurrentThreadId () returned 0x6f8 [0208.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.338] FindNextFileW (in: hFindFile=0x6bf928, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.338] GetCurrentThreadId () returned 0x6f8 [0208.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.339] FindNextFileW (in: hFindFile=0x6bf928, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.339] GetCurrentThreadId () returned 0x6f8 [0208.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.339] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0208.339] GetCurrentThreadId () returned 0x6f8 [0208.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.339] GetCurrentThreadId () returned 0x6f8 [0208.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.339] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf968 [0208.340] GetCurrentThreadId () returned 0x6f8 [0208.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.340] FindNextFileW (in: hFindFile=0x6bf968, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.340] GetCurrentThreadId () returned 0x6f8 [0208.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.340] FindNextFileW (in: hFindFile=0x6bf968, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.340] GetCurrentThreadId () returned 0x6f8 [0208.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.340] FindNextFileW (in: hFindFile=0x6bf968, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.340] GetCurrentThreadId () returned 0x6f8 [0208.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.340] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0208.340] GetCurrentThreadId () returned 0x6f8 [0208.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.340] GetCurrentThreadId () returned 0x6f8 [0208.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.340] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf9a8 [0208.341] GetCurrentThreadId () returned 0x6f8 [0208.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.341] FindNextFileW (in: hFindFile=0x6bf9a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.341] GetCurrentThreadId () returned 0x6f8 [0208.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.341] FindNextFileW (in: hFindFile=0x6bf9a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.341] GetCurrentThreadId () returned 0x6f8 [0208.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.341] FindNextFileW (in: hFindFile=0x6bf9a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.341] GetCurrentThreadId () returned 0x6f8 [0208.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.341] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0208.341] GetCurrentThreadId () returned 0x6f8 [0208.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.341] GetCurrentThreadId () returned 0x6f8 [0208.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.341] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bf9e8 [0208.342] GetCurrentThreadId () returned 0x6f8 [0208.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.342] FindNextFileW (in: hFindFile=0x6bf9e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.342] GetCurrentThreadId () returned 0x6f8 [0208.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.342] FindNextFileW (in: hFindFile=0x6bf9e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.343] GetCurrentThreadId () returned 0x6f8 [0208.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.343] FindNextFileW (in: hFindFile=0x6bf9e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.343] GetCurrentThreadId () returned 0x6f8 [0208.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.343] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0208.343] GetCurrentThreadId () returned 0x6f8 [0208.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.343] GetCurrentThreadId () returned 0x6f8 [0208.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.343] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6bfa28 [0208.343] GetCurrentThreadId () returned 0x6f8 [0208.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.343] FindNextFileW (in: hFindFile=0x6bfa28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.343] GetCurrentThreadId () returned 0x6f8 [0208.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.344] FindNextFileW (in: hFindFile=0x6bfa28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.344] GetCurrentThreadId () returned 0x6f8 [0208.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.344] FindNextFileW (in: hFindFile=0x6bfa28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.344] GetCurrentThreadId () returned 0x6f8 [0208.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.344] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0208.344] GetCurrentThreadId () returned 0x6f8 [0208.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.344] GetCurrentThreadId () returned 0x6f8 [0208.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.344] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cb890 [0208.345] GetCurrentThreadId () returned 0x6f8 [0208.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.345] FindNextFileW (in: hFindFile=0x6cb890, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.345] GetCurrentThreadId () returned 0x6f8 [0208.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.345] FindNextFileW (in: hFindFile=0x6cb890, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.345] GetCurrentThreadId () returned 0x6f8 [0208.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.345] FindNextFileW (in: hFindFile=0x6cb890, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.345] GetCurrentThreadId () returned 0x6f8 [0208.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.345] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0208.345] GetCurrentThreadId () returned 0x6f8 [0208.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.345] GetCurrentThreadId () returned 0x6f8 [0208.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.345] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cb8d0 [0208.346] GetCurrentThreadId () returned 0x6f8 [0208.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.346] FindNextFileW (in: hFindFile=0x6cb8d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.346] GetCurrentThreadId () returned 0x6f8 [0208.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.346] FindNextFileW (in: hFindFile=0x6cb8d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.346] GetCurrentThreadId () returned 0x6f8 [0208.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.346] FindNextFileW (in: hFindFile=0x6cb8d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.346] GetCurrentThreadId () returned 0x6f8 [0208.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.346] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0208.346] GetCurrentThreadId () returned 0x6f8 [0208.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.346] GetCurrentThreadId () returned 0x6f8 [0208.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cb910 [0208.347] GetCurrentThreadId () returned 0x6f8 [0208.347] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.347] FindNextFileW (in: hFindFile=0x6cb910, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.347] GetCurrentThreadId () returned 0x6f8 [0208.347] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.347] FindNextFileW (in: hFindFile=0x6cb910, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.347] GetCurrentThreadId () returned 0x6f8 [0208.347] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.347] FindNextFileW (in: hFindFile=0x6cb910, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.347] GetCurrentThreadId () returned 0x6f8 [0208.347] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.347] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0208.347] GetCurrentThreadId () returned 0x6f8 [0208.347] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.347] GetCurrentThreadId () returned 0x6f8 [0208.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cb950 [0208.348] GetCurrentThreadId () returned 0x6f8 [0208.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.348] FindNextFileW (in: hFindFile=0x6cb950, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.348] GetCurrentThreadId () returned 0x6f8 [0208.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.348] FindNextFileW (in: hFindFile=0x6cb950, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.348] GetCurrentThreadId () returned 0x6f8 [0208.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.348] FindNextFileW (in: hFindFile=0x6cb950, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.348] GetCurrentThreadId () returned 0x6f8 [0208.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.348] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0208.348] GetCurrentThreadId () returned 0x6f8 [0208.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.348] GetCurrentThreadId () returned 0x6f8 [0208.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf44330, dwHighDateTime=0x1d6076d)) [0208.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cb990 [0208.358] GetCurrentThreadId () returned 0x6f8 [0208.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.358] FindNextFileW (in: hFindFile=0x6cb990, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.358] GetCurrentThreadId () returned 0x6f8 [0208.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.358] FindNextFileW (in: hFindFile=0x6cb990, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.358] GetCurrentThreadId () returned 0x6f8 [0208.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.358] FindNextFileW (in: hFindFile=0x6cb990, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.358] GetCurrentThreadId () returned 0x6f8 [0208.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.358] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0208.358] GetCurrentThreadId () returned 0x6f8 [0208.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.358] GetCurrentThreadId () returned 0x6f8 [0208.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cb9d0 [0208.359] GetCurrentThreadId () returned 0x6f8 [0208.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.359] FindNextFileW (in: hFindFile=0x6cb9d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.359] GetCurrentThreadId () returned 0x6f8 [0208.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.359] FindNextFileW (in: hFindFile=0x6cb9d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.359] GetCurrentThreadId () returned 0x6f8 [0208.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.359] FindNextFileW (in: hFindFile=0x6cb9d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.359] GetCurrentThreadId () returned 0x6f8 [0208.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.359] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0208.359] GetCurrentThreadId () returned 0x6f8 [0208.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.360] GetCurrentThreadId () returned 0x6f8 [0208.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf6a490, dwHighDateTime=0x1d6076d)) [0208.360] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cba10 [0208.370] GetCurrentThreadId () returned 0x6f8 [0208.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.370] FindNextFileW (in: hFindFile=0x6cba10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.370] GetCurrentThreadId () returned 0x6f8 [0208.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.371] FindNextFileW (in: hFindFile=0x6cba10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.371] GetCurrentThreadId () returned 0x6f8 [0208.371] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.371] FindNextFileW (in: hFindFile=0x6cba10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.371] GetCurrentThreadId () returned 0x6f8 [0208.371] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.371] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0208.371] GetCurrentThreadId () returned 0x6f8 [0208.371] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.371] GetCurrentThreadId () returned 0x6f8 [0208.371] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.371] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cba50 [0208.372] GetCurrentThreadId () returned 0x6f8 [0208.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.372] FindNextFileW (in: hFindFile=0x6cba50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.372] GetCurrentThreadId () returned 0x6f8 [0208.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.372] FindNextFileW (in: hFindFile=0x6cba50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.372] GetCurrentThreadId () returned 0x6f8 [0208.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.372] FindNextFileW (in: hFindFile=0x6cba50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.372] GetCurrentThreadId () returned 0x6f8 [0208.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.372] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0208.372] GetCurrentThreadId () returned 0x6f8 [0208.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.372] GetCurrentThreadId () returned 0x6f8 [0208.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.372] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cba90 [0208.374] GetCurrentThreadId () returned 0x6f8 [0208.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.374] FindNextFileW (in: hFindFile=0x6cba90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.374] GetCurrentThreadId () returned 0x6f8 [0208.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.374] FindNextFileW (in: hFindFile=0x6cba90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c12fb00, ftLastWriteTime.dwHighDateTime=0x1d0f3ee, nFileSizeHigh=0x0, nFileSizeLow=0x9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.374] GetCurrentThreadId () returned 0x6f8 [0208.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.374] FindNextFileW (in: hFindFile=0x6cba90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c12fb00, ftLastWriteTime.dwHighDateTime=0x1d0f3ee, nFileSizeHigh=0x0, nFileSizeLow=0x9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.374] GetCurrentThreadId () returned 0x6f8 [0208.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.374] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0208.374] GetCurrentThreadId () returned 0x6f8 [0208.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.374] GetCurrentThreadId () returned 0x6f8 [0208.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.374] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbad0 [0208.375] GetCurrentThreadId () returned 0x6f8 [0208.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.375] FindNextFileW (in: hFindFile=0x6cbad0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.375] GetCurrentThreadId () returned 0x6f8 [0208.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.375] FindNextFileW (in: hFindFile=0x6cbad0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.375] GetCurrentThreadId () returned 0x6f8 [0208.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.375] FindNextFileW (in: hFindFile=0x6cbad0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.375] GetCurrentThreadId () returned 0x6f8 [0208.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.375] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0208.375] GetCurrentThreadId () returned 0x6f8 [0208.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.375] GetCurrentThreadId () returned 0x6f8 [0208.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.375] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbb10 [0208.377] GetCurrentThreadId () returned 0x6f8 [0208.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.377] FindNextFileW (in: hFindFile=0x6cbb10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.377] GetCurrentThreadId () returned 0x6f8 [0208.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.377] FindNextFileW (in: hFindFile=0x6cbb10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.377] GetCurrentThreadId () returned 0x6f8 [0208.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.377] FindNextFileW (in: hFindFile=0x6cbb10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.377] GetCurrentThreadId () returned 0x6f8 [0208.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.377] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0208.377] GetCurrentThreadId () returned 0x6f8 [0208.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.377] GetCurrentThreadId () returned 0x6f8 [0208.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.377] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbb50 [0208.378] GetCurrentThreadId () returned 0x6f8 [0208.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.378] FindNextFileW (in: hFindFile=0x6cbb50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.378] GetCurrentThreadId () returned 0x6f8 [0208.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.378] FindNextFileW (in: hFindFile=0x6cbb50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.378] GetCurrentThreadId () returned 0x6f8 [0208.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.378] FindNextFileW (in: hFindFile=0x6cbb50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.378] GetCurrentThreadId () returned 0x6f8 [0208.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.378] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0208.378] GetCurrentThreadId () returned 0x6f8 [0208.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.378] GetCurrentThreadId () returned 0x6f8 [0208.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.379] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbb90 [0208.379] GetCurrentThreadId () returned 0x6f8 [0208.379] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.379] FindNextFileW (in: hFindFile=0x6cbb90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.379] GetCurrentThreadId () returned 0x6f8 [0208.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.380] FindNextFileW (in: hFindFile=0x6cbb90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.380] GetCurrentThreadId () returned 0x6f8 [0208.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.380] FindNextFileW (in: hFindFile=0x6cbb90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.380] GetCurrentThreadId () returned 0x6f8 [0208.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.380] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0208.380] GetCurrentThreadId () returned 0x6f8 [0208.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.380] GetCurrentThreadId () returned 0x6f8 [0208.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.380] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbbd0 [0208.380] GetCurrentThreadId () returned 0x6f8 [0208.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.380] FindNextFileW (in: hFindFile=0x6cbbd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.380] GetCurrentThreadId () returned 0x6f8 [0208.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.380] FindNextFileW (in: hFindFile=0x6cbbd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.380] GetCurrentThreadId () returned 0x6f8 [0208.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.381] FindNextFileW (in: hFindFile=0x6cbbd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.381] GetCurrentThreadId () returned 0x6f8 [0208.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.381] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0208.381] GetCurrentThreadId () returned 0x6f8 [0208.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.381] GetCurrentThreadId () returned 0x6f8 [0208.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.381] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbc10 [0208.382] GetCurrentThreadId () returned 0x6f8 [0208.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.382] FindNextFileW (in: hFindFile=0x6cbc10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.382] GetCurrentThreadId () returned 0x6f8 [0208.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.382] FindNextFileW (in: hFindFile=0x6cbc10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.382] GetCurrentThreadId () returned 0x6f8 [0208.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.382] FindNextFileW (in: hFindFile=0x6cbc10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.382] GetCurrentThreadId () returned 0x6f8 [0208.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.382] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0208.382] GetCurrentThreadId () returned 0x6f8 [0208.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.382] GetCurrentThreadId () returned 0x6f8 [0208.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.382] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbc50 [0208.383] GetCurrentThreadId () returned 0x6f8 [0208.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.383] FindNextFileW (in: hFindFile=0x6cbc50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.383] GetCurrentThreadId () returned 0x6f8 [0208.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.383] FindNextFileW (in: hFindFile=0x6cbc50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.383] GetCurrentThreadId () returned 0x6f8 [0208.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.383] FindNextFileW (in: hFindFile=0x6cbc50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.383] GetCurrentThreadId () returned 0x6f8 [0208.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.383] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0208.383] GetCurrentThreadId () returned 0x6f8 [0208.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.383] GetCurrentThreadId () returned 0x6f8 [0208.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xf905f0, dwHighDateTime=0x1d6076d)) [0208.383] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbc90 [0208.384] GetCurrentThreadId () returned 0x6f8 [0208.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.384] FindNextFileW (in: hFindFile=0x6cbc90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.384] GetCurrentThreadId () returned 0x6f8 [0208.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.384] FindNextFileW (in: hFindFile=0x6cbc90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.384] GetCurrentThreadId () returned 0x6f8 [0208.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.385] FindNextFileW (in: hFindFile=0x6cbc90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.385] GetCurrentThreadId () returned 0x6f8 [0208.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.385] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0208.385] GetCurrentThreadId () returned 0x6f8 [0208.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.385] GetCurrentThreadId () returned 0x6f8 [0208.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.385] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbcd0 [0208.385] GetCurrentThreadId () returned 0x6f8 [0208.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.385] FindNextFileW (in: hFindFile=0x6cbcd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.385] GetCurrentThreadId () returned 0x6f8 [0208.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.385] FindNextFileW (in: hFindFile=0x6cbcd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.385] GetCurrentThreadId () returned 0x6f8 [0208.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.385] FindNextFileW (in: hFindFile=0x6cbcd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.385] GetCurrentThreadId () returned 0x6f8 [0208.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.386] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0208.386] GetCurrentThreadId () returned 0x6f8 [0208.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.386] GetCurrentThreadId () returned 0x6f8 [0208.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.386] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbd10 [0208.387] GetCurrentThreadId () returned 0x6f8 [0208.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.387] FindNextFileW (in: hFindFile=0x6cbd10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.388] GetCurrentThreadId () returned 0x6f8 [0208.388] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.388] FindNextFileW (in: hFindFile=0x6cbd10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.388] GetCurrentThreadId () returned 0x6f8 [0208.388] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.389] FindNextFileW (in: hFindFile=0x6cbd10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.389] GetCurrentThreadId () returned 0x6f8 [0208.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.389] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0208.389] GetCurrentThreadId () returned 0x6f8 [0208.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.389] GetCurrentThreadId () returned 0x6f8 [0208.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.389] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbd50 [0208.389] GetCurrentThreadId () returned 0x6f8 [0208.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.389] FindNextFileW (in: hFindFile=0x6cbd50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.389] GetCurrentThreadId () returned 0x6f8 [0208.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.389] FindNextFileW (in: hFindFile=0x6cbd50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.389] GetCurrentThreadId () returned 0x6f8 [0208.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.389] FindNextFileW (in: hFindFile=0x6cbd50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.390] GetCurrentThreadId () returned 0x6f8 [0208.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.390] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0208.390] GetCurrentThreadId () returned 0x6f8 [0208.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.390] GetCurrentThreadId () returned 0x6f8 [0208.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.390] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbd90 [0208.391] GetCurrentThreadId () returned 0x6f8 [0208.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.391] FindNextFileW (in: hFindFile=0x6cbd90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.391] GetCurrentThreadId () returned 0x6f8 [0208.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.391] FindNextFileW (in: hFindFile=0x6cbd90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.391] GetCurrentThreadId () returned 0x6f8 [0208.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.391] FindNextFileW (in: hFindFile=0x6cbd90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.391] GetCurrentThreadId () returned 0x6f8 [0208.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.391] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0208.391] GetCurrentThreadId () returned 0x6f8 [0208.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.391] GetCurrentThreadId () returned 0x6f8 [0208.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.391] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbdd0 [0208.391] GetCurrentThreadId () returned 0x6f8 [0208.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.391] FindNextFileW (in: hFindFile=0x6cbdd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.392] GetCurrentThreadId () returned 0x6f8 [0208.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.392] FindNextFileW (in: hFindFile=0x6cbdd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.392] GetCurrentThreadId () returned 0x6f8 [0208.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.392] FindNextFileW (in: hFindFile=0x6cbdd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.392] GetCurrentThreadId () returned 0x6f8 [0208.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.392] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0208.392] GetCurrentThreadId () returned 0x6f8 [0208.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.392] GetCurrentThreadId () returned 0x6f8 [0208.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.392] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbe10 [0208.393] GetCurrentThreadId () returned 0x6f8 [0208.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.393] FindNextFileW (in: hFindFile=0x6cbe10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.393] GetCurrentThreadId () returned 0x6f8 [0208.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.393] FindNextFileW (in: hFindFile=0x6cbe10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.393] GetCurrentThreadId () returned 0x6f8 [0208.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.393] FindNextFileW (in: hFindFile=0x6cbe10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.393] GetCurrentThreadId () returned 0x6f8 [0208.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.393] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0208.393] GetCurrentThreadId () returned 0x6f8 [0208.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.393] GetCurrentThreadId () returned 0x6f8 [0208.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.393] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbe50 [0208.394] GetCurrentThreadId () returned 0x6f8 [0208.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.394] FindNextFileW (in: hFindFile=0x6cbe50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.394] GetCurrentThreadId () returned 0x6f8 [0208.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.394] FindNextFileW (in: hFindFile=0x6cbe50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.394] GetCurrentThreadId () returned 0x6f8 [0208.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.394] FindNextFileW (in: hFindFile=0x6cbe50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.394] GetCurrentThreadId () returned 0x6f8 [0208.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.394] FindNextFileW (in: hFindFile=0x6bf668, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0208.394] GetCurrentThreadId () returned 0x6f8 [0208.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.394] FindNextFileW (in: hFindFile=0x6bf628, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0208.394] GetCurrentThreadId () returned 0x6f8 [0208.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.395] GetCurrentThreadId () returned 0x6f8 [0208.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.395] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbe90 [0208.395] GetCurrentThreadId () returned 0x6f8 [0208.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.395] FindNextFileW (in: hFindFile=0x6cbe90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.395] GetCurrentThreadId () returned 0x6f8 [0208.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.395] FindNextFileW (in: hFindFile=0x6cbe90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x628aed00, ftLastWriteTime.dwHighDateTime=0x1d0f5b2, nFileSizeHigh=0x0, nFileSizeLow=0x2769, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0208.395] GetCurrentThreadId () returned 0x6f8 [0208.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.395] FindNextFileW (in: hFindFile=0x6cbe90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x628aed00, ftLastWriteTime.dwHighDateTime=0x1d0f5b2, nFileSizeHigh=0x0, nFileSizeLow=0x2769, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0208.395] GetCurrentThreadId () returned 0x6f8 [0208.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.395] FindNextFileW (in: hFindFile=0x6bf628, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0208.395] GetCurrentThreadId () returned 0x6f8 [0208.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0xfb6750, dwHighDateTime=0x1d6076d)) [0208.395] FindNextFileW (in: hFindFile=0x6bf5e8, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4.2.8_0", cAlternateFileName="4278E1~1.8_0")) returned 0 [0208.396] FindNextFileW (in: hFindFile=0x6a9308, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="felcaaldnbdncclmgdcncolpebgiejap", cAlternateFileName="FELCAA~1")) returned 1 [0208.396] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbed0 [0208.396] FindNextFileW (in: hFindFile=0x6cbed0, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.397] FindNextFileW (in: hFindFile=0x6cbed0, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1_0", cAlternateFileName="")) returned 1 [0208.397] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbf10 [0208.399] FindNextFileW (in: hFindFile=0x6cbf10, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.400] FindNextFileW (in: hFindFile=0x6cbf10, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84234950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd47, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0208.402] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png", dwFileAttributes=0x80) returned 1 [0208.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8dc [0208.403] GetFileSize (in: hFile=0x8dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd47 [0208.410] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png", dwFileAttributes=0x2020) returned 1 [0208.410] GetCurrentThreadId () returned 0x6f8 [0208.410] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png", piIcon=0x4e4de98 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png", piIcon=0x4e4de98) returned 0xe014d [0208.424] GetIconInfo (in: hIcon=0xe014d, piconinfo=0x4e4de84 | out: piconinfo=0x4e4de84) returned 1 [0208.424] CreateFileW (lpFileName="gAAg.ico" (normalized: "c:\\windows\\system32\\gaag.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e0 [0208.425] GetObjectA (in: h=0x3b050771, c=24, pv=0x4e4de48 | out: pv=0x4e4de48) returned 24 [0208.425] GetObjectA (in: h=0x800501fe, c=24, pv=0x4e4de60 | out: pv=0x4e4de60) returned 24 [0208.425] CreateCompatibleDC (hdc=0x0) returned 0x61010776 [0208.425] GetDIBits (in: hdc=0x61010776, hbm=0x3b050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d9f8) returned 1 [0208.425] GetDIBits (in: hdc=0x61010776, hbm=0x3b050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4d9f8) returned 32 [0208.425] GetDIBits (in: hdc=0x61010776, hbm=0x3b050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d5d0) returned 1 [0208.425] GetDIBits (in: hdc=0x61010776, hbm=0x800501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4d5d0) returned 32 [0208.425] WriteFile (in: hFile=0x8e0, lpBuffer=0x4e4d5b0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5b0*, lpNumberOfBytesWritten=0x4e4d598*=0x6, lpOverlapped=0x0) returned 1 [0208.427] WriteFile (in: hFile=0x8e0, lpBuffer=0x4e4d5a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5a0*, lpNumberOfBytesWritten=0x4e4d598*=0x10, lpOverlapped=0x0) returned 1 [0208.427] WriteFile (in: hFile=0x8e0, lpBuffer=0x4e4de20*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4de20*, lpNumberOfBytesWritten=0x4e4d598*=0x28, lpOverlapped=0x0) returned 1 [0208.427] WriteFile (in: hFile=0x8e0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4d598*=0x1000, lpOverlapped=0x0) returned 1 [0208.427] WriteFile (in: hFile=0x8e0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4d598*=0x80, lpOverlapped=0x0) returned 1 [0208.427] DeleteDC (hdc=0x61010776) returned 1 [0208.427] CloseHandle (hObject=0x8e0) returned 1 [0208.428] DeleteObject (ho=0x3b050771) returned 1 [0208.428] DeleteObject (ho=0x800501fe) returned 1 [0208.428] DestroyCursor (hCursor=0xe014d) returned 1 [0208.428] GetCurrentThreadId () returned 0x6f8 [0208.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e0 [0208.428] GetFileSize (in: hFile=0x8e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd47 [0208.434] ReadFile (in: hFile=0x8e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xd47, lpNumberOfBytesRead=0x4e4e184, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e184*=0xd47, lpOverlapped=0x0) returned 1 [0208.434] CloseHandle (hObject=0x8e0) returned 1 [0208.434] GetCurrentThreadId () returned 0x6f8 [0208.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0x1028b70, dwHighDateTime=0x1d6076d)) [0208.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0x1028b70, dwHighDateTime=0x1d6076d)) [0208.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de00 | out: lpSystemTimeAsFileTime=0x4e4de00*(dwLowDateTime=0x1028b70, dwHighDateTime=0x1d6076d)) [0208.571] GetCurrentThreadId () returned 0x6f8 [0208.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0x117f7d0, dwHighDateTime=0x1d6076d)) [0208.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0x117f7d0, dwHighDateTime=0x1d6076d)) [0208.571] GetCurrentThreadId () returned 0x6f8 [0208.571] CreateFileW (lpFileName="IowS.exe" (normalized: "c:\\windows\\system32\\iows.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.572] CreateFileW (lpFileName="IowS.exe" (normalized: "c:\\windows\\system32\\iows.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.573] GetCurrentThreadId () returned 0x6f8 [0208.573] GetCurrentThreadId () returned 0x6f8 [0208.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0x117f7d0, dwHighDateTime=0x1d6076d)) [0208.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0x117f7d0, dwHighDateTime=0x1d6076d)) [0208.573] CreateFileW (lpFileName="IowS.exe" (normalized: "c:\\windows\\system32\\iows.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.573] GetCurrentThreadId () returned 0x6f8 [0208.573] BeginUpdateResourceW (pFileName="IowS.exe" (normalized: "c:\\windows\\system32\\iows.exe"), bDeleteExistingResources=0) returned 0x0 [0208.573] CreateFileW (lpFileName="gAAg.ico" (normalized: "c:\\windows\\system32\\gaag.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x8e0 [0208.573] GetFileSize (in: hFile=0x8e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0208.573] ReadFile (in: hFile=0x8e0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4de98, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4de98*=0x10be, lpOverlapped=0x0) returned 1 [0208.574] CloseHandle (hObject=0x8e0) returned 1 [0208.574] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0208.574] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4de84, cb=0x14) returned 0 [0208.574] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0208.574] CopyFileW (lpExistingFileName="IowS.exe" (normalized: "c:\\windows\\system32\\iows.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.exe"), bFailIfExists=0) returned 0 [0208.574] SetNamedSecurityInfoW () returned 0x2 [0208.574] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png")) returned 1 [0208.575] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x114, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4dedc*=0x114, lpOverlapped=0x0) returned 1 [0208.575] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4dedc*=0x4, lpOverlapped=0x0) returned 1 [0208.575] DeleteFileW (lpFileName="gAAg.ico" (normalized: "c:\\windows\\system32\\gaag.ico")) returned 1 [0208.576] DeleteFileW (lpFileName="IowS.exe" (normalized: "c:\\windows\\system32\\iows.exe")) returned 0 [0208.577] GetCurrentThreadId () returned 0x6f8 [0208.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de8c | out: lpSystemTimeAsFileTime=0x4e4de8c*(dwLowDateTime=0x117f7d0, dwHighDateTime=0x1d6076d)) [0208.577] GetCurrentThreadId () returned 0x6f8 [0208.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x117f7d0, dwHighDateTime=0x1d6076d)) [0208.577] FindNextFileW (in: hFindFile=0x6cbf10, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84239770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0208.577] GetCurrentThreadId () returned 0x6f8 [0208.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4deb4 | out: lpSystemTimeAsFileTime=0x4e4deb4*(dwLowDateTime=0x117f7d0, dwHighDateTime=0x1d6076d)) [0208.577] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png")) returned 0x2020 [0208.578] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png", dwFileAttributes=0x80) returned 1 [0208.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e0 [0208.579] GetFileSize (in: hFile=0x8e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9d [0208.584] ReadFile (in: hFile=0x8e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x9d, lpNumberOfBytesRead=0x4e4de8c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4de8c*=0x9d, lpOverlapped=0x0) returned 1 [0208.586] CloseHandle (hObject=0x8e0) returned 1 [0208.586] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png", dwFileAttributes=0x2020) returned 1 [0208.586] CloseHandle (hObject=0x4e4e1b4) returned 0 [0208.586] GetCurrentThreadId () returned 0x6f8 [0208.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de8c | out: lpSystemTimeAsFileTime=0x4e4de8c*(dwLowDateTime=0x117f7d0, dwHighDateTime=0x1d6076d)) [0208.586] GetCurrentThreadId () returned 0x6f8 [0208.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x117f7d0, dwHighDateTime=0x1d6076d)) [0208.586] FindNextFileW (in: hFindFile=0x6cbf10, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8423be80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8423e590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0208.586] GetCurrentThreadId () returned 0x6f8 [0208.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x11a5930, dwHighDateTime=0x1d6076d)) [0208.587] FindNextFileW (in: hFindFile=0x6cbf10, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84240ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84240ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0208.587] GetCurrentThreadId () returned 0x6f8 [0208.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x11a5930, dwHighDateTime=0x1d6076d)) [0208.587] FindNextFileW (in: hFindFile=0x6cbf10, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x840205b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84245ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844aa770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0208.587] GetCurrentThreadId () returned 0x6f8 [0208.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x11a5930, dwHighDateTime=0x1d6076d)) [0208.587] FindNextFileW (in: hFindFile=0x6cbf10, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0208.587] GetCurrentThreadId () returned 0x6f8 [0208.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x11a5930, dwHighDateTime=0x1d6076d)) [0208.587] GetCurrentThreadId () returned 0x6f8 [0208.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x11a5930, dwHighDateTime=0x1d6076d)) [0208.587] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbf50 [0208.633] GetCurrentThreadId () returned 0x6f8 [0208.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.634] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.634] GetCurrentThreadId () returned 0x6f8 [0208.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.634] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0208.634] GetCurrentThreadId () returned 0x6f8 [0208.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.634] GetCurrentThreadId () returned 0x6f8 [0208.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.634] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbf90 [0208.635] GetCurrentThreadId () returned 0x6f8 [0208.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.635] FindNextFileW (in: hFindFile=0x6cbf90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.635] GetCurrentThreadId () returned 0x6f8 [0208.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.635] FindNextFileW (in: hFindFile=0x6cbf90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8403b360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.635] GetCurrentThreadId () returned 0x6f8 [0208.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.635] FindNextFileW (in: hFindFile=0x6cbf90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8403b360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.635] GetCurrentThreadId () returned 0x6f8 [0208.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.635] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0208.635] GetCurrentThreadId () returned 0x6f8 [0208.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.635] GetCurrentThreadId () returned 0x6f8 [0208.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.635] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cbfd0 [0208.637] GetCurrentThreadId () returned 0x6f8 [0208.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.637] FindNextFileW (in: hFindFile=0x6cbfd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.637] GetCurrentThreadId () returned 0x6f8 [0208.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.637] FindNextFileW (in: hFindFile=0x6cbfd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84056110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84058820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.637] GetCurrentThreadId () returned 0x6f8 [0208.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.637] FindNextFileW (in: hFindFile=0x6cbfd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84056110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84058820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.637] GetCurrentThreadId () returned 0x6f8 [0208.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.637] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0208.637] GetCurrentThreadId () returned 0x6f8 [0208.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.637] GetCurrentThreadId () returned 0x6f8 [0208.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.637] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cc010 [0208.638] GetCurrentThreadId () returned 0x6f8 [0208.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.638] FindNextFileW (in: hFindFile=0x6cc010, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.638] GetCurrentThreadId () returned 0x6f8 [0208.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.638] FindNextFileW (in: hFindFile=0x6cc010, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84067280, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.638] GetCurrentThreadId () returned 0x6f8 [0208.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.638] FindNextFileW (in: hFindFile=0x6cc010, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84067280, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.638] GetCurrentThreadId () returned 0x6f8 [0208.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.638] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0208.638] GetCurrentThreadId () returned 0x6f8 [0208.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.638] GetCurrentThreadId () returned 0x6f8 [0208.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.638] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e906e8 [0208.640] GetCurrentThreadId () returned 0x6f8 [0208.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.640] FindNextFileW (in: hFindFile=0x7e906e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.640] GetCurrentThreadId () returned 0x6f8 [0208.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.640] FindNextFileW (in: hFindFile=0x7e906e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8407f920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84082030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.640] GetCurrentThreadId () returned 0x6f8 [0208.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.640] FindNextFileW (in: hFindFile=0x7e906e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8407f920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84082030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.640] GetCurrentThreadId () returned 0x6f8 [0208.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.640] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0208.640] GetCurrentThreadId () returned 0x6f8 [0208.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.640] GetCurrentThreadId () returned 0x6f8 [0208.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.640] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90728 [0208.641] GetCurrentThreadId () returned 0x6f8 [0208.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.641] FindNextFileW (in: hFindFile=0x7e90728, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.641] GetCurrentThreadId () returned 0x6f8 [0208.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.641] FindNextFileW (in: hFindFile=0x7e90728, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84090a90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.641] GetCurrentThreadId () returned 0x6f8 [0208.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.641] FindNextFileW (in: hFindFile=0x7e90728, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84090a90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.641] GetCurrentThreadId () returned 0x6f8 [0208.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.641] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0208.641] GetCurrentThreadId () returned 0x6f8 [0208.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.641] GetCurrentThreadId () returned 0x6f8 [0208.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.641] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90768 [0208.643] GetCurrentThreadId () returned 0x6f8 [0208.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.643] FindNextFileW (in: hFindFile=0x7e90768, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.643] GetCurrentThreadId () returned 0x6f8 [0208.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.643] FindNextFileW (in: hFindFile=0x7e90768, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8409cde0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.643] GetCurrentThreadId () returned 0x6f8 [0208.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.643] FindNextFileW (in: hFindFile=0x7e90768, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8409cde0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.643] GetCurrentThreadId () returned 0x6f8 [0208.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.643] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0208.643] GetCurrentThreadId () returned 0x6f8 [0208.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.643] GetCurrentThreadId () returned 0x6f8 [0208.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.643] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e907a8 [0208.644] GetCurrentThreadId () returned 0x6f8 [0208.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.644] FindNextFileW (in: hFindFile=0x7e907a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.644] GetCurrentThreadId () returned 0x6f8 [0208.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.644] FindNextFileW (in: hFindFile=0x7e907a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84116f00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.644] GetCurrentThreadId () returned 0x6f8 [0208.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.644] FindNextFileW (in: hFindFile=0x7e907a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84116f00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.644] GetCurrentThreadId () returned 0x6f8 [0208.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.644] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0208.644] GetCurrentThreadId () returned 0x6f8 [0208.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.644] GetCurrentThreadId () returned 0x6f8 [0208.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.644] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e907e8 [0208.646] GetCurrentThreadId () returned 0x6f8 [0208.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.646] FindNextFileW (in: hFindFile=0x7e907e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.646] GetCurrentThreadId () returned 0x6f8 [0208.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.646] FindNextFileW (in: hFindFile=0x7e907e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84120b40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.646] GetCurrentThreadId () returned 0x6f8 [0208.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.646] FindNextFileW (in: hFindFile=0x7e907e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84120b40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.646] GetCurrentThreadId () returned 0x6f8 [0208.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.646] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0208.646] GetCurrentThreadId () returned 0x6f8 [0208.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.646] GetCurrentThreadId () returned 0x6f8 [0208.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.646] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90828 [0208.647] GetCurrentThreadId () returned 0x6f8 [0208.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.647] FindNextFileW (in: hFindFile=0x7e90828, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.647] GetCurrentThreadId () returned 0x6f8 [0208.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.647] FindNextFileW (in: hFindFile=0x7e90828, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8412ce90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.647] GetCurrentThreadId () returned 0x6f8 [0208.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.647] FindNextFileW (in: hFindFile=0x7e90828, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8412ce90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.647] GetCurrentThreadId () returned 0x6f8 [0208.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.647] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0208.647] GetCurrentThreadId () returned 0x6f8 [0208.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.647] GetCurrentThreadId () returned 0x6f8 [0208.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.647] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90868 [0208.649] GetCurrentThreadId () returned 0x6f8 [0208.649] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1217d50, dwHighDateTime=0x1d6076d)) [0208.649] FindNextFileW (in: hFindFile=0x7e90868, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.649] GetCurrentThreadId () returned 0x6f8 [0208.649] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.649] FindNextFileW (in: hFindFile=0x7e90868, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841343c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.649] GetCurrentThreadId () returned 0x6f8 [0208.649] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.649] FindNextFileW (in: hFindFile=0x7e90868, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841343c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.649] GetCurrentThreadId () returned 0x6f8 [0208.649] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.649] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0208.649] GetCurrentThreadId () returned 0x6f8 [0208.649] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.650] GetCurrentThreadId () returned 0x6f8 [0208.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.650] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e908a8 [0208.650] GetCurrentThreadId () returned 0x6f8 [0208.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.650] FindNextFileW (in: hFindFile=0x7e908a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.650] GetCurrentThreadId () returned 0x6f8 [0208.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.650] FindNextFileW (in: hFindFile=0x7e908a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8413b8f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.650] GetCurrentThreadId () returned 0x6f8 [0208.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.650] FindNextFileW (in: hFindFile=0x7e908a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8413b8f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.650] GetCurrentThreadId () returned 0x6f8 [0208.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.650] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0208.650] GetCurrentThreadId () returned 0x6f8 [0208.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.651] GetCurrentThreadId () returned 0x6f8 [0208.651] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.651] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e908e8 [0208.652] GetCurrentThreadId () returned 0x6f8 [0208.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.652] FindNextFileW (in: hFindFile=0x7e908e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.652] GetCurrentThreadId () returned 0x6f8 [0208.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.652] FindNextFileW (in: hFindFile=0x7e908e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84142e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.652] GetCurrentThreadId () returned 0x6f8 [0208.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.652] FindNextFileW (in: hFindFile=0x7e908e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84142e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.652] GetCurrentThreadId () returned 0x6f8 [0208.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.652] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0208.652] GetCurrentThreadId () returned 0x6f8 [0208.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.652] GetCurrentThreadId () returned 0x6f8 [0208.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.652] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90928 [0208.653] GetCurrentThreadId () returned 0x6f8 [0208.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.653] FindNextFileW (in: hFindFile=0x7e90928, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.653] GetCurrentThreadId () returned 0x6f8 [0208.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.653] FindNextFileW (in: hFindFile=0x7e90928, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8414a350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414f170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.653] GetCurrentThreadId () returned 0x6f8 [0208.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.653] FindNextFileW (in: hFindFile=0x7e90928, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8414a350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414f170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.653] GetCurrentThreadId () returned 0x6f8 [0208.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.653] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0208.653] GetCurrentThreadId () returned 0x6f8 [0208.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.653] GetCurrentThreadId () returned 0x6f8 [0208.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.654] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90968 [0208.655] GetCurrentThreadId () returned 0x6f8 [0208.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.655] FindNextFileW (in: hFindFile=0x7e90968, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.655] GetCurrentThreadId () returned 0x6f8 [0208.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.655] FindNextFileW (in: hFindFile=0x7e90968, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841566a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.655] GetCurrentThreadId () returned 0x6f8 [0208.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.655] FindNextFileW (in: hFindFile=0x7e90968, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841566a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.655] GetCurrentThreadId () returned 0x6f8 [0208.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.655] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0208.655] GetCurrentThreadId () returned 0x6f8 [0208.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.655] GetCurrentThreadId () returned 0x6f8 [0208.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.655] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e909a8 [0208.656] GetCurrentThreadId () returned 0x6f8 [0208.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.656] FindNextFileW (in: hFindFile=0x7e909a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.656] GetCurrentThreadId () returned 0x6f8 [0208.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.656] FindNextFileW (in: hFindFile=0x7e909a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8415dbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.656] GetCurrentThreadId () returned 0x6f8 [0208.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.656] FindNextFileW (in: hFindFile=0x7e909a8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8415dbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.656] GetCurrentThreadId () returned 0x6f8 [0208.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.656] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0208.656] GetCurrentThreadId () returned 0x6f8 [0208.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.656] GetCurrentThreadId () returned 0x6f8 [0208.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.657] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e909e8 [0208.658] GetCurrentThreadId () returned 0x6f8 [0208.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.658] FindNextFileW (in: hFindFile=0x7e909e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.658] GetCurrentThreadId () returned 0x6f8 [0208.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.658] FindNextFileW (in: hFindFile=0x7e909e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84165100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.658] GetCurrentThreadId () returned 0x6f8 [0208.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.658] FindNextFileW (in: hFindFile=0x7e909e8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84165100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.658] GetCurrentThreadId () returned 0x6f8 [0208.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.658] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0208.658] GetCurrentThreadId () returned 0x6f8 [0208.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.658] GetCurrentThreadId () returned 0x6f8 [0208.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.658] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90a28 [0208.659] GetCurrentThreadId () returned 0x6f8 [0208.659] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.659] FindNextFileW (in: hFindFile=0x7e90a28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.659] GetCurrentThreadId () returned 0x6f8 [0208.659] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.659] FindNextFileW (in: hFindFile=0x7e90a28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8416c630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.659] GetCurrentThreadId () returned 0x6f8 [0208.659] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.659] FindNextFileW (in: hFindFile=0x7e90a28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8416c630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.659] GetCurrentThreadId () returned 0x6f8 [0208.659] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.659] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0208.659] GetCurrentThreadId () returned 0x6f8 [0208.659] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.659] GetCurrentThreadId () returned 0x6f8 [0208.659] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.659] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90a68 [0208.661] GetCurrentThreadId () returned 0x6f8 [0208.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.661] FindNextFileW (in: hFindFile=0x7e90a68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.661] GetCurrentThreadId () returned 0x6f8 [0208.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.661] FindNextFileW (in: hFindFile=0x7e90a68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84173b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.661] GetCurrentThreadId () returned 0x6f8 [0208.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.661] FindNextFileW (in: hFindFile=0x7e90a68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84173b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.661] GetCurrentThreadId () returned 0x6f8 [0208.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.661] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0208.661] GetCurrentThreadId () returned 0x6f8 [0208.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.661] GetCurrentThreadId () returned 0x6f8 [0208.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.661] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90aa8 [0208.662] GetCurrentThreadId () returned 0x6f8 [0208.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.662] FindNextFileW (in: hFindFile=0x7e90aa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.662] GetCurrentThreadId () returned 0x6f8 [0208.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.662] FindNextFileW (in: hFindFile=0x7e90aa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8417b090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.662] GetCurrentThreadId () returned 0x6f8 [0208.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.662] FindNextFileW (in: hFindFile=0x7e90aa8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8417b090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.662] GetCurrentThreadId () returned 0x6f8 [0208.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.662] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0208.662] GetCurrentThreadId () returned 0x6f8 [0208.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.662] GetCurrentThreadId () returned 0x6f8 [0208.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.662] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90ae8 [0208.663] GetCurrentThreadId () returned 0x6f8 [0208.663] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.663] FindNextFileW (in: hFindFile=0x7e90ae8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.664] GetCurrentThreadId () returned 0x6f8 [0208.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.664] FindNextFileW (in: hFindFile=0x7e90ae8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841825c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.664] GetCurrentThreadId () returned 0x6f8 [0208.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.664] FindNextFileW (in: hFindFile=0x7e90ae8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841825c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.664] GetCurrentThreadId () returned 0x6f8 [0208.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.664] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0208.664] GetCurrentThreadId () returned 0x6f8 [0208.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.664] GetCurrentThreadId () returned 0x6f8 [0208.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x123deb0, dwHighDateTime=0x1d6076d)) [0208.664] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90b28 [0208.665] GetCurrentThreadId () returned 0x6f8 [0208.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.665] FindNextFileW (in: hFindFile=0x7e90b28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.665] GetCurrentThreadId () returned 0x6f8 [0208.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.665] FindNextFileW (in: hFindFile=0x7e90b28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84189af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.666] GetCurrentThreadId () returned 0x6f8 [0208.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.666] FindNextFileW (in: hFindFile=0x7e90b28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84189af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.666] GetCurrentThreadId () returned 0x6f8 [0208.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.666] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0208.666] GetCurrentThreadId () returned 0x6f8 [0208.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.666] GetCurrentThreadId () returned 0x6f8 [0208.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.666] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90b68 [0208.667] GetCurrentThreadId () returned 0x6f8 [0208.667] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.668] FindNextFileW (in: hFindFile=0x7e90b68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.669] GetCurrentThreadId () returned 0x6f8 [0208.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.669] FindNextFileW (in: hFindFile=0x7e90b68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84191020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.669] GetCurrentThreadId () returned 0x6f8 [0208.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.669] FindNextFileW (in: hFindFile=0x7e90b68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84191020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.670] GetCurrentThreadId () returned 0x6f8 [0208.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.670] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0208.670] GetCurrentThreadId () returned 0x6f8 [0208.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.670] GetCurrentThreadId () returned 0x6f8 [0208.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.670] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90ba8 [0208.670] GetCurrentThreadId () returned 0x6f8 [0208.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.670] FindNextFileW (in: hFindFile=0x7e90ba8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.670] GetCurrentThreadId () returned 0x6f8 [0208.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.671] FindNextFileW (in: hFindFile=0x7e90ba8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84198550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8419d370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.671] GetCurrentThreadId () returned 0x6f8 [0208.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.671] FindNextFileW (in: hFindFile=0x7e90ba8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84198550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8419d370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.671] GetCurrentThreadId () returned 0x6f8 [0208.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.672] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0208.672] GetCurrentThreadId () returned 0x6f8 [0208.673] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.673] GetCurrentThreadId () returned 0x6f8 [0208.673] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.673] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90be8 [0208.674] GetCurrentThreadId () returned 0x6f8 [0208.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.674] FindNextFileW (in: hFindFile=0x7e90be8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.674] GetCurrentThreadId () returned 0x6f8 [0208.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.674] FindNextFileW (in: hFindFile=0x7e90be8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a2190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a48a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.674] GetCurrentThreadId () returned 0x6f8 [0208.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.674] FindNextFileW (in: hFindFile=0x7e90be8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a2190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a48a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.674] GetCurrentThreadId () returned 0x6f8 [0208.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.674] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0208.674] GetCurrentThreadId () returned 0x6f8 [0208.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.675] GetCurrentThreadId () returned 0x6f8 [0208.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.675] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90c28 [0208.675] GetCurrentThreadId () returned 0x6f8 [0208.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.675] FindNextFileW (in: hFindFile=0x7e90c28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.675] GetCurrentThreadId () returned 0x6f8 [0208.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.675] FindNextFileW (in: hFindFile=0x7e90c28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a96c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.675] GetCurrentThreadId () returned 0x6f8 [0208.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.675] FindNextFileW (in: hFindFile=0x7e90c28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a96c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.675] GetCurrentThreadId () returned 0x6f8 [0208.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.676] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0208.676] GetCurrentThreadId () returned 0x6f8 [0208.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.676] GetCurrentThreadId () returned 0x6f8 [0208.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.676] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90c68 [0208.677] GetCurrentThreadId () returned 0x6f8 [0208.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.677] FindNextFileW (in: hFindFile=0x7e90c68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.677] GetCurrentThreadId () returned 0x6f8 [0208.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.677] FindNextFileW (in: hFindFile=0x7e90c68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b0bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.677] GetCurrentThreadId () returned 0x6f8 [0208.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.677] FindNextFileW (in: hFindFile=0x7e90c68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b0bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.677] GetCurrentThreadId () returned 0x6f8 [0208.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.677] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0208.677] GetCurrentThreadId () returned 0x6f8 [0208.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.677] GetCurrentThreadId () returned 0x6f8 [0208.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.678] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90ca8 [0208.678] GetCurrentThreadId () returned 0x6f8 [0208.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.678] FindNextFileW (in: hFindFile=0x7e90ca8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.678] GetCurrentThreadId () returned 0x6f8 [0208.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.678] FindNextFileW (in: hFindFile=0x7e90ca8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b8120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.678] GetCurrentThreadId () returned 0x6f8 [0208.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.678] FindNextFileW (in: hFindFile=0x7e90ca8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b8120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.678] GetCurrentThreadId () returned 0x6f8 [0208.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.678] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0208.678] GetCurrentThreadId () returned 0x6f8 [0208.679] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.679] GetCurrentThreadId () returned 0x6f8 [0208.679] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.679] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90ce8 [0208.680] GetCurrentThreadId () returned 0x6f8 [0208.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.680] FindNextFileW (in: hFindFile=0x7e90ce8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.680] GetCurrentThreadId () returned 0x6f8 [0208.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1264010, dwHighDateTime=0x1d6076d)) [0208.680] FindNextFileW (in: hFindFile=0x7e90ce8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841bf650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.680] GetCurrentThreadId () returned 0x6f8 [0208.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.680] FindNextFileW (in: hFindFile=0x7e90ce8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841bf650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.680] GetCurrentThreadId () returned 0x6f8 [0208.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.680] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0208.680] GetCurrentThreadId () returned 0x6f8 [0208.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.680] GetCurrentThreadId () returned 0x6f8 [0208.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.681] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90d28 [0208.681] GetCurrentThreadId () returned 0x6f8 [0208.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.681] FindNextFileW (in: hFindFile=0x7e90d28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.681] GetCurrentThreadId () returned 0x6f8 [0208.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.681] FindNextFileW (in: hFindFile=0x7e90d28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841c9290, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.681] GetCurrentThreadId () returned 0x6f8 [0208.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.681] FindNextFileW (in: hFindFile=0x7e90d28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841c9290, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.681] GetCurrentThreadId () returned 0x6f8 [0208.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.681] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0208.681] GetCurrentThreadId () returned 0x6f8 [0208.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.682] GetCurrentThreadId () returned 0x6f8 [0208.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.682] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90d68 [0208.683] GetCurrentThreadId () returned 0x6f8 [0208.683] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.683] FindNextFileW (in: hFindFile=0x7e90d68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.683] GetCurrentThreadId () returned 0x6f8 [0208.683] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.683] FindNextFileW (in: hFindFile=0x7e90d68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d07c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.683] GetCurrentThreadId () returned 0x6f8 [0208.683] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.683] FindNextFileW (in: hFindFile=0x7e90d68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d07c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.683] GetCurrentThreadId () returned 0x6f8 [0208.683] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.683] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0208.683] GetCurrentThreadId () returned 0x6f8 [0208.683] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.683] GetCurrentThreadId () returned 0x6f8 [0208.683] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.683] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90da8 [0208.684] GetCurrentThreadId () returned 0x6f8 [0208.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.684] FindNextFileW (in: hFindFile=0x7e90da8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.684] GetCurrentThreadId () returned 0x6f8 [0208.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.684] FindNextFileW (in: hFindFile=0x7e90da8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d7cf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.684] GetCurrentThreadId () returned 0x6f8 [0208.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.684] FindNextFileW (in: hFindFile=0x7e90da8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d7cf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.684] GetCurrentThreadId () returned 0x6f8 [0208.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.684] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0208.684] GetCurrentThreadId () returned 0x6f8 [0208.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.684] GetCurrentThreadId () returned 0x6f8 [0208.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.684] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90de8 [0208.686] GetCurrentThreadId () returned 0x6f8 [0208.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.686] FindNextFileW (in: hFindFile=0x7e90de8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.686] GetCurrentThreadId () returned 0x6f8 [0208.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.686] FindNextFileW (in: hFindFile=0x7e90de8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841df220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.686] GetCurrentThreadId () returned 0x6f8 [0208.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.686] FindNextFileW (in: hFindFile=0x7e90de8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841df220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.686] GetCurrentThreadId () returned 0x6f8 [0208.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.686] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0208.686] GetCurrentThreadId () returned 0x6f8 [0208.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.686] GetCurrentThreadId () returned 0x6f8 [0208.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.686] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90e28 [0208.687] GetCurrentThreadId () returned 0x6f8 [0208.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.687] FindNextFileW (in: hFindFile=0x7e90e28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.687] GetCurrentThreadId () returned 0x6f8 [0208.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.687] FindNextFileW (in: hFindFile=0x7e90e28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f0390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.687] GetCurrentThreadId () returned 0x6f8 [0208.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.687] FindNextFileW (in: hFindFile=0x7e90e28, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f0390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.687] GetCurrentThreadId () returned 0x6f8 [0208.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.687] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0208.687] GetCurrentThreadId () returned 0x6f8 [0208.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.687] GetCurrentThreadId () returned 0x6f8 [0208.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.687] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e90e68 [0208.688] GetCurrentThreadId () returned 0x6f8 [0208.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.688] FindNextFileW (in: hFindFile=0x7e90e68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.689] GetCurrentThreadId () returned 0x6f8 [0208.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.689] FindNextFileW (in: hFindFile=0x7e90e68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f78c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.689] GetCurrentThreadId () returned 0x6f8 [0208.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.689] FindNextFileW (in: hFindFile=0x7e90e68, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f78c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.689] GetCurrentThreadId () returned 0x6f8 [0208.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.689] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0208.689] GetCurrentThreadId () returned 0x6f8 [0208.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.689] GetCurrentThreadId () returned 0x6f8 [0208.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.689] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce090 [0208.690] GetCurrentThreadId () returned 0x6f8 [0208.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.690] FindNextFileW (in: hFindFile=0x6ce090, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.690] GetCurrentThreadId () returned 0x6f8 [0208.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.690] FindNextFileW (in: hFindFile=0x6ce090, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841fedf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.690] GetCurrentThreadId () returned 0x6f8 [0208.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.690] FindNextFileW (in: hFindFile=0x6ce090, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841fedf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.690] GetCurrentThreadId () returned 0x6f8 [0208.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.690] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0208.690] GetCurrentThreadId () returned 0x6f8 [0208.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.690] GetCurrentThreadId () returned 0x6f8 [0208.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.691] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce0d0 [0208.692] GetCurrentThreadId () returned 0x6f8 [0208.692] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.692] FindNextFileW (in: hFindFile=0x6ce0d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.692] GetCurrentThreadId () returned 0x6f8 [0208.692] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.692] FindNextFileW (in: hFindFile=0x6ce0d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84206320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.692] GetCurrentThreadId () returned 0x6f8 [0208.692] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.692] FindNextFileW (in: hFindFile=0x6ce0d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84206320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.692] GetCurrentThreadId () returned 0x6f8 [0208.692] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.693] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0208.693] GetCurrentThreadId () returned 0x6f8 [0208.693] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.693] GetCurrentThreadId () returned 0x6f8 [0208.693] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.693] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce110 [0208.693] GetCurrentThreadId () returned 0x6f8 [0208.693] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.693] FindNextFileW (in: hFindFile=0x6ce110, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.693] GetCurrentThreadId () returned 0x6f8 [0208.693] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.694] FindNextFileW (in: hFindFile=0x6ce110, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8420d850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.694] GetCurrentThreadId () returned 0x6f8 [0208.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.694] FindNextFileW (in: hFindFile=0x6ce110, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8420d850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.694] GetCurrentThreadId () returned 0x6f8 [0208.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.694] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0208.694] GetCurrentThreadId () returned 0x6f8 [0208.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.694] GetCurrentThreadId () returned 0x6f8 [0208.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.694] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce150 [0208.695] GetCurrentThreadId () returned 0x6f8 [0208.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.695] FindNextFileW (in: hFindFile=0x6ce150, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.695] GetCurrentThreadId () returned 0x6f8 [0208.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x128a170, dwHighDateTime=0x1d6076d)) [0208.696] FindNextFileW (in: hFindFile=0x6ce150, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84214d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.696] GetCurrentThreadId () returned 0x6f8 [0208.696] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.696] FindNextFileW (in: hFindFile=0x6ce150, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84214d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.696] GetCurrentThreadId () returned 0x6f8 [0208.696] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.696] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0208.697] GetCurrentThreadId () returned 0x6f8 [0208.697] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.698] GetCurrentThreadId () returned 0x6f8 [0208.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.698] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce190 [0208.698] GetCurrentThreadId () returned 0x6f8 [0208.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.698] FindNextFileW (in: hFindFile=0x6ce190, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.698] GetCurrentThreadId () returned 0x6f8 [0208.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.698] FindNextFileW (in: hFindFile=0x6ce190, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8421c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.699] GetCurrentThreadId () returned 0x6f8 [0208.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.699] FindNextFileW (in: hFindFile=0x6ce190, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8421c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.699] GetCurrentThreadId () returned 0x6f8 [0208.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.699] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0208.699] GetCurrentThreadId () returned 0x6f8 [0208.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.699] GetCurrentThreadId () returned 0x6f8 [0208.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.699] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce1d0 [0208.700] GetCurrentThreadId () returned 0x6f8 [0208.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.700] FindNextFileW (in: hFindFile=0x6ce1d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.700] GetCurrentThreadId () returned 0x6f8 [0208.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.700] FindNextFileW (in: hFindFile=0x6ce1d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x842237e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.701] GetCurrentThreadId () returned 0x6f8 [0208.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.701] FindNextFileW (in: hFindFile=0x6ce1d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x842237e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.701] GetCurrentThreadId () returned 0x6f8 [0208.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x12b02d0, dwHighDateTime=0x1d6076d)) [0208.701] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0208.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce210 [0208.701] FindNextFileW (in: hFindFile=0x6ce210, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.702] FindNextFileW (in: hFindFile=0x6ce210, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8422ad10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.702] FindNextFileW (in: hFindFile=0x6ce210, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8422ad10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.702] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0208.702] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce250 [0208.702] FindNextFileW (in: hFindFile=0x6ce250, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.702] FindNextFileW (in: hFindFile=0x6ce250, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84232240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.702] FindNextFileW (in: hFindFile=0x6ce250, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84232240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.703] FindNextFileW (in: hFindFile=0x6cbf50, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0208.703] FindNextFileW (in: hFindFile=0x6cbf10, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0208.703] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce290 [0208.703] FindNextFileW (in: hFindFile=0x6ce290, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.703] FindNextFileW (in: hFindFile=0x6ce290, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x844eed30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x0, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0208.703] FindNextFileW (in: hFindFile=0x6ce290, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8424a8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8424a8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0208.703] FindNextFileW (in: hFindFile=0x6ce290, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8424a8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8424a8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0208.704] FindNextFileW (in: hFindFile=0x6cbf10, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0208.704] FindNextFileW (in: hFindFile=0x6cbed0, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1_0", cAlternateFileName="")) returned 0 [0208.704] FindNextFileW (in: hFindFile=0x6a9308, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 1 [0208.704] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce2d0 [0208.723] FindNextFileW (in: hFindFile=0x6ce2d0, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.723] FindNextFileW (in: hFindFile=0x6ce2d0, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.4_0", cAlternateFileName="")) returned 1 [0208.723] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce310 [0208.739] FindNextFileW (in: hFindFile=0x6ce310, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.739] FindNextFileW (in: hFindFile=0x6ce310, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1378, dwReserved0=0x0, dwReserved1=0x0, cFileName="128.png", cAlternateFileName="")) returned 1 [0208.741] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png", dwFileAttributes=0x80) returned 1 [0208.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x994 [0208.742] GetFileSize (in: hFile=0x994, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1378 [0208.750] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png", dwFileAttributes=0x2020) returned 1 [0208.750] GetCurrentThreadId () returned 0x6f8 [0208.750] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png", piIcon=0x4e4de98 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png", piIcon=0x4e4de98) returned 0xf014d [0208.765] GetIconInfo (in: hIcon=0xf014d, piconinfo=0x4e4de84 | out: piconinfo=0x4e4de84) returned 1 [0208.765] CreateFileW (lpFileName="guwU.ico" (normalized: "c:\\windows\\system32\\guwu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x998 [0208.766] GetObjectA (in: h=0x3f0501fa, c=24, pv=0x4e4de48 | out: pv=0x4e4de48) returned 24 [0208.766] GetObjectA (in: h=0x5b050772, c=24, pv=0x4e4de60 | out: pv=0x4e4de60) returned 24 [0208.766] CreateCompatibleDC (hdc=0x0) returned 0xb40101ca [0208.766] GetDIBits (in: hdc=0xb40101ca, hbm=0x3f0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d9f8) returned 1 [0208.766] GetDIBits (in: hdc=0xb40101ca, hbm=0x3f0501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4d9f8) returned 32 [0208.766] GetDIBits (in: hdc=0xb40101ca, hbm=0x3f0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d5d0) returned 1 [0208.766] GetDIBits (in: hdc=0xb40101ca, hbm=0x5b050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4d5d0) returned 32 [0208.766] WriteFile (in: hFile=0x998, lpBuffer=0x4e4d5b0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5b0*, lpNumberOfBytesWritten=0x4e4d598*=0x6, lpOverlapped=0x0) returned 1 [0208.768] WriteFile (in: hFile=0x998, lpBuffer=0x4e4d5a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5a0*, lpNumberOfBytesWritten=0x4e4d598*=0x10, lpOverlapped=0x0) returned 1 [0208.768] WriteFile (in: hFile=0x998, lpBuffer=0x4e4de20*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4de20*, lpNumberOfBytesWritten=0x4e4d598*=0x28, lpOverlapped=0x0) returned 1 [0208.768] WriteFile (in: hFile=0x998, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4d598*=0x1000, lpOverlapped=0x0) returned 1 [0208.768] WriteFile (in: hFile=0x998, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4d598*=0x80, lpOverlapped=0x0) returned 1 [0208.768] DeleteDC (hdc=0xb40101ca) returned 1 [0208.768] CloseHandle (hObject=0x998) returned 1 [0208.769] DeleteObject (ho=0x3f0501fa) returned 1 [0208.769] DeleteObject (ho=0x5b050772) returned 1 [0208.769] DestroyCursor (hCursor=0xf014d) returned 1 [0208.769] GetCurrentThreadId () returned 0x6f8 [0208.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x998 [0208.769] GetFileSize (in: hFile=0x998, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1378 [0208.775] ReadFile (in: hFile=0x998, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1378, lpNumberOfBytesRead=0x4e4e184, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e184*=0x1378, lpOverlapped=0x0) returned 1 [0208.775] CloseHandle (hObject=0x998) returned 1 [0208.775] GetCurrentThreadId () returned 0x6f8 [0208.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0x136e9b0, dwHighDateTime=0x1d6076d)) [0208.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0x136e9b0, dwHighDateTime=0x1d6076d)) [0208.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de00 | out: lpSystemTimeAsFileTime=0x4e4de00*(dwLowDateTime=0x136e9b0, dwHighDateTime=0x1d6076d)) [0208.899] GetCurrentThreadId () returned 0x6f8 [0208.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.899] GetCurrentThreadId () returned 0x6f8 [0208.899] CreateFileW (lpFileName="yIMY.exe" (normalized: "c:\\windows\\system32\\yimy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.900] CreateFileW (lpFileName="yIMY.exe" (normalized: "c:\\windows\\system32\\yimy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.900] GetCurrentThreadId () returned 0x6f8 [0208.900] GetCurrentThreadId () returned 0x6f8 [0208.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.900] CreateFileW (lpFileName="yIMY.exe" (normalized: "c:\\windows\\system32\\yimy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.900] GetCurrentThreadId () returned 0x6f8 [0208.900] BeginUpdateResourceW (pFileName="yIMY.exe" (normalized: "c:\\windows\\system32\\yimy.exe"), bDeleteExistingResources=0) returned 0x0 [0208.900] CreateFileW (lpFileName="guwU.ico" (normalized: "c:\\windows\\system32\\guwu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x998 [0208.901] GetFileSize (in: hFile=0x998, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0208.901] ReadFile (in: hFile=0x998, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4de98, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4de98*=0x10be, lpOverlapped=0x0) returned 1 [0208.901] CloseHandle (hObject=0x998) returned 1 [0208.901] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0208.901] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4de84, cb=0x14) returned 0 [0208.901] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0208.901] CopyFileW (lpExistingFileName="yIMY.exe" (normalized: "c:\\windows\\system32\\yimy.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.exe"), bFailIfExists=0) returned 0 [0208.902] SetNamedSecurityInfoW () returned 0x2 [0208.902] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png")) returned 1 [0208.903] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4dedc*=0x10a, lpOverlapped=0x0) returned 1 [0208.903] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4dedc*=0x4, lpOverlapped=0x0) returned 1 [0208.903] DeleteFileW (lpFileName="guwU.ico" (normalized: "c:\\windows\\system32\\guwu.ico")) returned 1 [0208.905] DeleteFileW (lpFileName="yIMY.exe" (normalized: "c:\\windows\\system32\\yimy.exe")) returned 0 [0208.905] GetCurrentThreadId () returned 0x6f8 [0208.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de8c | out: lpSystemTimeAsFileTime=0x4e4de8c*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.905] GetCurrentThreadId () returned 0x6f8 [0208.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.905] FindNextFileW (in: hFindFile=0x6ce310, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1103, dwReserved0=0x0, dwReserved1=0x0, cFileName="contentscript_bin_prod.js", cAlternateFileName="CONTEN~1.JS")) returned 1 [0208.905] GetCurrentThreadId () returned 0x6f8 [0208.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.905] FindNextFileW (in: hFindFile=0x6ce310, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x356, dwReserved0=0x0, dwReserved1=0x0, cFileName="dasherSettingSchema.json", cAlternateFileName="DASHER~1.JSO")) returned 1 [0208.905] GetCurrentThreadId () returned 0x6f8 [0208.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.905] FindNextFileW (in: hFindFile=0x6ce310, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x5b6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="eventpage_bin_prod.js", cAlternateFileName="EVENTP~1.JS")) returned 1 [0208.905] GetCurrentThreadId () returned 0x6f8 [0208.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.905] FindNextFileW (in: hFindFile=0x6ce310, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0208.905] GetCurrentThreadId () returned 0x6f8 [0208.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.906] FindNextFileW (in: hFindFile=0x6ce310, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="page_embed_script.js", cAlternateFileName="PAGE_E~1.JS")) returned 1 [0208.906] GetCurrentThreadId () returned 0x6f8 [0208.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.906] FindNextFileW (in: hFindFile=0x6ce310, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0208.906] GetCurrentThreadId () returned 0x6f8 [0208.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.906] GetCurrentThreadId () returned 0x6f8 [0208.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x149f4b0, dwHighDateTime=0x1d6076d)) [0208.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce350 [0208.927] GetCurrentThreadId () returned 0x6f8 [0208.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.928] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.929] GetCurrentThreadId () returned 0x6f8 [0208.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.929] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="af", cAlternateFileName="")) returned 1 [0208.929] GetCurrentThreadId () returned 0x6f8 [0208.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.929] GetCurrentThreadId () returned 0x6f8 [0208.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14c5610, dwHighDateTime=0x1d6076d)) [0208.929] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce390 [0208.933] GetCurrentThreadId () returned 0x6f8 [0208.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.933] FindNextFileW (in: hFindFile=0x6ce390, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.933] GetCurrentThreadId () returned 0x6f8 [0208.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.933] FindNextFileW (in: hFindFile=0x6ce390, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x84, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.933] GetCurrentThreadId () returned 0x6f8 [0208.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.933] FindNextFileW (in: hFindFile=0x6ce390, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x84, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.934] GetCurrentThreadId () returned 0x6f8 [0208.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.934] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="am", cAlternateFileName="")) returned 1 [0208.934] GetCurrentThreadId () returned 0x6f8 [0208.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.934] GetCurrentThreadId () returned 0x6f8 [0208.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.934] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce3d0 [0208.934] GetCurrentThreadId () returned 0x6f8 [0208.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.934] FindNextFileW (in: hFindFile=0x6ce3d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.934] GetCurrentThreadId () returned 0x6f8 [0208.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.934] FindNextFileW (in: hFindFile=0x6ce3d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.934] GetCurrentThreadId () returned 0x6f8 [0208.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.934] FindNextFileW (in: hFindFile=0x6ce3d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.935] GetCurrentThreadId () returned 0x6f8 [0208.935] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.935] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0208.935] GetCurrentThreadId () returned 0x6f8 [0208.935] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.935] GetCurrentThreadId () returned 0x6f8 [0208.935] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.935] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce410 [0208.936] GetCurrentThreadId () returned 0x6f8 [0208.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.936] FindNextFileW (in: hFindFile=0x6ce410, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.936] GetCurrentThreadId () returned 0x6f8 [0208.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.936] FindNextFileW (in: hFindFile=0x6ce410, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.936] GetCurrentThreadId () returned 0x6f8 [0208.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.936] FindNextFileW (in: hFindFile=0x6ce410, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.936] GetCurrentThreadId () returned 0x6f8 [0208.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.936] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="az", cAlternateFileName="")) returned 1 [0208.936] GetCurrentThreadId () returned 0x6f8 [0208.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.937] GetCurrentThreadId () returned 0x6f8 [0208.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.937] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce450 [0208.937] GetCurrentThreadId () returned 0x6f8 [0208.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.937] FindNextFileW (in: hFindFile=0x6ce450, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.937] GetCurrentThreadId () returned 0x6f8 [0208.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.937] FindNextFileW (in: hFindFile=0x6ce450, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.937] GetCurrentThreadId () returned 0x6f8 [0208.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.937] FindNextFileW (in: hFindFile=0x6ce450, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.937] GetCurrentThreadId () returned 0x6f8 [0208.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.937] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0208.938] GetCurrentThreadId () returned 0x6f8 [0208.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.938] GetCurrentThreadId () returned 0x6f8 [0208.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.938] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce490 [0208.939] GetCurrentThreadId () returned 0x6f8 [0208.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.939] FindNextFileW (in: hFindFile=0x6ce490, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.939] GetCurrentThreadId () returned 0x6f8 [0208.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.939] FindNextFileW (in: hFindFile=0x6ce490, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x114, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.939] GetCurrentThreadId () returned 0x6f8 [0208.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.939] FindNextFileW (in: hFindFile=0x6ce490, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x114, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.939] GetCurrentThreadId () returned 0x6f8 [0208.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.939] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bn", cAlternateFileName="")) returned 1 [0208.939] GetCurrentThreadId () returned 0x6f8 [0208.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.939] GetCurrentThreadId () returned 0x6f8 [0208.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.939] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce4d0 [0208.940] GetCurrentThreadId () returned 0x6f8 [0208.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.940] FindNextFileW (in: hFindFile=0x6ce4d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.940] GetCurrentThreadId () returned 0x6f8 [0208.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.940] FindNextFileW (in: hFindFile=0x6ce4d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.940] GetCurrentThreadId () returned 0x6f8 [0208.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.940] FindNextFileW (in: hFindFile=0x6ce4d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.940] GetCurrentThreadId () returned 0x6f8 [0208.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.940] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0208.940] GetCurrentThreadId () returned 0x6f8 [0208.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.940] GetCurrentThreadId () returned 0x6f8 [0208.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.940] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce510 [0208.941] GetCurrentThreadId () returned 0x6f8 [0208.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.941] FindNextFileW (in: hFindFile=0x6ce510, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.943] GetCurrentThreadId () returned 0x6f8 [0208.943] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.943] FindNextFileW (in: hFindFile=0x6ce510, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.943] GetCurrentThreadId () returned 0x6f8 [0208.943] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.943] FindNextFileW (in: hFindFile=0x6ce510, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.943] GetCurrentThreadId () returned 0x6f8 [0208.943] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.944] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0208.944] GetCurrentThreadId () returned 0x6f8 [0208.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.944] GetCurrentThreadId () returned 0x6f8 [0208.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.944] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce550 [0208.944] GetCurrentThreadId () returned 0x6f8 [0208.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.944] FindNextFileW (in: hFindFile=0x6ce550, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.944] GetCurrentThreadId () returned 0x6f8 [0208.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.944] FindNextFileW (in: hFindFile=0x6ce550, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xad, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.944] GetCurrentThreadId () returned 0x6f8 [0208.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.944] FindNextFileW (in: hFindFile=0x6ce550, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xad, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.944] GetCurrentThreadId () returned 0x6f8 [0208.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.945] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0208.945] GetCurrentThreadId () returned 0x6f8 [0208.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.945] GetCurrentThreadId () returned 0x6f8 [0208.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.945] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce590 [0208.946] GetCurrentThreadId () returned 0x6f8 [0208.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.946] FindNextFileW (in: hFindFile=0x6ce590, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.946] GetCurrentThreadId () returned 0x6f8 [0208.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.946] FindNextFileW (in: hFindFile=0x6ce590, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.946] GetCurrentThreadId () returned 0x6f8 [0208.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.946] FindNextFileW (in: hFindFile=0x6ce590, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.946] GetCurrentThreadId () returned 0x6f8 [0208.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.946] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0208.946] GetCurrentThreadId () returned 0x6f8 [0208.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.946] GetCurrentThreadId () returned 0x6f8 [0208.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.946] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce5d0 [0208.947] GetCurrentThreadId () returned 0x6f8 [0208.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.947] FindNextFileW (in: hFindFile=0x6ce5d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.947] GetCurrentThreadId () returned 0x6f8 [0208.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.947] FindNextFileW (in: hFindFile=0x6ce5d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.947] GetCurrentThreadId () returned 0x6f8 [0208.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.947] FindNextFileW (in: hFindFile=0x6ce5d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.947] GetCurrentThreadId () returned 0x6f8 [0208.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.947] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0208.947] GetCurrentThreadId () returned 0x6f8 [0208.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.947] GetCurrentThreadId () returned 0x6f8 [0208.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.948] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce610 [0208.948] GetCurrentThreadId () returned 0x6f8 [0208.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.949] FindNextFileW (in: hFindFile=0x6ce610, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.949] GetCurrentThreadId () returned 0x6f8 [0208.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.949] FindNextFileW (in: hFindFile=0x6ce610, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.949] GetCurrentThreadId () returned 0x6f8 [0208.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.949] FindNextFileW (in: hFindFile=0x6ce610, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.949] GetCurrentThreadId () returned 0x6f8 [0208.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.949] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0208.949] GetCurrentThreadId () returned 0x6f8 [0208.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.949] GetCurrentThreadId () returned 0x6f8 [0208.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.949] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce650 [0208.949] GetCurrentThreadId () returned 0x6f8 [0208.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.950] FindNextFileW (in: hFindFile=0x6ce650, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.950] GetCurrentThreadId () returned 0x6f8 [0208.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.950] FindNextFileW (in: hFindFile=0x6ce650, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.950] GetCurrentThreadId () returned 0x6f8 [0208.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.950] FindNextFileW (in: hFindFile=0x6ce650, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.950] GetCurrentThreadId () returned 0x6f8 [0208.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.950] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0208.950] GetCurrentThreadId () returned 0x6f8 [0208.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.950] GetCurrentThreadId () returned 0x6f8 [0208.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.950] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce690 [0208.951] GetCurrentThreadId () returned 0x6f8 [0208.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.951] FindNextFileW (in: hFindFile=0x6ce690, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.951] GetCurrentThreadId () returned 0x6f8 [0208.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.951] FindNextFileW (in: hFindFile=0x6ce690, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.951] GetCurrentThreadId () returned 0x6f8 [0208.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.951] FindNextFileW (in: hFindFile=0x6ce690, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.952] GetCurrentThreadId () returned 0x6f8 [0208.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.952] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0208.952] GetCurrentThreadId () returned 0x6f8 [0208.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.952] GetCurrentThreadId () returned 0x6f8 [0208.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.952] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce6d0 [0208.952] GetCurrentThreadId () returned 0x6f8 [0208.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.952] FindNextFileW (in: hFindFile=0x6ce6d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.952] GetCurrentThreadId () returned 0x6f8 [0208.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.952] FindNextFileW (in: hFindFile=0x6ce6d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.952] GetCurrentThreadId () returned 0x6f8 [0208.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.952] FindNextFileW (in: hFindFile=0x6ce6d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.952] GetCurrentThreadId () returned 0x6f8 [0208.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.953] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0208.953] GetCurrentThreadId () returned 0x6f8 [0208.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.953] GetCurrentThreadId () returned 0x6f8 [0208.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.953] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce710 [0208.954] GetCurrentThreadId () returned 0x6f8 [0208.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.954] FindNextFileW (in: hFindFile=0x6ce710, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.954] GetCurrentThreadId () returned 0x6f8 [0208.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.954] FindNextFileW (in: hFindFile=0x6ce710, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.954] GetCurrentThreadId () returned 0x6f8 [0208.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.954] FindNextFileW (in: hFindFile=0x6ce710, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.954] GetCurrentThreadId () returned 0x6f8 [0208.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.954] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0208.954] GetCurrentThreadId () returned 0x6f8 [0208.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.955] GetCurrentThreadId () returned 0x6f8 [0208.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.955] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce750 [0208.955] GetCurrentThreadId () returned 0x6f8 [0208.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.955] FindNextFileW (in: hFindFile=0x6ce750, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.955] GetCurrentThreadId () returned 0x6f8 [0208.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.955] FindNextFileW (in: hFindFile=0x6ce750, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.955] GetCurrentThreadId () returned 0x6f8 [0208.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.955] FindNextFileW (in: hFindFile=0x6ce750, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.955] GetCurrentThreadId () returned 0x6f8 [0208.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.955] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eu", cAlternateFileName="")) returned 1 [0208.955] GetCurrentThreadId () returned 0x6f8 [0208.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.956] GetCurrentThreadId () returned 0x6f8 [0208.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.956] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce790 [0208.957] GetCurrentThreadId () returned 0x6f8 [0208.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.957] FindNextFileW (in: hFindFile=0x6ce790, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.957] GetCurrentThreadId () returned 0x6f8 [0208.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.957] FindNextFileW (in: hFindFile=0x6ce790, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x98, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.957] GetCurrentThreadId () returned 0x6f8 [0208.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.957] FindNextFileW (in: hFindFile=0x6ce790, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x98, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.957] GetCurrentThreadId () returned 0x6f8 [0208.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.957] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fa", cAlternateFileName="")) returned 1 [0208.957] GetCurrentThreadId () returned 0x6f8 [0208.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.957] GetCurrentThreadId () returned 0x6f8 [0208.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.957] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce7d0 [0208.958] GetCurrentThreadId () returned 0x6f8 [0208.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.958] FindNextFileW (in: hFindFile=0x6ce7d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.958] GetCurrentThreadId () returned 0x6f8 [0208.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.958] FindNextFileW (in: hFindFile=0x6ce7d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.958] GetCurrentThreadId () returned 0x6f8 [0208.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.958] FindNextFileW (in: hFindFile=0x6ce7d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.958] GetCurrentThreadId () returned 0x6f8 [0208.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.958] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0208.958] GetCurrentThreadId () returned 0x6f8 [0208.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.958] GetCurrentThreadId () returned 0x6f8 [0208.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.958] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce810 [0208.959] GetCurrentThreadId () returned 0x6f8 [0208.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.959] FindNextFileW (in: hFindFile=0x6ce810, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.959] GetCurrentThreadId () returned 0x6f8 [0208.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.959] FindNextFileW (in: hFindFile=0x6ce810, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.959] GetCurrentThreadId () returned 0x6f8 [0208.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.960] FindNextFileW (in: hFindFile=0x6ce810, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.960] GetCurrentThreadId () returned 0x6f8 [0208.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.960] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0208.960] GetCurrentThreadId () returned 0x6f8 [0208.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.960] GetCurrentThreadId () returned 0x6f8 [0208.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.960] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce850 [0208.961] GetCurrentThreadId () returned 0x6f8 [0208.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x15118d0, dwHighDateTime=0x1d6076d)) [0208.961] FindNextFileW (in: hFindFile=0x6ce850, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.961] GetCurrentThreadId () returned 0x6f8 [0208.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.961] FindNextFileW (in: hFindFile=0x6ce850, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.961] GetCurrentThreadId () returned 0x6f8 [0208.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.961] FindNextFileW (in: hFindFile=0x6ce850, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.961] GetCurrentThreadId () returned 0x6f8 [0208.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.961] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0208.961] GetCurrentThreadId () returned 0x6f8 [0208.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.962] GetCurrentThreadId () returned 0x6f8 [0208.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.962] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce890 [0208.963] GetCurrentThreadId () returned 0x6f8 [0208.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.963] FindNextFileW (in: hFindFile=0x6ce890, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.963] GetCurrentThreadId () returned 0x6f8 [0208.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.963] FindNextFileW (in: hFindFile=0x6ce890, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.963] GetCurrentThreadId () returned 0x6f8 [0208.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.963] FindNextFileW (in: hFindFile=0x6ce890, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.963] GetCurrentThreadId () returned 0x6f8 [0208.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.963] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr_CA", cAlternateFileName="")) returned 1 [0208.963] GetCurrentThreadId () returned 0x6f8 [0208.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.963] GetCurrentThreadId () returned 0x6f8 [0208.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce8d0 [0208.964] GetCurrentThreadId () returned 0x6f8 [0208.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.964] FindNextFileW (in: hFindFile=0x6ce8d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.964] GetCurrentThreadId () returned 0x6f8 [0208.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.965] FindNextFileW (in: hFindFile=0x6ce8d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.965] GetCurrentThreadId () returned 0x6f8 [0208.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.965] FindNextFileW (in: hFindFile=0x6ce8d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.965] GetCurrentThreadId () returned 0x6f8 [0208.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.965] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gl", cAlternateFileName="")) returned 1 [0208.965] GetCurrentThreadId () returned 0x6f8 [0208.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.965] GetCurrentThreadId () returned 0x6f8 [0208.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.965] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce910 [0208.965] GetCurrentThreadId () returned 0x6f8 [0208.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.965] FindNextFileW (in: hFindFile=0x6ce910, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.965] GetCurrentThreadId () returned 0x6f8 [0208.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.965] FindNextFileW (in: hFindFile=0x6ce910, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.966] GetCurrentThreadId () returned 0x6f8 [0208.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.966] FindNextFileW (in: hFindFile=0x6ce910, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.966] GetCurrentThreadId () returned 0x6f8 [0208.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.966] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gu", cAlternateFileName="")) returned 1 [0208.966] GetCurrentThreadId () returned 0x6f8 [0208.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.966] GetCurrentThreadId () returned 0x6f8 [0208.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.966] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce950 [0208.967] GetCurrentThreadId () returned 0x6f8 [0208.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.967] FindNextFileW (in: hFindFile=0x6ce950, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.967] GetCurrentThreadId () returned 0x6f8 [0208.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.967] FindNextFileW (in: hFindFile=0x6ce950, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.967] GetCurrentThreadId () returned 0x6f8 [0208.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.967] FindNextFileW (in: hFindFile=0x6ce950, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.967] GetCurrentThreadId () returned 0x6f8 [0208.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.968] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0208.968] GetCurrentThreadId () returned 0x6f8 [0208.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.968] GetCurrentThreadId () returned 0x6f8 [0208.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.968] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce990 [0208.968] GetCurrentThreadId () returned 0x6f8 [0208.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.968] FindNextFileW (in: hFindFile=0x6ce990, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.968] GetCurrentThreadId () returned 0x6f8 [0208.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.968] FindNextFileW (in: hFindFile=0x6ce990, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.968] GetCurrentThreadId () returned 0x6f8 [0208.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.968] FindNextFileW (in: hFindFile=0x6ce990, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.968] GetCurrentThreadId () returned 0x6f8 [0208.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.968] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0208.969] GetCurrentThreadId () returned 0x6f8 [0208.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.969] GetCurrentThreadId () returned 0x6f8 [0208.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.969] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ce9d0 [0208.970] GetCurrentThreadId () returned 0x6f8 [0208.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.970] FindNextFileW (in: hFindFile=0x6ce9d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.970] GetCurrentThreadId () returned 0x6f8 [0208.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.970] FindNextFileW (in: hFindFile=0x6ce9d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.970] GetCurrentThreadId () returned 0x6f8 [0208.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.970] FindNextFileW (in: hFindFile=0x6ce9d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.970] GetCurrentThreadId () returned 0x6f8 [0208.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.970] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0208.970] GetCurrentThreadId () returned 0x6f8 [0208.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.970] GetCurrentThreadId () returned 0x6f8 [0208.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.970] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cea10 [0208.971] GetCurrentThreadId () returned 0x6f8 [0208.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.971] FindNextFileW (in: hFindFile=0x6cea10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.971] GetCurrentThreadId () returned 0x6f8 [0208.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.971] FindNextFileW (in: hFindFile=0x6cea10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.971] GetCurrentThreadId () returned 0x6f8 [0208.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.971] FindNextFileW (in: hFindFile=0x6cea10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.971] GetCurrentThreadId () returned 0x6f8 [0208.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.971] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hy", cAlternateFileName="")) returned 1 [0208.971] GetCurrentThreadId () returned 0x6f8 [0208.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.971] GetCurrentThreadId () returned 0x6f8 [0208.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.971] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cea50 [0208.972] GetCurrentThreadId () returned 0x6f8 [0208.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.972] FindNextFileW (in: hFindFile=0x6cea50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.972] GetCurrentThreadId () returned 0x6f8 [0208.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.972] FindNextFileW (in: hFindFile=0x6cea50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x299, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.973] GetCurrentThreadId () returned 0x6f8 [0208.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.973] FindNextFileW (in: hFindFile=0x6cea50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x299, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.973] GetCurrentThreadId () returned 0x6f8 [0208.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.973] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0208.973] GetCurrentThreadId () returned 0x6f8 [0208.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.973] GetCurrentThreadId () returned 0x6f8 [0208.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.973] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cea90 [0208.973] GetCurrentThreadId () returned 0x6f8 [0208.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.973] FindNextFileW (in: hFindFile=0x6cea90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.973] GetCurrentThreadId () returned 0x6f8 [0208.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.973] FindNextFileW (in: hFindFile=0x6cea90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.974] GetCurrentThreadId () returned 0x6f8 [0208.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.974] FindNextFileW (in: hFindFile=0x6cea90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.974] GetCurrentThreadId () returned 0x6f8 [0208.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.974] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="is", cAlternateFileName="")) returned 1 [0208.974] GetCurrentThreadId () returned 0x6f8 [0208.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.974] GetCurrentThreadId () returned 0x6f8 [0208.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.974] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cead0 [0208.975] GetCurrentThreadId () returned 0x6f8 [0208.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.975] FindNextFileW (in: hFindFile=0x6cead0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.975] GetCurrentThreadId () returned 0x6f8 [0208.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.975] FindNextFileW (in: hFindFile=0x6cead0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.975] GetCurrentThreadId () returned 0x6f8 [0208.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.975] FindNextFileW (in: hFindFile=0x6cead0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.975] GetCurrentThreadId () returned 0x6f8 [0208.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.975] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0208.976] GetCurrentThreadId () returned 0x6f8 [0208.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.976] GetCurrentThreadId () returned 0x6f8 [0208.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.976] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ceb10 [0208.976] GetCurrentThreadId () returned 0x6f8 [0208.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.976] FindNextFileW (in: hFindFile=0x6ceb10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.976] GetCurrentThreadId () returned 0x6f8 [0208.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.976] FindNextFileW (in: hFindFile=0x6ceb10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.976] GetCurrentThreadId () returned 0x6f8 [0208.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.976] FindNextFileW (in: hFindFile=0x6ceb10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.976] GetCurrentThreadId () returned 0x6f8 [0208.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1537a30, dwHighDateTime=0x1d6076d)) [0208.976] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iw", cAlternateFileName="")) returned 1 [0208.976] GetCurrentThreadId () returned 0x6f8 [0208.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.977] GetCurrentThreadId () returned 0x6f8 [0208.977] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.977] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ceb50 [0208.978] GetCurrentThreadId () returned 0x6f8 [0208.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.978] FindNextFileW (in: hFindFile=0x6ceb50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.978] GetCurrentThreadId () returned 0x6f8 [0208.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.978] FindNextFileW (in: hFindFile=0x6ceb50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.978] GetCurrentThreadId () returned 0x6f8 [0208.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.978] FindNextFileW (in: hFindFile=0x6ceb50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.978] GetCurrentThreadId () returned 0x6f8 [0208.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.978] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0208.978] GetCurrentThreadId () returned 0x6f8 [0208.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.978] GetCurrentThreadId () returned 0x6f8 [0208.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.978] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ceb90 [0208.979] GetCurrentThreadId () returned 0x6f8 [0208.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.979] FindNextFileW (in: hFindFile=0x6ceb90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.979] GetCurrentThreadId () returned 0x6f8 [0208.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.979] FindNextFileW (in: hFindFile=0x6ceb90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.979] GetCurrentThreadId () returned 0x6f8 [0208.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.979] FindNextFileW (in: hFindFile=0x6ceb90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.979] GetCurrentThreadId () returned 0x6f8 [0208.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.979] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ka", cAlternateFileName="")) returned 1 [0208.979] GetCurrentThreadId () returned 0x6f8 [0208.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.979] GetCurrentThreadId () returned 0x6f8 [0208.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.979] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cebd0 [0208.981] GetCurrentThreadId () returned 0x6f8 [0208.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.982] FindNextFileW (in: hFindFile=0x6cebd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.982] GetCurrentThreadId () returned 0x6f8 [0208.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.982] FindNextFileW (in: hFindFile=0x6cebd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x165, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.982] GetCurrentThreadId () returned 0x6f8 [0208.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.982] FindNextFileW (in: hFindFile=0x6cebd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x165, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.982] GetCurrentThreadId () returned 0x6f8 [0208.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.983] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="km", cAlternateFileName="")) returned 1 [0208.983] GetCurrentThreadId () returned 0x6f8 [0208.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.983] GetCurrentThreadId () returned 0x6f8 [0208.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.983] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cec10 [0208.983] GetCurrentThreadId () returned 0x6f8 [0208.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.983] FindNextFileW (in: hFindFile=0x6cec10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.983] GetCurrentThreadId () returned 0x6f8 [0208.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.983] FindNextFileW (in: hFindFile=0x6cec10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x25f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.983] GetCurrentThreadId () returned 0x6f8 [0208.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.983] FindNextFileW (in: hFindFile=0x6cec10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x25f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.984] GetCurrentThreadId () returned 0x6f8 [0208.984] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.984] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kn", cAlternateFileName="")) returned 1 [0208.984] GetCurrentThreadId () returned 0x6f8 [0208.984] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.984] GetCurrentThreadId () returned 0x6f8 [0208.984] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.984] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cec50 [0208.985] GetCurrentThreadId () returned 0x6f8 [0208.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.985] FindNextFileW (in: hFindFile=0x6cec50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.985] GetCurrentThreadId () returned 0x6f8 [0208.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.985] FindNextFileW (in: hFindFile=0x6cec50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x147, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.985] GetCurrentThreadId () returned 0x6f8 [0208.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.985] FindNextFileW (in: hFindFile=0x6cec50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x147, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.985] GetCurrentThreadId () returned 0x6f8 [0208.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.985] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0208.985] GetCurrentThreadId () returned 0x6f8 [0208.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.985] GetCurrentThreadId () returned 0x6f8 [0208.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.985] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cec90 [0208.986] GetCurrentThreadId () returned 0x6f8 [0208.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.986] FindNextFileW (in: hFindFile=0x6cec90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.986] GetCurrentThreadId () returned 0x6f8 [0208.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.986] FindNextFileW (in: hFindFile=0x6cec90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.986] GetCurrentThreadId () returned 0x6f8 [0208.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.986] FindNextFileW (in: hFindFile=0x6cec90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.986] GetCurrentThreadId () returned 0x6f8 [0208.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.986] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lo", cAlternateFileName="")) returned 1 [0208.986] GetCurrentThreadId () returned 0x6f8 [0208.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.986] GetCurrentThreadId () returned 0x6f8 [0208.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.986] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cecd0 [0208.987] GetCurrentThreadId () returned 0x6f8 [0208.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.988] FindNextFileW (in: hFindFile=0x6cecd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.989] GetCurrentThreadId () returned 0x6f8 [0208.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.989] FindNextFileW (in: hFindFile=0x6cecd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.989] GetCurrentThreadId () returned 0x6f8 [0208.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.989] FindNextFileW (in: hFindFile=0x6cecd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.989] GetCurrentThreadId () returned 0x6f8 [0208.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.989] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0208.990] GetCurrentThreadId () returned 0x6f8 [0208.990] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.990] GetCurrentThreadId () returned 0x6f8 [0208.990] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x155db90, dwHighDateTime=0x1d6076d)) [0208.990] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ced10 [0208.993] GetCurrentThreadId () returned 0x6f8 [0208.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1583cf0, dwHighDateTime=0x1d6076d)) [0208.993] FindNextFileW (in: hFindFile=0x6ced10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.993] GetCurrentThreadId () returned 0x6f8 [0208.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1583cf0, dwHighDateTime=0x1d6076d)) [0208.993] FindNextFileW (in: hFindFile=0x6ced10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.993] GetCurrentThreadId () returned 0x6f8 [0208.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1583cf0, dwHighDateTime=0x1d6076d)) [0208.993] FindNextFileW (in: hFindFile=0x6ced10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.993] GetCurrentThreadId () returned 0x6f8 [0208.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1583cf0, dwHighDateTime=0x1d6076d)) [0208.994] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0208.994] GetCurrentThreadId () returned 0x6f8 [0208.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1583cf0, dwHighDateTime=0x1d6076d)) [0208.994] GetCurrentThreadId () returned 0x6f8 [0208.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1583cf0, dwHighDateTime=0x1d6076d)) [0208.994] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ced50 [0208.995] GetCurrentThreadId () returned 0x6f8 [0208.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1583cf0, dwHighDateTime=0x1d6076d)) [0208.995] FindNextFileW (in: hFindFile=0x6ced50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.995] GetCurrentThreadId () returned 0x6f8 [0208.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1583cf0, dwHighDateTime=0x1d6076d)) [0208.995] FindNextFileW (in: hFindFile=0x6ced50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.995] FindNextFileW (in: hFindFile=0x6ced50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.995] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ml", cAlternateFileName="")) returned 1 [0208.995] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ced90 [0208.996] FindNextFileW (in: hFindFile=0x6ced90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.996] FindNextFileW (in: hFindFile=0x6ced90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x183, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.996] FindNextFileW (in: hFindFile=0x6ced90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x183, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.996] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mn", cAlternateFileName="")) returned 1 [0208.996] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cedd0 [0208.998] FindNextFileW (in: hFindFile=0x6cedd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.998] FindNextFileW (in: hFindFile=0x6cedd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.998] FindNextFileW (in: hFindFile=0x6cedd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.998] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mr", cAlternateFileName="")) returned 1 [0208.998] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cee10 [0208.998] FindNextFileW (in: hFindFile=0x6cee10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.998] FindNextFileW (in: hFindFile=0x6cee10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.998] FindNextFileW (in: hFindFile=0x6cee10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.998] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0208.999] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cee50 [0208.999] FindNextFileW (in: hFindFile=0x6cee50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.999] FindNextFileW (in: hFindFile=0x6cee50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0208.999] FindNextFileW (in: hFindFile=0x6cee50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0208.999] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ne", cAlternateFileName="")) returned 1 [0208.999] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cee90 [0209.000] FindNextFileW (in: hFindFile=0x6cee90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.000] FindNextFileW (in: hFindFile=0x6cee90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x20b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.000] FindNextFileW (in: hFindFile=0x6cee90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x20b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.001] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0209.001] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ceed0 [0209.002] FindNextFileW (in: hFindFile=0x6ceed0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.002] FindNextFileW (in: hFindFile=0x6ceed0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.002] FindNextFileW (in: hFindFile=0x6ceed0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.002] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0209.002] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cef10 [0209.002] FindNextFileW (in: hFindFile=0x6cef10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.002] FindNextFileW (in: hFindFile=0x6cef10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x96, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.002] FindNextFileW (in: hFindFile=0x6cef10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x96, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.003] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0209.003] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cef50 [0209.004] FindNextFileW (in: hFindFile=0x6cef50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.004] FindNextFileW (in: hFindFile=0x6cef50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.004] FindNextFileW (in: hFindFile=0x6cef50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.004] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0209.004] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cef90 [0209.004] FindNextFileW (in: hFindFile=0x6cef90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.004] FindNextFileW (in: hFindFile=0x6cef90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.005] FindNextFileW (in: hFindFile=0x6cef90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.005] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0209.005] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cefd0 [0209.006] FindNextFileW (in: hFindFile=0x6cefd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.006] FindNextFileW (in: hFindFile=0x6cefd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.006] FindNextFileW (in: hFindFile=0x6cefd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.006] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0209.006] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6cf010 [0209.007] FindNextFileW (in: hFindFile=0x6cf010, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.007] FindNextFileW (in: hFindFile=0x6cf010, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.007] FindNextFileW (in: hFindFile=0x6cf010, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.007] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0209.007] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e537e0 [0209.008] FindNextFileW (in: hFindFile=0x7e537e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.008] FindNextFileW (in: hFindFile=0x7e537e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.008] FindNextFileW (in: hFindFile=0x7e537e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.008] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="si", cAlternateFileName="")) returned 1 [0209.008] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53820 [0209.009] FindNextFileW (in: hFindFile=0x7e53820, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.009] FindNextFileW (in: hFindFile=0x7e53820, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.009] FindNextFileW (in: hFindFile=0x7e53820, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.009] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0209.009] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53860 [0209.010] FindNextFileW (in: hFindFile=0x7e53860, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.010] FindNextFileW (in: hFindFile=0x7e53860, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.010] FindNextFileW (in: hFindFile=0x7e53860, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.010] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0209.010] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e538a0 [0209.011] FindNextFileW (in: hFindFile=0x7e538a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.011] FindNextFileW (in: hFindFile=0x7e538a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.011] FindNextFileW (in: hFindFile=0x7e538a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.011] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0209.011] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e538e0 [0209.012] FindNextFileW (in: hFindFile=0x7e538e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.013] FindNextFileW (in: hFindFile=0x7e538e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.013] FindNextFileW (in: hFindFile=0x7e538e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.013] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0209.013] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53920 [0209.013] FindNextFileW (in: hFindFile=0x7e53920, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.013] FindNextFileW (in: hFindFile=0x7e53920, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.013] FindNextFileW (in: hFindFile=0x7e53920, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.013] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sw", cAlternateFileName="")) returned 1 [0209.013] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53960 [0209.015] FindNextFileW (in: hFindFile=0x7e53960, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.015] FindNextFileW (in: hFindFile=0x7e53960, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.015] FindNextFileW (in: hFindFile=0x7e53960, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.015] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ta", cAlternateFileName="")) returned 1 [0209.015] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e539a0 [0209.016] FindNextFileW (in: hFindFile=0x7e539a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.016] FindNextFileW (in: hFindFile=0x7e539a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x150, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.016] FindNextFileW (in: hFindFile=0x7e539a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x150, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.016] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="te", cAlternateFileName="")) returned 1 [0209.016] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e539e0 [0209.017] FindNextFileW (in: hFindFile=0x7e539e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.017] FindNextFileW (in: hFindFile=0x7e539e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.017] FindNextFileW (in: hFindFile=0x7e539e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.017] FindNextFileW (in: hFindFile=0x6ce350, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0209.017] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53a20 [0209.017] FindNextFileW (in: hFindFile=0x7e53a20, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.018] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53a60 [0209.019] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53aa0 [0209.020] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53ae0 [0209.021] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53b20 [0209.021] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53b60 [0209.022] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53ba0 [0209.023] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53be0 [0209.026] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53c20 [0209.027] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53c60 [0209.028] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53ca0 [0209.029] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53ce0 [0209.031] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53d20 [0209.032] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53d60 [0209.033] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53da0 [0209.036] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif", dwFileAttributes=0x80) returned 1 [0209.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac4 [0209.036] GetFileSize (in: hFile=0xac4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x112dc [0209.044] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif", dwFileAttributes=0x2020) returned 1 [0209.044] GetCurrentThreadId () returned 0x6f8 [0209.044] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif", piIcon=0x4e4dc24 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif", piIcon=0x4e4dc24) returned 0x11014d [0209.075] GetIconInfo (in: hIcon=0x11014d, piconinfo=0x4e4dc10 | out: piconinfo=0x4e4dc10) returned 1 [0209.076] CreateFileW (lpFileName="QCkc.ico" (normalized: "c:\\windows\\system32\\qckc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac4 [0209.076] GetObjectA (in: h=0x66050776, c=24, pv=0x4e4dbd4 | out: pv=0x4e4dbd4) returned 24 [0209.076] GetObjectA (in: h=0x56050770, c=24, pv=0x4e4dbec | out: pv=0x4e4dbec) returned 24 [0209.076] CreateCompatibleDC (hdc=0x0) returned 0x41010771 [0209.076] GetDIBits (in: hdc=0x41010771, hbm=0x66050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d784, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d784) returned 1 [0209.077] GetDIBits (in: hdc=0x41010771, hbm=0x66050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4d784, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4d784) returned 32 [0209.077] GetDIBits (in: hdc=0x41010771, hbm=0x66050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d35c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d35c) returned 1 [0209.077] GetDIBits (in: hdc=0x41010771, hbm=0x56050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4d35c, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4d35c) returned 32 [0209.077] WriteFile (in: hFile=0xac4, lpBuffer=0x4e4d33c*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x4e4d33c*, lpNumberOfBytesWritten=0x4e4d324*=0x6, lpOverlapped=0x0) returned 1 [0209.078] WriteFile (in: hFile=0xac4, lpBuffer=0x4e4d32c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x4e4d32c*, lpNumberOfBytesWritten=0x4e4d324*=0x10, lpOverlapped=0x0) returned 1 [0209.078] WriteFile (in: hFile=0xac4, lpBuffer=0x4e4dbac*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x4e4dbac*, lpNumberOfBytesWritten=0x4e4d324*=0x28, lpOverlapped=0x0) returned 1 [0209.079] WriteFile (in: hFile=0xac4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4d324*=0x1000, lpOverlapped=0x0) returned 1 [0209.079] WriteFile (in: hFile=0xac4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4d324*=0x80, lpOverlapped=0x0) returned 1 [0209.079] DeleteDC (hdc=0x41010771) returned 1 [0209.079] CloseHandle (hObject=0xac4) returned 1 [0209.181] DeleteObject (ho=0x66050776) returned 1 [0209.181] DeleteObject (ho=0x56050770) returned 1 [0209.181] DestroyCursor (hCursor=0x11014d) returned 1 [0209.181] GetCurrentThreadId () returned 0x6f8 [0209.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac4 [0209.181] GetFileSize (in: hFile=0xac4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x112dc [0209.186] ReadFile (in: hFile=0xac4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x112dc, lpNumberOfBytesRead=0x4e4df10, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4df10*=0x112dc, lpOverlapped=0x0) returned 1 [0209.186] CloseHandle (hObject=0xac4) returned 1 [0209.187] GetCurrentThreadId () returned 0x6f8 [0209.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db70 | out: lpSystemTimeAsFileTime=0x4e4db70*(dwLowDateTime=0x1668530, dwHighDateTime=0x1d6076d)) [0209.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db70 | out: lpSystemTimeAsFileTime=0x4e4db70*(dwLowDateTime=0x1668530, dwHighDateTime=0x1d6076d)) [0209.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db8c | out: lpSystemTimeAsFileTime=0x4e4db8c*(dwLowDateTime=0x1668530, dwHighDateTime=0x1d6076d)) [0209.313] GetCurrentThreadId () returned 0x6f8 [0209.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db40 | out: lpSystemTimeAsFileTime=0x4e4db40*(dwLowDateTime=0x1799030, dwHighDateTime=0x1d6076d)) [0209.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db40 | out: lpSystemTimeAsFileTime=0x4e4db40*(dwLowDateTime=0x1799030, dwHighDateTime=0x1d6076d)) [0209.313] GetCurrentThreadId () returned 0x6f8 [0209.313] CreateFileW (lpFileName="YEEo.exe" (normalized: "c:\\windows\\system32\\yeeo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0209.314] CreateFileW (lpFileName="YEEo.exe" (normalized: "c:\\windows\\system32\\yeeo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0209.314] GetCurrentThreadId () returned 0x6f8 [0209.314] GetCurrentThreadId () returned 0x6f8 [0209.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc00 | out: lpSystemTimeAsFileTime=0x4e4dc00*(dwLowDateTime=0x1799030, dwHighDateTime=0x1d6076d)) [0209.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc00 | out: lpSystemTimeAsFileTime=0x4e4dc00*(dwLowDateTime=0x1799030, dwHighDateTime=0x1d6076d)) [0209.314] CreateFileW (lpFileName="YEEo.exe" (normalized: "c:\\windows\\system32\\yeeo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0209.314] GetCurrentThreadId () returned 0x6f8 [0209.314] BeginUpdateResourceW (pFileName="YEEo.exe" (normalized: "c:\\windows\\system32\\yeeo.exe"), bDeleteExistingResources=0) returned 0x0 [0209.314] CreateFileW (lpFileName="QCkc.ico" (normalized: "c:\\windows\\system32\\qckc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac4 [0209.314] GetFileSize (in: hFile=0xac4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0209.315] ReadFile (in: hFile=0xac4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4dc24, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4dc24*=0x10be, lpOverlapped=0x0) returned 1 [0209.315] CloseHandle (hObject=0xac4) returned 1 [0209.315] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0209.315] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4dc10, cb=0x14) returned 0 [0209.315] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0209.315] CopyFileW (lpExistingFileName="YEEo.exe" (normalized: "c:\\windows\\system32\\yeeo.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.exe"), bFailIfExists=0) returned 0 [0209.315] SetNamedSecurityInfoW () returned 0x2 [0209.315] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif")) returned 1 [0209.317] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x128, lpNumberOfBytesWritten=0x4e4dc68, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4dc68*=0x128, lpOverlapped=0x0) returned 1 [0209.317] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4dc68, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4dc68*=0x4, lpOverlapped=0x0) returned 1 [0209.317] DeleteFileW (lpFileName="QCkc.ico" (normalized: "c:\\windows\\system32\\qckc.ico")) returned 1 [0209.318] DeleteFileW (lpFileName="YEEo.exe" (normalized: "c:\\windows\\system32\\yeeo.exe")) returned 0 [0209.318] GetCurrentThreadId () returned 0x6f8 [0209.318] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc18 | out: lpSystemTimeAsFileTime=0x4e4dc18*(dwLowDateTime=0x1799030, dwHighDateTime=0x1d6076d)) [0209.318] GetCurrentThreadId () returned 0x6f8 [0209.318] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1799030, dwHighDateTime=0x1d6076d)) [0209.318] FindNextFileW (in: hFindFile=0x7e53da0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828af610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1109, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0209.318] GetCurrentThreadId () returned 0x6f8 [0209.318] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc40 | out: lpSystemTimeAsFileTime=0x4e4dc40*(dwLowDateTime=0x1799030, dwHighDateTime=0x1d6076d)) [0209.318] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png")) returned 0x2020 [0209.319] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png", dwFileAttributes=0x80) returned 1 [0209.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac4 [0209.319] GetFileSize (in: hFile=0xac4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1109 [0209.337] ReadFile (in: hFile=0xac4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1109, lpNumberOfBytesRead=0x4e4dc18, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4dc18*=0x1109, lpOverlapped=0x0) returned 1 [0209.339] GetCurrentThreadId () returned 0x6f8 [0209.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dba0 | out: lpSystemTimeAsFileTime=0x4e4dba0*(dwLowDateTime=0x17e52f0, dwHighDateTime=0x1d6076d)) [0209.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dba0 | out: lpSystemTimeAsFileTime=0x4e4dba0*(dwLowDateTime=0x17e52f0, dwHighDateTime=0x1d6076d)) [0209.339] GetCurrentThreadId () returned 0x6f8 [0209.339] CloseHandle (hObject=0xac4) returned 1 [0209.339] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png", dwFileAttributes=0x2020) returned 1 [0209.340] GetCurrentThreadId () returned 0x6f8 [0209.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4d2f8 | out: lpSystemTimeAsFileTime=0x4e4d2f8*(dwLowDateTime=0x17e52f0, dwHighDateTime=0x1d6076d)) [0209.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4d2f8 | out: lpSystemTimeAsFileTime=0x4e4d2f8*(dwLowDateTime=0x17e52f0, dwHighDateTime=0x1d6076d)) [0209.340] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png", piIcon=0x4e4dc24 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png", piIcon=0x4e4dc24) returned 0x12014d [0209.354] GetIconInfo (in: hIcon=0x12014d, piconinfo=0x4e4dc10 | out: piconinfo=0x4e4dc10) returned 1 [0209.354] CreateFileW (lpFileName="gmQw.ico" (normalized: "c:\\windows\\system32\\gmqw.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xacc [0209.355] GetObjectA (in: h=0x9705076f, c=24, pv=0x4e4dbd4 | out: pv=0x4e4dbd4) returned 24 [0209.355] GetObjectA (in: h=0x8b0501fe, c=24, pv=0x4e4dbec | out: pv=0x4e4dbec) returned 24 [0209.355] CreateCompatibleDC (hdc=0x0) returned 0x64010772 [0209.355] GetDIBits (in: hdc=0x64010772, hbm=0x9705076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d784, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d784) returned 1 [0209.355] GetDIBits (in: hdc=0x64010772, hbm=0x9705076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4d784, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4d784) returned 32 [0209.355] GetDIBits (in: hdc=0x64010772, hbm=0x9705076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d35c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d35c) returned 1 [0209.355] GetDIBits (in: hdc=0x64010772, hbm=0x8b0501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4d35c, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4d35c) returned 32 [0209.355] WriteFile (in: hFile=0xacc, lpBuffer=0x4e4d33c*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x4e4d33c*, lpNumberOfBytesWritten=0x4e4d324*=0x6, lpOverlapped=0x0) returned 1 [0209.357] WriteFile (in: hFile=0xacc, lpBuffer=0x4e4d32c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x4e4d32c*, lpNumberOfBytesWritten=0x4e4d324*=0x10, lpOverlapped=0x0) returned 1 [0209.357] WriteFile (in: hFile=0xacc, lpBuffer=0x4e4dbac*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x4e4dbac*, lpNumberOfBytesWritten=0x4e4d324*=0x28, lpOverlapped=0x0) returned 1 [0209.357] WriteFile (in: hFile=0xacc, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4d324*=0x1000, lpOverlapped=0x0) returned 1 [0209.357] WriteFile (in: hFile=0xacc, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4d324*=0x80, lpOverlapped=0x0) returned 1 [0209.357] DeleteDC (hdc=0x64010772) returned 1 [0209.357] CloseHandle (hObject=0xacc) returned 1 [0209.358] DeleteObject (ho=0x9705076f) returned 1 [0209.358] DeleteObject (ho=0x8b0501fe) returned 1 [0209.358] DestroyCursor (hCursor=0x12014d) returned 1 [0209.358] GetCurrentThreadId () returned 0x6f8 [0209.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xacc [0209.358] GetFileSize (in: hFile=0xacc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1109 [0209.363] ReadFile (in: hFile=0xacc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1109, lpNumberOfBytesRead=0x4e4df10, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4df10*=0x1109, lpOverlapped=0x0) returned 1 [0209.363] CloseHandle (hObject=0xacc) returned 1 [0209.363] GetCurrentThreadId () returned 0x6f8 [0209.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db70 | out: lpSystemTimeAsFileTime=0x4e4db70*(dwLowDateTime=0x180b450, dwHighDateTime=0x1d6076d)) [0209.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db70 | out: lpSystemTimeAsFileTime=0x4e4db70*(dwLowDateTime=0x180b450, dwHighDateTime=0x1d6076d)) [0209.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db8c | out: lpSystemTimeAsFileTime=0x4e4db8c*(dwLowDateTime=0x180b450, dwHighDateTime=0x1d6076d)) [0209.533] GetCurrentThreadId () returned 0x6f8 [0209.533] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db40 | out: lpSystemTimeAsFileTime=0x4e4db40*(dwLowDateTime=0x19ae370, dwHighDateTime=0x1d6076d)) [0209.533] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db40 | out: lpSystemTimeAsFileTime=0x4e4db40*(dwLowDateTime=0x19ae370, dwHighDateTime=0x1d6076d)) [0209.533] GetCurrentThreadId () returned 0x6f8 [0209.533] CreateFileW (lpFileName="QUYI.exe" (normalized: "c:\\windows\\system32\\quyi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0209.534] CreateFileW (lpFileName="QUYI.exe" (normalized: "c:\\windows\\system32\\quyi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0209.534] GetCurrentThreadId () returned 0x6f8 [0209.534] GetCurrentThreadId () returned 0x6f8 [0209.534] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc00 | out: lpSystemTimeAsFileTime=0x4e4dc00*(dwLowDateTime=0x19ae370, dwHighDateTime=0x1d6076d)) [0209.535] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc00 | out: lpSystemTimeAsFileTime=0x4e4dc00*(dwLowDateTime=0x19ae370, dwHighDateTime=0x1d6076d)) [0209.535] CreateFileW (lpFileName="QUYI.exe" (normalized: "c:\\windows\\system32\\quyi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0209.535] GetCurrentThreadId () returned 0x6f8 [0209.535] BeginUpdateResourceW (pFileName="QUYI.exe" (normalized: "c:\\windows\\system32\\quyi.exe"), bDeleteExistingResources=0) returned 0x0 [0209.535] CreateFileW (lpFileName="gmQw.ico" (normalized: "c:\\windows\\system32\\gmqw.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xacc [0209.535] GetFileSize (in: hFile=0xacc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0209.535] ReadFile (in: hFile=0xacc, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4dc24, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4dc24*=0x10be, lpOverlapped=0x0) returned 1 [0209.535] CloseHandle (hObject=0xacc) returned 1 [0209.536] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0209.536] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4dc10, cb=0x14) returned 0 [0209.536] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0209.536] CopyFileW (lpExistingFileName="QUYI.exe" (normalized: "c:\\windows\\system32\\quyi.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.exe"), bFailIfExists=0) returned 0 [0209.536] SetNamedSecurityInfoW () returned 0x2 [0209.536] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png")) returned 1 [0209.538] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x12a, lpNumberOfBytesWritten=0x4e4dc68, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4dc68*=0x12a, lpOverlapped=0x0) returned 1 [0209.538] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4dc68, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4dc68*=0x4, lpOverlapped=0x0) returned 1 [0209.538] DeleteFileW (lpFileName="gmQw.ico" (normalized: "c:\\windows\\system32\\gmqw.ico")) returned 1 [0209.540] DeleteFileW (lpFileName="QUYI.exe" (normalized: "c:\\windows\\system32\\quyi.exe")) returned 0 [0209.540] GetCurrentThreadId () returned 0x6f8 [0209.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc18 | out: lpSystemTimeAsFileTime=0x4e4dc18*(dwLowDateTime=0x19d44d0, dwHighDateTime=0x1d6076d)) [0209.540] GetCurrentThreadId () returned 0x6f8 [0209.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x19d44d0, dwHighDateTime=0x1d6076d)) [0209.540] FindNextFileW (in: hFindFile=0x7e53da0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828c7cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22c, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0209.540] GetCurrentThreadId () returned 0x6f8 [0209.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc40 | out: lpSystemTimeAsFileTime=0x4e4dc40*(dwLowDateTime=0x19d44d0, dwHighDateTime=0x1d6076d)) [0209.540] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png")) returned 0x2020 [0209.542] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png", dwFileAttributes=0x80) returned 1 [0209.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xacc [0209.542] GetFileSize (in: hFile=0xacc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x22c [0209.548] ReadFile (in: hFile=0xacc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x22c, lpNumberOfBytesRead=0x4e4dc18, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4dc18*=0x22c, lpOverlapped=0x0) returned 1 [0209.549] CloseHandle (hObject=0xacc) returned 1 [0209.549] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png", dwFileAttributes=0x2020) returned 1 [0209.550] CloseHandle (hObject=0x4e4df40) returned 0 [0209.550] GetCurrentThreadId () returned 0x6f8 [0209.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc18 | out: lpSystemTimeAsFileTime=0x4e4dc18*(dwLowDateTime=0x19d44d0, dwHighDateTime=0x1d6076d)) [0209.550] GetCurrentThreadId () returned 0x6f8 [0209.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x19d44d0, dwHighDateTime=0x1d6076d)) [0209.550] FindNextFileW (in: hFindFile=0x7e53da0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ccad0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ccad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button.png", cAlternateFileName="TOPBAR~1.PNG")) returned 1 [0209.550] GetCurrentThreadId () returned 0x6f8 [0209.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc40 | out: lpSystemTimeAsFileTime=0x4e4dc40*(dwLowDateTime=0x19d44d0, dwHighDateTime=0x1d6076d)) [0209.550] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png")) returned 0x2020 [0209.550] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png", dwFileAttributes=0x80) returned 1 [0209.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xacc [0209.551] GetFileSize (in: hFile=0xacc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa0 [0209.556] ReadFile (in: hFile=0xacc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4e4dc18, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4dc18*=0xa0, lpOverlapped=0x0) returned 1 [0209.558] CloseHandle (hObject=0xacc) returned 1 [0209.558] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png", dwFileAttributes=0x2020) returned 1 [0209.558] CloseHandle (hObject=0x4e4df40) returned 0 [0209.558] GetCurrentThreadId () returned 0x6f8 [0209.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc18 | out: lpSystemTimeAsFileTime=0x4e4dc18*(dwLowDateTime=0x19fa630, dwHighDateTime=0x1d6076d)) [0209.558] GetCurrentThreadId () returned 0x6f8 [0209.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x19fa630, dwHighDateTime=0x1d6076d)) [0209.559] FindNextFileW (in: hFindFile=0x7e53da0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828cf1e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d18f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button_close.png", cAlternateFileName="TOPBAR~2.PNG")) returned 1 [0209.559] GetCurrentThreadId () returned 0x6f8 [0209.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc40 | out: lpSystemTimeAsFileTime=0x4e4dc40*(dwLowDateTime=0x19fa630, dwHighDateTime=0x1d6076d)) [0209.559] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png")) returned 0x2020 [0209.559] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png", dwFileAttributes=0x80) returned 1 [0209.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xacc [0209.560] GetFileSize (in: hFile=0xacc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfc [0209.565] ReadFile (in: hFile=0xacc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xfc, lpNumberOfBytesRead=0x4e4dc18, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4dc18*=0xfc, lpOverlapped=0x0) returned 1 [0209.566] CloseHandle (hObject=0xacc) returned 1 [0209.567] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png", dwFileAttributes=0x2020) returned 1 [0209.567] CloseHandle (hObject=0x4e4df40) returned 0 [0209.567] GetCurrentThreadId () returned 0x6f8 [0209.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc18 | out: lpSystemTimeAsFileTime=0x4e4dc18*(dwLowDateTime=0x19fa630, dwHighDateTime=0x1d6076d)) [0209.567] GetCurrentThreadId () returned 0x6f8 [0209.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x19fa630, dwHighDateTime=0x1d6076d)) [0209.567] FindNextFileW (in: hFindFile=0x7e53da0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d6710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d6710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button_hover.png", cAlternateFileName="TOPBAR~3.PNG")) returned 1 [0209.567] GetCurrentThreadId () returned 0x6f8 [0209.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc40 | out: lpSystemTimeAsFileTime=0x4e4dc40*(dwLowDateTime=0x19fa630, dwHighDateTime=0x1d6076d)) [0209.567] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png")) returned 0x2020 [0209.568] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png", dwFileAttributes=0x80) returned 1 [0209.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xacc [0209.568] GetFileSize (in: hFile=0xacc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa0 [0209.578] ReadFile (in: hFile=0xacc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4e4dc18, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4dc18*=0xa0, lpOverlapped=0x0) returned 1 [0209.579] CloseHandle (hObject=0xacc) returned 1 [0209.579] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png", dwFileAttributes=0x2020) returned 1 [0209.580] CloseHandle (hObject=0x4e4df40) returned 0 [0209.580] GetCurrentThreadId () returned 0x6f8 [0209.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc18 | out: lpSystemTimeAsFileTime=0x4e4dc18*(dwLowDateTime=0x1a20790, dwHighDateTime=0x1d6076d)) [0209.580] GetCurrentThreadId () returned 0x6f8 [0209.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a20790, dwHighDateTime=0x1d6076d)) [0209.580] FindNextFileW (in: hFindFile=0x7e53da0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d8e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d8e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button_maximize.png", cAlternateFileName="TOPBAR~4.PNG")) returned 1 [0209.580] GetCurrentThreadId () returned 0x6f8 [0209.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc40 | out: lpSystemTimeAsFileTime=0x4e4dc40*(dwLowDateTime=0x1a20790, dwHighDateTime=0x1d6076d)) [0209.580] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png")) returned 0x2020 [0209.582] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png", dwFileAttributes=0x80) returned 1 [0209.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xacc [0209.582] GetFileSize (in: hFile=0xacc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa6 [0209.588] ReadFile (in: hFile=0xacc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa6, lpNumberOfBytesRead=0x4e4dc18, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4dc18*=0xa6, lpOverlapped=0x0) returned 1 [0209.589] CloseHandle (hObject=0xacc) returned 1 [0209.589] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png", dwFileAttributes=0x2020) returned 1 [0209.589] CloseHandle (hObject=0x4e4df40) returned 0 [0209.589] GetCurrentThreadId () returned 0x6f8 [0209.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc18 | out: lpSystemTimeAsFileTime=0x4e4dc18*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.589] GetCurrentThreadId () returned 0x6f8 [0209.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.589] FindNextFileW (in: hFindFile=0x7e53da0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ddc40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ddc40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button_pressed.png", cAlternateFileName="TOF9E1~1.PNG")) returned 1 [0209.589] GetCurrentThreadId () returned 0x6f8 [0209.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc40 | out: lpSystemTimeAsFileTime=0x4e4dc40*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.590] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png")) returned 0x2020 [0209.590] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png", dwFileAttributes=0x80) returned 1 [0209.590] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xacc [0209.590] GetFileSize (in: hFile=0xacc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa0 [0209.595] ReadFile (in: hFile=0xacc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x4e4dc18, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4dc18*=0xa0, lpOverlapped=0x0) returned 1 [0209.597] CloseHandle (hObject=0xacc) returned 1 [0209.597] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png", dwFileAttributes=0x2020) returned 1 [0209.598] CloseHandle (hObject=0x4e4df40) returned 0 [0209.598] GetCurrentThreadId () returned 0x6f8 [0209.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc18 | out: lpSystemTimeAsFileTime=0x4e4dc18*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.598] GetCurrentThreadId () returned 0x6f8 [0209.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.598] FindNextFileW (in: hFindFile=0x7e53da0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ddc40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ddc40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button_pressed.png", cAlternateFileName="TOF9E1~1.PNG")) returned 0 [0209.598] GetCurrentThreadId () returned 0x6f8 [0209.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.598] FindNextFileW (in: hFindFile=0x7e53ce0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826545a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e2a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aa3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0209.598] GetCurrentThreadId () returned 0x6f8 [0209.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.598] FindNextFileW (in: hFindFile=0x7e53ce0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0209.598] GetCurrentThreadId () returned 0x6f8 [0209.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.598] GetCurrentThreadId () returned 0x6f8 [0209.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.598] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53de0 [0209.600] GetCurrentThreadId () returned 0x6f8 [0209.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.600] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.600] GetCurrentThreadId () returned 0x6f8 [0209.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.600] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0209.600] GetCurrentThreadId () returned 0x6f8 [0209.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.600] GetCurrentThreadId () returned 0x6f8 [0209.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.600] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53e20 [0209.601] GetCurrentThreadId () returned 0x6f8 [0209.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.601] FindNextFileW (in: hFindFile=0x7e53e20, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.601] GetCurrentThreadId () returned 0x6f8 [0209.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.601] FindNextFileW (in: hFindFile=0x7e53e20, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8266f350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x376, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.601] GetCurrentThreadId () returned 0x6f8 [0209.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.601] FindNextFileW (in: hFindFile=0x7e53e20, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8266f350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x376, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.601] GetCurrentThreadId () returned 0x6f8 [0209.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.601] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0209.602] GetCurrentThreadId () returned 0x6f8 [0209.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.602] GetCurrentThreadId () returned 0x6f8 [0209.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.602] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53e60 [0209.603] GetCurrentThreadId () returned 0x6f8 [0209.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.603] FindNextFileW (in: hFindFile=0x7e53e60, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.603] GetCurrentThreadId () returned 0x6f8 [0209.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.603] FindNextFileW (in: hFindFile=0x7e53e60, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8267ddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.603] GetCurrentThreadId () returned 0x6f8 [0209.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.603] FindNextFileW (in: hFindFile=0x7e53e60, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8267ddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.603] GetCurrentThreadId () returned 0x6f8 [0209.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.603] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0209.603] GetCurrentThreadId () returned 0x6f8 [0209.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.603] GetCurrentThreadId () returned 0x6f8 [0209.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.604] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53ea0 [0209.604] GetCurrentThreadId () returned 0x6f8 [0209.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.604] FindNextFileW (in: hFindFile=0x7e53ea0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.604] GetCurrentThreadId () returned 0x6f8 [0209.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.604] FindNextFileW (in: hFindFile=0x7e53ea0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826a27a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x297, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.604] GetCurrentThreadId () returned 0x6f8 [0209.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.604] FindNextFileW (in: hFindFile=0x7e53ea0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826a27a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x297, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.604] GetCurrentThreadId () returned 0x6f8 [0209.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.604] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0209.604] GetCurrentThreadId () returned 0x6f8 [0209.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.605] GetCurrentThreadId () returned 0x6f8 [0209.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.605] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53ee0 [0209.606] GetCurrentThreadId () returned 0x6f8 [0209.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.606] FindNextFileW (in: hFindFile=0x7e53ee0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.606] GetCurrentThreadId () returned 0x6f8 [0209.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.606] FindNextFileW (in: hFindFile=0x7e53ee0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826b1200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.606] GetCurrentThreadId () returned 0x6f8 [0209.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.606] FindNextFileW (in: hFindFile=0x7e53ee0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826b1200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.606] GetCurrentThreadId () returned 0x6f8 [0209.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.606] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0209.606] GetCurrentThreadId () returned 0x6f8 [0209.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.606] GetCurrentThreadId () returned 0x6f8 [0209.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.606] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53f20 [0209.607] GetCurrentThreadId () returned 0x6f8 [0209.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.607] FindNextFileW (in: hFindFile=0x7e53f20, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.607] GetCurrentThreadId () returned 0x6f8 [0209.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.607] FindNextFileW (in: hFindFile=0x7e53f20, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.607] GetCurrentThreadId () returned 0x6f8 [0209.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.607] FindNextFileW (in: hFindFile=0x7e53f20, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.607] GetCurrentThreadId () returned 0x6f8 [0209.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.607] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0209.607] GetCurrentThreadId () returned 0x6f8 [0209.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.607] GetCurrentThreadId () returned 0x6f8 [0209.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.607] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53f60 [0209.608] GetCurrentThreadId () returned 0x6f8 [0209.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.608] FindNextFileW (in: hFindFile=0x7e53f60, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.609] GetCurrentThreadId () returned 0x6f8 [0209.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.609] FindNextFileW (in: hFindFile=0x7e53f60, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826c7190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.609] GetCurrentThreadId () returned 0x6f8 [0209.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.609] FindNextFileW (in: hFindFile=0x7e53f60, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826c7190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.609] GetCurrentThreadId () returned 0x6f8 [0209.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.609] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0209.609] GetCurrentThreadId () returned 0x6f8 [0209.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.609] GetCurrentThreadId () returned 0x6f8 [0209.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.609] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53fa0 [0209.609] GetCurrentThreadId () returned 0x6f8 [0209.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.610] FindNextFileW (in: hFindFile=0x7e53fa0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.610] GetCurrentThreadId () returned 0x6f8 [0209.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.610] FindNextFileW (in: hFindFile=0x7e53fa0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826d0dd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d34e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.610] GetCurrentThreadId () returned 0x6f8 [0209.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.610] FindNextFileW (in: hFindFile=0x7e53fa0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826d0dd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d34e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.610] GetCurrentThreadId () returned 0x6f8 [0209.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.610] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0209.610] GetCurrentThreadId () returned 0x6f8 [0209.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.610] GetCurrentThreadId () returned 0x6f8 [0209.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.610] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e53fe0 [0209.611] GetCurrentThreadId () returned 0x6f8 [0209.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.611] FindNextFileW (in: hFindFile=0x7e53fe0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.611] GetCurrentThreadId () returned 0x6f8 [0209.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.611] FindNextFileW (in: hFindFile=0x7e53fe0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826df830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826e1f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.611] GetCurrentThreadId () returned 0x6f8 [0209.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.611] FindNextFileW (in: hFindFile=0x7e53fe0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826df830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826e1f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.611] GetCurrentThreadId () returned 0x6f8 [0209.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.612] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0209.612] GetCurrentThreadId () returned 0x6f8 [0209.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.612] GetCurrentThreadId () returned 0x6f8 [0209.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.612] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54020 [0209.612] GetCurrentThreadId () returned 0x6f8 [0209.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.612] FindNextFileW (in: hFindFile=0x7e54020, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.612] GetCurrentThreadId () returned 0x6f8 [0209.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.612] FindNextFileW (in: hFindFile=0x7e54020, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826ebb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.612] GetCurrentThreadId () returned 0x6f8 [0209.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.612] FindNextFileW (in: hFindFile=0x7e54020, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826ebb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.612] GetCurrentThreadId () returned 0x6f8 [0209.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.613] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0209.613] GetCurrentThreadId () returned 0x6f8 [0209.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.613] GetCurrentThreadId () returned 0x6f8 [0209.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.613] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54060 [0209.614] GetCurrentThreadId () returned 0x6f8 [0209.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.614] FindNextFileW (in: hFindFile=0x7e54060, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.614] GetCurrentThreadId () returned 0x6f8 [0209.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.614] FindNextFileW (in: hFindFile=0x7e54060, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826f7ed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.614] GetCurrentThreadId () returned 0x6f8 [0209.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.614] FindNextFileW (in: hFindFile=0x7e54060, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826f7ed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.614] GetCurrentThreadId () returned 0x6f8 [0209.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.614] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0209.614] GetCurrentThreadId () returned 0x6f8 [0209.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.614] GetCurrentThreadId () returned 0x6f8 [0209.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.614] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e540a0 [0209.615] GetCurrentThreadId () returned 0x6f8 [0209.615] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.615] FindNextFileW (in: hFindFile=0x7e540a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.615] GetCurrentThreadId () returned 0x6f8 [0209.615] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.615] FindNextFileW (in: hFindFile=0x7e540a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82701b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82704220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x261, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.615] GetCurrentThreadId () returned 0x6f8 [0209.615] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.615] FindNextFileW (in: hFindFile=0x7e540a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82701b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82704220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x261, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.615] GetCurrentThreadId () returned 0x6f8 [0209.615] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.615] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0209.615] GetCurrentThreadId () returned 0x6f8 [0209.615] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.615] GetCurrentThreadId () returned 0x6f8 [0209.615] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a6ca50, dwHighDateTime=0x1d6076d)) [0209.615] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e540e0 [0209.617] GetCurrentThreadId () returned 0x6f8 [0209.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.617] FindNextFileW (in: hFindFile=0x7e540e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.617] GetCurrentThreadId () returned 0x6f8 [0209.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.617] FindNextFileW (in: hFindFile=0x7e540e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8270de60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.617] GetCurrentThreadId () returned 0x6f8 [0209.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.617] FindNextFileW (in: hFindFile=0x7e540e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8270de60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.617] GetCurrentThreadId () returned 0x6f8 [0209.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.617] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0209.617] GetCurrentThreadId () returned 0x6f8 [0209.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.617] GetCurrentThreadId () returned 0x6f8 [0209.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.618] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54120 [0209.618] GetCurrentThreadId () returned 0x6f8 [0209.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.618] FindNextFileW (in: hFindFile=0x7e54120, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.618] GetCurrentThreadId () returned 0x6f8 [0209.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.618] FindNextFileW (in: hFindFile=0x7e54120, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82717aa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.618] GetCurrentThreadId () returned 0x6f8 [0209.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.618] FindNextFileW (in: hFindFile=0x7e54120, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82717aa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.618] GetCurrentThreadId () returned 0x6f8 [0209.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.618] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0209.619] GetCurrentThreadId () returned 0x6f8 [0209.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.619] GetCurrentThreadId () returned 0x6f8 [0209.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.619] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54160 [0209.624] GetCurrentThreadId () returned 0x6f8 [0209.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.624] FindNextFileW (in: hFindFile=0x7e54160, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.624] GetCurrentThreadId () returned 0x6f8 [0209.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.624] FindNextFileW (in: hFindFile=0x7e54160, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827216e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82723df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.624] GetCurrentThreadId () returned 0x6f8 [0209.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.624] FindNextFileW (in: hFindFile=0x7e54160, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827216e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82723df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.624] GetCurrentThreadId () returned 0x6f8 [0209.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.624] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0209.624] GetCurrentThreadId () returned 0x6f8 [0209.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.624] GetCurrentThreadId () returned 0x6f8 [0209.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.624] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e541a0 [0209.625] GetCurrentThreadId () returned 0x6f8 [0209.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.625] FindNextFileW (in: hFindFile=0x7e541a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.625] GetCurrentThreadId () returned 0x6f8 [0209.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.625] FindNextFileW (in: hFindFile=0x7e541a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8272da30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.625] GetCurrentThreadId () returned 0x6f8 [0209.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.625] FindNextFileW (in: hFindFile=0x7e541a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8272da30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.625] GetCurrentThreadId () returned 0x6f8 [0209.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.625] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0209.625] GetCurrentThreadId () returned 0x6f8 [0209.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.625] GetCurrentThreadId () returned 0x6f8 [0209.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.625] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e541e0 [0209.627] GetCurrentThreadId () returned 0x6f8 [0209.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.627] FindNextFileW (in: hFindFile=0x7e541e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.627] GetCurrentThreadId () returned 0x6f8 [0209.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.627] FindNextFileW (in: hFindFile=0x7e541e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827439c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827460d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x279, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.627] GetCurrentThreadId () returned 0x6f8 [0209.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.627] FindNextFileW (in: hFindFile=0x7e541e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827439c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827460d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x279, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.627] GetCurrentThreadId () returned 0x6f8 [0209.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.627] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0209.627] GetCurrentThreadId () returned 0x6f8 [0209.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.627] GetCurrentThreadId () returned 0x6f8 [0209.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.627] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54220 [0209.628] GetCurrentThreadId () returned 0x6f8 [0209.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.628] FindNextFileW (in: hFindFile=0x7e54220, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.628] GetCurrentThreadId () returned 0x6f8 [0209.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.628] FindNextFileW (in: hFindFile=0x7e54220, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8274d600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274fd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.628] GetCurrentThreadId () returned 0x6f8 [0209.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.628] FindNextFileW (in: hFindFile=0x7e54220, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8274d600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274fd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.628] GetCurrentThreadId () returned 0x6f8 [0209.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.628] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0209.628] GetCurrentThreadId () returned 0x6f8 [0209.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.628] GetCurrentThreadId () returned 0x6f8 [0209.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1a92bb0, dwHighDateTime=0x1d6076d)) [0209.628] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54260 [0209.686] GetCurrentThreadId () returned 0x6f8 [0209.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.686] FindNextFileW (in: hFindFile=0x7e54260, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.686] GetCurrentThreadId () returned 0x6f8 [0209.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.686] FindNextFileW (in: hFindFile=0x7e54260, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.686] GetCurrentThreadId () returned 0x6f8 [0209.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.686] FindNextFileW (in: hFindFile=0x7e54260, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.686] GetCurrentThreadId () returned 0x6f8 [0209.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.686] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0209.686] GetCurrentThreadId () returned 0x6f8 [0209.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.686] GetCurrentThreadId () returned 0x6f8 [0209.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.686] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e542a0 [0209.687] GetCurrentThreadId () returned 0x6f8 [0209.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.687] FindNextFileW (in: hFindFile=0x7e542a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.687] GetCurrentThreadId () returned 0x6f8 [0209.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.687] FindNextFileW (in: hFindFile=0x7e542a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8275c060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x26e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.687] GetCurrentThreadId () returned 0x6f8 [0209.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.687] FindNextFileW (in: hFindFile=0x7e542a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8275c060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x26e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.687] GetCurrentThreadId () returned 0x6f8 [0209.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.687] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0209.687] GetCurrentThreadId () returned 0x6f8 [0209.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.687] GetCurrentThreadId () returned 0x6f8 [0209.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.687] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e542e0 [0209.689] GetCurrentThreadId () returned 0x6f8 [0209.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.689] FindNextFileW (in: hFindFile=0x7e542e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.689] GetCurrentThreadId () returned 0x6f8 [0209.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.689] FindNextFileW (in: hFindFile=0x7e542e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82765ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.689] GetCurrentThreadId () returned 0x6f8 [0209.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.689] FindNextFileW (in: hFindFile=0x7e542e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82765ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.689] GetCurrentThreadId () returned 0x6f8 [0209.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.689] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0209.689] GetCurrentThreadId () returned 0x6f8 [0209.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.689] GetCurrentThreadId () returned 0x6f8 [0209.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.689] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54320 [0209.690] GetCurrentThreadId () returned 0x6f8 [0209.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.690] FindNextFileW (in: hFindFile=0x7e54320, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.690] GetCurrentThreadId () returned 0x6f8 [0209.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.690] FindNextFileW (in: hFindFile=0x7e54320, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8276f8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.690] GetCurrentThreadId () returned 0x6f8 [0209.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.690] FindNextFileW (in: hFindFile=0x7e54320, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8276f8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.690] GetCurrentThreadId () returned 0x6f8 [0209.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.690] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0209.690] GetCurrentThreadId () returned 0x6f8 [0209.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.690] GetCurrentThreadId () returned 0x6f8 [0209.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.690] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54360 [0209.693] GetCurrentThreadId () returned 0x6f8 [0209.693] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.693] FindNextFileW (in: hFindFile=0x7e54360, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.693] GetCurrentThreadId () returned 0x6f8 [0209.693] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.694] FindNextFileW (in: hFindFile=0x7e54360, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82779520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.694] GetCurrentThreadId () returned 0x6f8 [0209.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.694] FindNextFileW (in: hFindFile=0x7e54360, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82779520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.694] GetCurrentThreadId () returned 0x6f8 [0209.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.694] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0209.694] GetCurrentThreadId () returned 0x6f8 [0209.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.694] GetCurrentThreadId () returned 0x6f8 [0209.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b2b130, dwHighDateTime=0x1d6076d)) [0209.694] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e543a0 [0209.694] GetCurrentThreadId () returned 0x6f8 [0209.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.695] FindNextFileW (in: hFindFile=0x7e543a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.695] GetCurrentThreadId () returned 0x6f8 [0209.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.695] FindNextFileW (in: hFindFile=0x7e543a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82783160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.695] GetCurrentThreadId () returned 0x6f8 [0209.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.695] FindNextFileW (in: hFindFile=0x7e543a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82783160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.695] GetCurrentThreadId () returned 0x6f8 [0209.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.695] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb", cAlternateFileName="")) returned 1 [0209.695] GetCurrentThreadId () returned 0x6f8 [0209.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.695] GetCurrentThreadId () returned 0x6f8 [0209.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.695] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e543e0 [0209.696] GetCurrentThreadId () returned 0x6f8 [0209.696] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.696] FindNextFileW (in: hFindFile=0x7e543e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.698] GetCurrentThreadId () returned 0x6f8 [0209.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.698] FindNextFileW (in: hFindFile=0x7e543e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8278a690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x284, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.698] GetCurrentThreadId () returned 0x6f8 [0209.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.698] FindNextFileW (in: hFindFile=0x7e543e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8278a690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x284, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.698] GetCurrentThreadId () returned 0x6f8 [0209.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.698] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0209.698] GetCurrentThreadId () returned 0x6f8 [0209.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.698] GetCurrentThreadId () returned 0x6f8 [0209.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.698] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54420 [0209.699] GetCurrentThreadId () returned 0x6f8 [0209.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.699] FindNextFileW (in: hFindFile=0x7e54420, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.699] GetCurrentThreadId () returned 0x6f8 [0209.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.699] FindNextFileW (in: hFindFile=0x7e54420, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827942d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827969e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.699] GetCurrentThreadId () returned 0x6f8 [0209.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.699] FindNextFileW (in: hFindFile=0x7e54420, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827942d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827969e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.699] GetCurrentThreadId () returned 0x6f8 [0209.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.699] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0209.699] GetCurrentThreadId () returned 0x6f8 [0209.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.699] GetCurrentThreadId () returned 0x6f8 [0209.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.699] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54460 [0209.700] GetCurrentThreadId () returned 0x6f8 [0209.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.700] FindNextFileW (in: hFindFile=0x7e54460, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.701] GetCurrentThreadId () returned 0x6f8 [0209.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.701] FindNextFileW (in: hFindFile=0x7e54460, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8279df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.701] GetCurrentThreadId () returned 0x6f8 [0209.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.701] FindNextFileW (in: hFindFile=0x7e54460, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8279df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.701] GetCurrentThreadId () returned 0x6f8 [0209.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.701] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0209.701] GetCurrentThreadId () returned 0x6f8 [0209.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.701] GetCurrentThreadId () returned 0x6f8 [0209.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e544a0 [0209.701] GetCurrentThreadId () returned 0x6f8 [0209.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.701] FindNextFileW (in: hFindFile=0x7e544a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.701] GetCurrentThreadId () returned 0x6f8 [0209.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.702] FindNextFileW (in: hFindFile=0x7e544a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827a5440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.702] GetCurrentThreadId () returned 0x6f8 [0209.702] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.702] FindNextFileW (in: hFindFile=0x7e544a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827a5440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.702] GetCurrentThreadId () returned 0x6f8 [0209.702] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.702] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0209.702] GetCurrentThreadId () returned 0x6f8 [0209.702] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.702] GetCurrentThreadId () returned 0x6f8 [0209.702] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.702] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e544e0 [0209.703] GetCurrentThreadId () returned 0x6f8 [0209.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.703] FindNextFileW (in: hFindFile=0x7e544e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.703] GetCurrentThreadId () returned 0x6f8 [0209.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.703] FindNextFileW (in: hFindFile=0x7e544e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827af080, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x295, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.703] GetCurrentThreadId () returned 0x6f8 [0209.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.703] FindNextFileW (in: hFindFile=0x7e544e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827af080, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x295, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.703] GetCurrentThreadId () returned 0x6f8 [0209.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.703] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0209.703] GetCurrentThreadId () returned 0x6f8 [0209.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.704] GetCurrentThreadId () returned 0x6f8 [0209.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.704] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54520 [0209.704] GetCurrentThreadId () returned 0x6f8 [0209.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.704] FindNextFileW (in: hFindFile=0x7e54520, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.704] GetCurrentThreadId () returned 0x6f8 [0209.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.704] FindNextFileW (in: hFindFile=0x7e54520, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827b65b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b8cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.704] GetCurrentThreadId () returned 0x6f8 [0209.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.704] FindNextFileW (in: hFindFile=0x7e54520, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827b65b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b8cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.704] GetCurrentThreadId () returned 0x6f8 [0209.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.704] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0209.704] GetCurrentThreadId () returned 0x6f8 [0209.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.705] GetCurrentThreadId () returned 0x6f8 [0209.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.705] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54560 [0209.705] GetCurrentThreadId () returned 0x6f8 [0209.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.706] FindNextFileW (in: hFindFile=0x7e54560, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.706] GetCurrentThreadId () returned 0x6f8 [0209.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.706] FindNextFileW (in: hFindFile=0x7e54560, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827cc540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cec50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.706] GetCurrentThreadId () returned 0x6f8 [0209.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.706] FindNextFileW (in: hFindFile=0x7e54560, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827cc540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cec50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.706] GetCurrentThreadId () returned 0x6f8 [0209.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.706] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0209.706] GetCurrentThreadId () returned 0x6f8 [0209.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.706] GetCurrentThreadId () returned 0x6f8 [0209.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.706] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e545a0 [0209.706] GetCurrentThreadId () returned 0x6f8 [0209.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.706] FindNextFileW (in: hFindFile=0x7e545a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.707] GetCurrentThreadId () returned 0x6f8 [0209.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.708] FindNextFileW (in: hFindFile=0x7e545a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827e72f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e9a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.708] GetCurrentThreadId () returned 0x6f8 [0209.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.708] FindNextFileW (in: hFindFile=0x7e545a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827e72f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e9a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.708] GetCurrentThreadId () returned 0x6f8 [0209.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.708] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0209.708] GetCurrentThreadId () returned 0x6f8 [0209.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.708] GetCurrentThreadId () returned 0x6f8 [0209.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.708] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e545e0 [0209.709] GetCurrentThreadId () returned 0x6f8 [0209.709] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.709] FindNextFileW (in: hFindFile=0x7e545e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.709] GetCurrentThreadId () returned 0x6f8 [0209.709] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.709] FindNextFileW (in: hFindFile=0x7e545e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827fab70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fd280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.709] GetCurrentThreadId () returned 0x6f8 [0209.709] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.709] FindNextFileW (in: hFindFile=0x7e545e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827fab70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fd280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.709] GetCurrentThreadId () returned 0x6f8 [0209.709] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.709] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0209.709] GetCurrentThreadId () returned 0x6f8 [0209.709] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.709] GetCurrentThreadId () returned 0x6f8 [0209.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b51290, dwHighDateTime=0x1d6076d)) [0209.710] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54620 [0209.710] GetCurrentThreadId () returned 0x6f8 [0209.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.710] FindNextFileW (in: hFindFile=0x7e54620, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.710] GetCurrentThreadId () returned 0x6f8 [0209.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.710] FindNextFileW (in: hFindFile=0x7e54620, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8280e3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82821c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x32c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.710] GetCurrentThreadId () returned 0x6f8 [0209.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.710] FindNextFileW (in: hFindFile=0x7e54620, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8280e3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82821c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x32c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.710] GetCurrentThreadId () returned 0x6f8 [0209.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.710] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0209.710] GetCurrentThreadId () returned 0x6f8 [0209.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.710] GetCurrentThreadId () returned 0x6f8 [0209.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.710] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54660 [0209.711] GetCurrentThreadId () returned 0x6f8 [0209.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.712] FindNextFileW (in: hFindFile=0x7e54660, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.712] GetCurrentThreadId () returned 0x6f8 [0209.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.712] FindNextFileW (in: hFindFile=0x7e54660, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828306d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8283ca20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.712] GetCurrentThreadId () returned 0x6f8 [0209.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.712] FindNextFileW (in: hFindFile=0x7e54660, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828306d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8283ca20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.712] GetCurrentThreadId () returned 0x6f8 [0209.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.712] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0209.712] GetCurrentThreadId () returned 0x6f8 [0209.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.712] GetCurrentThreadId () returned 0x6f8 [0209.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.712] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e546a0 [0209.712] GetCurrentThreadId () returned 0x6f8 [0209.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.713] FindNextFileW (in: hFindFile=0x7e546a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.713] GetCurrentThreadId () returned 0x6f8 [0209.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.713] FindNextFileW (in: hFindFile=0x7e546a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828529b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x44b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.713] GetCurrentThreadId () returned 0x6f8 [0209.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.713] FindNextFileW (in: hFindFile=0x7e546a0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828529b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x44b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.713] GetCurrentThreadId () returned 0x6f8 [0209.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.713] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0209.713] GetCurrentThreadId () returned 0x6f8 [0209.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.713] GetCurrentThreadId () returned 0x6f8 [0209.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.713] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e546e0 [0209.714] GetCurrentThreadId () returned 0x6f8 [0209.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.714] FindNextFileW (in: hFindFile=0x7e546e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.714] GetCurrentThreadId () returned 0x6f8 [0209.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.714] FindNextFileW (in: hFindFile=0x7e546e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82866230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.714] GetCurrentThreadId () returned 0x6f8 [0209.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.714] FindNextFileW (in: hFindFile=0x7e546e0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82866230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.714] GetCurrentThreadId () returned 0x6f8 [0209.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.714] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0209.714] GetCurrentThreadId () returned 0x6f8 [0209.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.715] GetCurrentThreadId () returned 0x6f8 [0209.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.715] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54720 [0209.715] GetCurrentThreadId () returned 0x6f8 [0209.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.715] FindNextFileW (in: hFindFile=0x7e54720, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.715] GetCurrentThreadId () returned 0x6f8 [0209.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.715] FindNextFileW (in: hFindFile=0x7e54720, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8286d760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x315, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.715] GetCurrentThreadId () returned 0x6f8 [0209.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.715] FindNextFileW (in: hFindFile=0x7e54720, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8286d760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x315, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.715] GetCurrentThreadId () returned 0x6f8 [0209.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.715] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0209.715] GetCurrentThreadId () returned 0x6f8 [0209.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.716] GetCurrentThreadId () returned 0x6f8 [0209.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.716] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e54760 [0209.717] GetCurrentThreadId () returned 0x6f8 [0209.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.717] FindNextFileW (in: hFindFile=0x7e54760, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.717] GetCurrentThreadId () returned 0x6f8 [0209.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.717] FindNextFileW (in: hFindFile=0x7e54760, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82874c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.717] GetCurrentThreadId () returned 0x6f8 [0209.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.717] FindNextFileW (in: hFindFile=0x7e54760, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82874c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.717] GetCurrentThreadId () returned 0x6f8 [0209.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.717] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0209.717] GetCurrentThreadId () returned 0x6f8 [0209.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.717] GetCurrentThreadId () returned 0x6f8 [0209.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59950 [0209.717] GetCurrentThreadId () returned 0x6f8 [0209.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.718] FindNextFileW (in: hFindFile=0x7e59950, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.718] GetCurrentThreadId () returned 0x6f8 [0209.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.718] FindNextFileW (in: hFindFile=0x7e59950, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8287e8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x253, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.718] GetCurrentThreadId () returned 0x6f8 [0209.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.718] FindNextFileW (in: hFindFile=0x7e59950, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8287e8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x253, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.718] GetCurrentThreadId () returned 0x6f8 [0209.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.718] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0209.718] GetCurrentThreadId () returned 0x6f8 [0209.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.718] GetCurrentThreadId () returned 0x6f8 [0209.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.718] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59990 [0209.719] GetCurrentThreadId () returned 0x6f8 [0209.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.719] FindNextFileW (in: hFindFile=0x7e59990, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.719] GetCurrentThreadId () returned 0x6f8 [0209.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.719] FindNextFileW (in: hFindFile=0x7e59990, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82885e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x280, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.719] GetCurrentThreadId () returned 0x6f8 [0209.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.719] FindNextFileW (in: hFindFile=0x7e59990, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82885e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x280, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.719] GetCurrentThreadId () returned 0x6f8 [0209.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.720] FindNextFileW (in: hFindFile=0x7e53de0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0209.720] GetCurrentThreadId () returned 0x6f8 [0209.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1b773f0, dwHighDateTime=0x1d6076d)) [0209.720] FindNextFileW (in: hFindFile=0x7e53ce0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0209.720] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e599d0 [0209.720] FindNextFileW (in: hFindFile=0x7e599d0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.720] FindNextFileW (in: hFindFile=0x7e599d0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828e9f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb7bfbc00, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x2dfa, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0209.720] FindNextFileW (in: hFindFile=0x7e599d0, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828e9f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb7bfbc00, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x2dfa, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0209.720] FindNextFileW (in: hFindFile=0x7e53ce0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0209.720] FindNextFileW (in: hFindFile=0x7e53ca0, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.2_0", cAlternateFileName="100~1.2_0")) returned 0 [0209.720] FindNextFileW (in: hFindFile=0x6a9308, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pjkljhegncpnkpknbcohdijeoejaedia", cAlternateFileName="PJKLJH~1")) returned 1 [0209.721] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59a10 [0209.721] FindNextFileW (in: hFindFile=0x7e59a10, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.721] FindNextFileW (in: hFindFile=0x7e59a10, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8.1_0", cAlternateFileName="")) returned 1 [0209.721] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59a50 [0209.724] FindNextFileW (in: hFindFile=0x7e59a50, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.724] FindNextFileW (in: hFindFile=0x7e59a50, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x180f, dwReserved0=0x0, dwReserved1=0x0, cFileName="128.png", cAlternateFileName="")) returned 1 [0209.725] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", dwFileAttributes=0x80) returned 1 [0209.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb74 [0209.726] GetFileSize (in: hFile=0xb74, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x180f [0209.736] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", dwFileAttributes=0x2020) returned 1 [0209.736] GetCurrentThreadId () returned 0x6f8 [0209.736] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", piIcon=0x4e4de98 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", piIcon=0x4e4de98) returned 0x16008b [0209.751] GetIconInfo (in: hIcon=0x16008b, piconinfo=0x4e4de84 | out: piconinfo=0x4e4de84) returned 1 [0209.751] CreateFileW (lpFileName="wysI.ico" (normalized: "c:\\windows\\system32\\wysi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb78 [0209.753] GetObjectA (in: h=0x59050770, c=24, pv=0x4e4de48 | out: pv=0x4e4de48) returned 24 [0209.753] GetObjectA (in: h=0x6b050776, c=24, pv=0x4e4de60 | out: pv=0x4e4de60) returned 24 [0209.753] CreateCompatibleDC (hdc=0x0) returned 0x4a0101fa [0209.753] GetDIBits (in: hdc=0x4a0101fa, hbm=0x59050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d9f8) returned 1 [0209.753] GetDIBits (in: hdc=0x4a0101fa, hbm=0x59050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4d9f8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4d9f8) returned 32 [0209.753] GetDIBits (in: hdc=0x4a0101fa, hbm=0x59050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d5d0) returned 1 [0209.753] GetDIBits (in: hdc=0x4a0101fa, hbm=0x6b050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4d5d0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4d5d0) returned 32 [0209.753] WriteFile (in: hFile=0xb78, lpBuffer=0x4e4d5b0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5b0*, lpNumberOfBytesWritten=0x4e4d598*=0x6, lpOverlapped=0x0) returned 1 [0209.754] WriteFile (in: hFile=0xb78, lpBuffer=0x4e4d5a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4d5a0*, lpNumberOfBytesWritten=0x4e4d598*=0x10, lpOverlapped=0x0) returned 1 [0209.754] WriteFile (in: hFile=0xb78, lpBuffer=0x4e4de20*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x4e4de20*, lpNumberOfBytesWritten=0x4e4d598*=0x28, lpOverlapped=0x0) returned 1 [0209.755] WriteFile (in: hFile=0xb78, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4d598*=0x1000, lpOverlapped=0x0) returned 1 [0209.755] WriteFile (in: hFile=0xb78, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4d598, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4d598*=0x80, lpOverlapped=0x0) returned 1 [0209.755] DeleteDC (hdc=0x4a0101fa) returned 1 [0209.755] CloseHandle (hObject=0xb78) returned 1 [0209.755] DeleteObject (ho=0x59050770) returned 1 [0209.755] DeleteObject (ho=0x6b050776) returned 1 [0209.755] DestroyCursor (hCursor=0x16008b) returned 1 [0209.755] GetCurrentThreadId () returned 0x6f8 [0209.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb78 [0209.756] GetFileSize (in: hFile=0xb78, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x180f [0209.761] ReadFile (in: hFile=0xb78, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x180f, lpNumberOfBytesRead=0x4e4e184, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e184*=0x180f, lpOverlapped=0x0) returned 1 [0209.761] CloseHandle (hObject=0xb78) returned 1 [0209.761] GetCurrentThreadId () returned 0x6f8 [0209.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0x1be9810, dwHighDateTime=0x1d6076d)) [0209.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dde4 | out: lpSystemTimeAsFileTime=0x4e4dde4*(dwLowDateTime=0x1be9810, dwHighDateTime=0x1d6076d)) [0209.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de00 | out: lpSystemTimeAsFileTime=0x4e4de00*(dwLowDateTime=0x1be9810, dwHighDateTime=0x1d6076d)) [0209.848] GetCurrentThreadId () returned 0x6f8 [0209.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0x1ca7ef0, dwHighDateTime=0x1d6076d)) [0209.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ddb4 | out: lpSystemTimeAsFileTime=0x4e4ddb4*(dwLowDateTime=0x1ca7ef0, dwHighDateTime=0x1d6076d)) [0209.848] GetCurrentThreadId () returned 0x6f8 [0209.848] CreateFileW (lpFileName="OoUq.exe" (normalized: "c:\\windows\\system32\\oouq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0209.849] CreateFileW (lpFileName="OoUq.exe" (normalized: "c:\\windows\\system32\\oouq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0209.850] GetCurrentThreadId () returned 0x6f8 [0209.850] GetCurrentThreadId () returned 0x6f8 [0209.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0x1ca7ef0, dwHighDateTime=0x1d6076d)) [0209.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de74 | out: lpSystemTimeAsFileTime=0x4e4de74*(dwLowDateTime=0x1ca7ef0, dwHighDateTime=0x1d6076d)) [0209.850] CreateFileW (lpFileName="OoUq.exe" (normalized: "c:\\windows\\system32\\oouq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0209.850] GetCurrentThreadId () returned 0x6f8 [0209.850] BeginUpdateResourceW (pFileName="OoUq.exe" (normalized: "c:\\windows\\system32\\oouq.exe"), bDeleteExistingResources=0) returned 0x0 [0209.850] CreateFileW (lpFileName="wysI.ico" (normalized: "c:\\windows\\system32\\wysi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb78 [0209.850] GetFileSize (in: hFile=0xb78, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0209.851] ReadFile (in: hFile=0xb78, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4de98, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4de98*=0x10be, lpOverlapped=0x0) returned 1 [0209.851] CloseHandle (hObject=0xb78) returned 1 [0209.851] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0209.851] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4de84, cb=0x14) returned 0 [0209.851] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0209.851] CopyFileW (lpExistingFileName="OoUq.exe" (normalized: "c:\\windows\\system32\\oouq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.exe"), bFailIfExists=0) returned 0 [0209.851] SetNamedSecurityInfoW () returned 0x2 [0209.851] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png")) returned 1 [0209.853] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4dedc*=0x10a, lpOverlapped=0x0) returned 1 [0209.853] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4dedc, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4dedc*=0x4, lpOverlapped=0x0) returned 1 [0209.853] DeleteFileW (lpFileName="wysI.ico" (normalized: "c:\\windows\\system32\\wysi.ico")) returned 1 [0209.854] DeleteFileW (lpFileName="OoUq.exe" (normalized: "c:\\windows\\system32\\oouq.exe")) returned 0 [0209.854] GetCurrentThreadId () returned 0x6f8 [0209.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4de8c | out: lpSystemTimeAsFileTime=0x4e4de8c*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.854] GetCurrentThreadId () returned 0x6f8 [0209.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.854] FindNextFileW (in: hFindFile=0x7e59a50, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x869b0fb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0209.855] GetCurrentThreadId () returned 0x6f8 [0209.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.855] FindNextFileW (in: hFindFile=0x7e59a50, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0209.855] GetCurrentThreadId () returned 0x6f8 [0209.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.855] GetCurrentThreadId () returned 0x6f8 [0209.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.855] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59a90 [0209.857] GetCurrentThreadId () returned 0x6f8 [0209.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.857] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.857] GetCurrentThreadId () returned 0x6f8 [0209.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.857] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0209.858] GetCurrentThreadId () returned 0x6f8 [0209.858] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.858] GetCurrentThreadId () returned 0x6f8 [0209.858] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.858] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59ad0 [0209.859] GetCurrentThreadId () returned 0x6f8 [0209.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.859] FindNextFileW (in: hFindFile=0x7e59ad0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.859] GetCurrentThreadId () returned 0x6f8 [0209.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.859] FindNextFileW (in: hFindFile=0x7e59ad0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.859] GetCurrentThreadId () returned 0x6f8 [0209.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.859] FindNextFileW (in: hFindFile=0x7e59ad0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.859] GetCurrentThreadId () returned 0x6f8 [0209.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.859] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0209.859] GetCurrentThreadId () returned 0x6f8 [0209.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.859] GetCurrentThreadId () returned 0x6f8 [0209.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.859] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59b10 [0209.860] GetCurrentThreadId () returned 0x6f8 [0209.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.860] FindNextFileW (in: hFindFile=0x7e59b10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.860] GetCurrentThreadId () returned 0x6f8 [0209.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.860] FindNextFileW (in: hFindFile=0x7e59b10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.860] GetCurrentThreadId () returned 0x6f8 [0209.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.860] FindNextFileW (in: hFindFile=0x7e59b10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.860] GetCurrentThreadId () returned 0x6f8 [0209.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.860] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0209.860] GetCurrentThreadId () returned 0x6f8 [0209.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.860] GetCurrentThreadId () returned 0x6f8 [0209.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59b50 [0209.861] GetCurrentThreadId () returned 0x6f8 [0209.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.861] FindNextFileW (in: hFindFile=0x7e59b50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.862] GetCurrentThreadId () returned 0x6f8 [0209.862] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.862] FindNextFileW (in: hFindFile=0x7e59b50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.862] GetCurrentThreadId () returned 0x6f8 [0209.862] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.862] FindNextFileW (in: hFindFile=0x7e59b50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.862] GetCurrentThreadId () returned 0x6f8 [0209.862] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.862] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0209.862] GetCurrentThreadId () returned 0x6f8 [0209.862] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.862] GetCurrentThreadId () returned 0x6f8 [0209.862] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.862] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59b90 [0209.863] GetCurrentThreadId () returned 0x6f8 [0209.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.863] FindNextFileW (in: hFindFile=0x7e59b90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.863] GetCurrentThreadId () returned 0x6f8 [0209.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.863] FindNextFileW (in: hFindFile=0x7e59b90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.863] GetCurrentThreadId () returned 0x6f8 [0209.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.863] FindNextFileW (in: hFindFile=0x7e59b90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.863] GetCurrentThreadId () returned 0x6f8 [0209.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.863] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0209.864] GetCurrentThreadId () returned 0x6f8 [0209.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.864] GetCurrentThreadId () returned 0x6f8 [0209.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.864] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59bd0 [0209.865] GetCurrentThreadId () returned 0x6f8 [0209.865] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.865] FindNextFileW (in: hFindFile=0x7e59bd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.865] GetCurrentThreadId () returned 0x6f8 [0209.865] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.865] FindNextFileW (in: hFindFile=0x7e59bd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.865] GetCurrentThreadId () returned 0x6f8 [0209.865] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.865] FindNextFileW (in: hFindFile=0x7e59bd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.865] GetCurrentThreadId () returned 0x6f8 [0209.865] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.865] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0209.865] GetCurrentThreadId () returned 0x6f8 [0209.865] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.865] GetCurrentThreadId () returned 0x6f8 [0209.865] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cce050, dwHighDateTime=0x1d6076d)) [0209.865] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59c10 [0209.866] GetCurrentThreadId () returned 0x6f8 [0209.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.866] FindNextFileW (in: hFindFile=0x7e59c10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.866] GetCurrentThreadId () returned 0x6f8 [0209.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.867] FindNextFileW (in: hFindFile=0x7e59c10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xef, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.867] GetCurrentThreadId () returned 0x6f8 [0209.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.867] FindNextFileW (in: hFindFile=0x7e59c10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xef, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.867] GetCurrentThreadId () returned 0x6f8 [0209.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.867] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0209.867] GetCurrentThreadId () returned 0x6f8 [0209.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.867] GetCurrentThreadId () returned 0x6f8 [0209.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59c50 [0209.868] GetCurrentThreadId () returned 0x6f8 [0209.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.868] FindNextFileW (in: hFindFile=0x7e59c50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.868] GetCurrentThreadId () returned 0x6f8 [0209.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.868] FindNextFileW (in: hFindFile=0x7e59c50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.868] GetCurrentThreadId () returned 0x6f8 [0209.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.868] FindNextFileW (in: hFindFile=0x7e59c50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.868] GetCurrentThreadId () returned 0x6f8 [0209.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.868] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0209.869] GetCurrentThreadId () returned 0x6f8 [0209.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.869] GetCurrentThreadId () returned 0x6f8 [0209.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.869] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59c90 [0209.869] GetCurrentThreadId () returned 0x6f8 [0209.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.869] FindNextFileW (in: hFindFile=0x7e59c90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.869] GetCurrentThreadId () returned 0x6f8 [0209.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.869] FindNextFileW (in: hFindFile=0x7e59c90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.869] GetCurrentThreadId () returned 0x6f8 [0209.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.869] FindNextFileW (in: hFindFile=0x7e59c90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.869] GetCurrentThreadId () returned 0x6f8 [0209.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.869] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0209.869] GetCurrentThreadId () returned 0x6f8 [0209.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.870] GetCurrentThreadId () returned 0x6f8 [0209.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.870] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59cd0 [0209.870] GetCurrentThreadId () returned 0x6f8 [0209.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.870] FindNextFileW (in: hFindFile=0x7e59cd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.870] GetCurrentThreadId () returned 0x6f8 [0209.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.870] FindNextFileW (in: hFindFile=0x7e59cd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.870] GetCurrentThreadId () returned 0x6f8 [0209.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.870] FindNextFileW (in: hFindFile=0x7e59cd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.870] GetCurrentThreadId () returned 0x6f8 [0209.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.870] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0209.871] GetCurrentThreadId () returned 0x6f8 [0209.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.871] GetCurrentThreadId () returned 0x6f8 [0209.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.871] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59d10 [0209.872] GetCurrentThreadId () returned 0x6f8 [0209.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.872] FindNextFileW (in: hFindFile=0x7e59d10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.872] GetCurrentThreadId () returned 0x6f8 [0209.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.872] FindNextFileW (in: hFindFile=0x7e59d10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.872] GetCurrentThreadId () returned 0x6f8 [0209.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.872] FindNextFileW (in: hFindFile=0x7e59d10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.872] GetCurrentThreadId () returned 0x6f8 [0209.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.872] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0209.872] GetCurrentThreadId () returned 0x6f8 [0209.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.872] GetCurrentThreadId () returned 0x6f8 [0209.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.872] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59d50 [0209.873] GetCurrentThreadId () returned 0x6f8 [0209.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.873] FindNextFileW (in: hFindFile=0x7e59d50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.876] GetCurrentThreadId () returned 0x6f8 [0209.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.876] FindNextFileW (in: hFindFile=0x7e59d50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.876] GetCurrentThreadId () returned 0x6f8 [0209.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.876] FindNextFileW (in: hFindFile=0x7e59d50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.876] GetCurrentThreadId () returned 0x6f8 [0209.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.877] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0209.877] GetCurrentThreadId () returned 0x6f8 [0209.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.877] GetCurrentThreadId () returned 0x6f8 [0209.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.877] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59d90 [0209.877] GetCurrentThreadId () returned 0x6f8 [0209.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.877] FindNextFileW (in: hFindFile=0x7e59d90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.877] GetCurrentThreadId () returned 0x6f8 [0209.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.877] FindNextFileW (in: hFindFile=0x7e59d90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.877] GetCurrentThreadId () returned 0x6f8 [0209.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.877] FindNextFileW (in: hFindFile=0x7e59d90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.877] GetCurrentThreadId () returned 0x6f8 [0209.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.878] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0209.878] GetCurrentThreadId () returned 0x6f8 [0209.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.878] GetCurrentThreadId () returned 0x6f8 [0209.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59dd0 [0209.878] GetCurrentThreadId () returned 0x6f8 [0209.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.878] FindNextFileW (in: hFindFile=0x7e59dd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.878] GetCurrentThreadId () returned 0x6f8 [0209.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.878] FindNextFileW (in: hFindFile=0x7e59dd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.878] GetCurrentThreadId () returned 0x6f8 [0209.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.878] FindNextFileW (in: hFindFile=0x7e59dd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.879] GetCurrentThreadId () returned 0x6f8 [0209.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.879] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0209.879] GetCurrentThreadId () returned 0x6f8 [0209.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.879] GetCurrentThreadId () returned 0x6f8 [0209.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.879] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59e10 [0209.879] GetCurrentThreadId () returned 0x6f8 [0209.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.879] FindNextFileW (in: hFindFile=0x7e59e10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.879] GetCurrentThreadId () returned 0x6f8 [0209.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.879] FindNextFileW (in: hFindFile=0x7e59e10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.879] GetCurrentThreadId () returned 0x6f8 [0209.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.879] FindNextFileW (in: hFindFile=0x7e59e10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.879] GetCurrentThreadId () returned 0x6f8 [0209.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.880] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0209.880] GetCurrentThreadId () returned 0x6f8 [0209.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.880] GetCurrentThreadId () returned 0x6f8 [0209.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.880] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59e50 [0209.880] GetCurrentThreadId () returned 0x6f8 [0209.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.880] FindNextFileW (in: hFindFile=0x7e59e50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.880] GetCurrentThreadId () returned 0x6f8 [0209.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.880] FindNextFileW (in: hFindFile=0x7e59e50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.880] GetCurrentThreadId () returned 0x6f8 [0209.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.880] FindNextFileW (in: hFindFile=0x7e59e50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.880] GetCurrentThreadId () returned 0x6f8 [0209.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.881] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0209.881] GetCurrentThreadId () returned 0x6f8 [0209.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.881] GetCurrentThreadId () returned 0x6f8 [0209.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.881] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59e90 [0209.881] GetCurrentThreadId () returned 0x6f8 [0209.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.881] FindNextFileW (in: hFindFile=0x7e59e90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.881] GetCurrentThreadId () returned 0x6f8 [0209.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1cf41b0, dwHighDateTime=0x1d6076d)) [0209.882] FindNextFileW (in: hFindFile=0x7e59e90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.882] GetCurrentThreadId () returned 0x6f8 [0209.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.882] FindNextFileW (in: hFindFile=0x7e59e90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.882] GetCurrentThreadId () returned 0x6f8 [0209.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.882] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0209.882] GetCurrentThreadId () returned 0x6f8 [0209.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.882] GetCurrentThreadId () returned 0x6f8 [0209.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.882] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59ed0 [0209.883] GetCurrentThreadId () returned 0x6f8 [0209.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.883] FindNextFileW (in: hFindFile=0x7e59ed0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.883] GetCurrentThreadId () returned 0x6f8 [0209.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.883] FindNextFileW (in: hFindFile=0x7e59ed0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.884] GetCurrentThreadId () returned 0x6f8 [0209.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.884] FindNextFileW (in: hFindFile=0x7e59ed0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.884] GetCurrentThreadId () returned 0x6f8 [0209.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.884] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0209.884] GetCurrentThreadId () returned 0x6f8 [0209.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.884] GetCurrentThreadId () returned 0x6f8 [0209.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.884] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59f10 [0209.884] GetCurrentThreadId () returned 0x6f8 [0209.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.884] FindNextFileW (in: hFindFile=0x7e59f10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.884] GetCurrentThreadId () returned 0x6f8 [0209.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.884] FindNextFileW (in: hFindFile=0x7e59f10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.885] GetCurrentThreadId () returned 0x6f8 [0209.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.885] FindNextFileW (in: hFindFile=0x7e59f10, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.885] GetCurrentThreadId () returned 0x6f8 [0209.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.885] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0209.885] GetCurrentThreadId () returned 0x6f8 [0209.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.885] GetCurrentThreadId () returned 0x6f8 [0209.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59f50 [0209.885] GetCurrentThreadId () returned 0x6f8 [0209.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.885] FindNextFileW (in: hFindFile=0x7e59f50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.885] GetCurrentThreadId () returned 0x6f8 [0209.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.885] FindNextFileW (in: hFindFile=0x7e59f50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.886] GetCurrentThreadId () returned 0x6f8 [0209.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.886] FindNextFileW (in: hFindFile=0x7e59f50, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.886] GetCurrentThreadId () returned 0x6f8 [0209.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.886] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0209.886] GetCurrentThreadId () returned 0x6f8 [0209.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.886] GetCurrentThreadId () returned 0x6f8 [0209.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.886] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59f90 [0209.886] GetCurrentThreadId () returned 0x6f8 [0209.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.886] FindNextFileW (in: hFindFile=0x7e59f90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.886] GetCurrentThreadId () returned 0x6f8 [0209.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.886] FindNextFileW (in: hFindFile=0x7e59f90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.886] GetCurrentThreadId () returned 0x6f8 [0209.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.887] FindNextFileW (in: hFindFile=0x7e59f90, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.887] GetCurrentThreadId () returned 0x6f8 [0209.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.887] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0209.887] GetCurrentThreadId () returned 0x6f8 [0209.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.887] GetCurrentThreadId () returned 0x6f8 [0209.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.887] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e59fd0 [0209.887] GetCurrentThreadId () returned 0x6f8 [0209.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.887] FindNextFileW (in: hFindFile=0x7e59fd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.887] GetCurrentThreadId () returned 0x6f8 [0209.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.887] FindNextFileW (in: hFindFile=0x7e59fd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.887] GetCurrentThreadId () returned 0x6f8 [0209.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.888] FindNextFileW (in: hFindFile=0x7e59fd0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.888] GetCurrentThreadId () returned 0x6f8 [0209.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.888] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0209.888] GetCurrentThreadId () returned 0x6f8 [0209.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.888] GetCurrentThreadId () returned 0x6f8 [0209.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.888] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a010 [0209.888] GetCurrentThreadId () returned 0x6f8 [0209.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.888] FindNextFileW (in: hFindFile=0x7e5a010, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.888] GetCurrentThreadId () returned 0x6f8 [0209.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.888] FindNextFileW (in: hFindFile=0x7e5a010, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.889] GetCurrentThreadId () returned 0x6f8 [0209.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.889] FindNextFileW (in: hFindFile=0x7e5a010, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.889] GetCurrentThreadId () returned 0x6f8 [0209.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.889] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0209.889] GetCurrentThreadId () returned 0x6f8 [0209.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.889] GetCurrentThreadId () returned 0x6f8 [0209.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.889] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a050 [0209.889] GetCurrentThreadId () returned 0x6f8 [0209.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.889] FindNextFileW (in: hFindFile=0x7e5a050, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.889] GetCurrentThreadId () returned 0x6f8 [0209.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.889] FindNextFileW (in: hFindFile=0x7e5a050, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.889] GetCurrentThreadId () returned 0x6f8 [0209.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.890] FindNextFileW (in: hFindFile=0x7e5a050, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.890] GetCurrentThreadId () returned 0x6f8 [0209.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.890] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0209.890] GetCurrentThreadId () returned 0x6f8 [0209.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.890] GetCurrentThreadId () returned 0x6f8 [0209.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.890] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a090 [0209.890] GetCurrentThreadId () returned 0x6f8 [0209.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.890] FindNextFileW (in: hFindFile=0x7e5a090, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.890] GetCurrentThreadId () returned 0x6f8 [0209.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.890] FindNextFileW (in: hFindFile=0x7e5a090, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.890] GetCurrentThreadId () returned 0x6f8 [0209.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.891] FindNextFileW (in: hFindFile=0x7e5a090, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.891] GetCurrentThreadId () returned 0x6f8 [0209.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.891] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0209.891] GetCurrentThreadId () returned 0x6f8 [0209.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.891] GetCurrentThreadId () returned 0x6f8 [0209.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.891] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a0d0 [0209.892] GetCurrentThreadId () returned 0x6f8 [0209.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.892] FindNextFileW (in: hFindFile=0x7e5a0d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.892] GetCurrentThreadId () returned 0x6f8 [0209.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.892] FindNextFileW (in: hFindFile=0x7e5a0d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.892] GetCurrentThreadId () returned 0x6f8 [0209.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.892] FindNextFileW (in: hFindFile=0x7e5a0d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.892] GetCurrentThreadId () returned 0x6f8 [0209.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.893] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0209.893] GetCurrentThreadId () returned 0x6f8 [0209.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.893] GetCurrentThreadId () returned 0x6f8 [0209.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.893] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a110 [0209.894] GetCurrentThreadId () returned 0x6f8 [0209.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.894] FindNextFileW (in: hFindFile=0x7e5a110, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.894] GetCurrentThreadId () returned 0x6f8 [0209.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.894] FindNextFileW (in: hFindFile=0x7e5a110, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.894] GetCurrentThreadId () returned 0x6f8 [0209.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.894] FindNextFileW (in: hFindFile=0x7e5a110, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.895] GetCurrentThreadId () returned 0x6f8 [0209.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.895] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0209.895] GetCurrentThreadId () returned 0x6f8 [0209.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.895] GetCurrentThreadId () returned 0x6f8 [0209.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a150 [0209.895] GetCurrentThreadId () returned 0x6f8 [0209.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.895] FindNextFileW (in: hFindFile=0x7e5a150, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.895] GetCurrentThreadId () returned 0x6f8 [0209.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.895] FindNextFileW (in: hFindFile=0x7e5a150, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.895] GetCurrentThreadId () returned 0x6f8 [0209.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.896] FindNextFileW (in: hFindFile=0x7e5a150, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.896] GetCurrentThreadId () returned 0x6f8 [0209.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.896] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0209.896] GetCurrentThreadId () returned 0x6f8 [0209.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.896] GetCurrentThreadId () returned 0x6f8 [0209.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.896] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a190 [0209.896] GetCurrentThreadId () returned 0x6f8 [0209.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.896] FindNextFileW (in: hFindFile=0x7e5a190, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.896] GetCurrentThreadId () returned 0x6f8 [0209.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.896] FindNextFileW (in: hFindFile=0x7e5a190, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.896] GetCurrentThreadId () returned 0x6f8 [0209.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.897] FindNextFileW (in: hFindFile=0x7e5a190, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.897] GetCurrentThreadId () returned 0x6f8 [0209.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.897] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="se", cAlternateFileName="")) returned 1 [0209.897] GetCurrentThreadId () returned 0x6f8 [0209.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.897] GetCurrentThreadId () returned 0x6f8 [0209.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d1a310, dwHighDateTime=0x1d6076d)) [0209.897] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a1d0 [0209.899] GetCurrentThreadId () returned 0x6f8 [0209.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.900] FindNextFileW (in: hFindFile=0x7e5a1d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.900] GetCurrentThreadId () returned 0x6f8 [0209.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.900] FindNextFileW (in: hFindFile=0x7e5a1d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.900] GetCurrentThreadId () returned 0x6f8 [0209.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.900] FindNextFileW (in: hFindFile=0x7e5a1d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.900] GetCurrentThreadId () returned 0x6f8 [0209.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.900] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0209.900] GetCurrentThreadId () returned 0x6f8 [0209.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.900] GetCurrentThreadId () returned 0x6f8 [0209.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.900] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a210 [0209.901] GetCurrentThreadId () returned 0x6f8 [0209.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.901] FindNextFileW (in: hFindFile=0x7e5a210, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.901] GetCurrentThreadId () returned 0x6f8 [0209.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.901] FindNextFileW (in: hFindFile=0x7e5a210, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.901] GetCurrentThreadId () returned 0x6f8 [0209.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.901] FindNextFileW (in: hFindFile=0x7e5a210, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.901] GetCurrentThreadId () returned 0x6f8 [0209.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.901] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0209.901] GetCurrentThreadId () returned 0x6f8 [0209.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.901] GetCurrentThreadId () returned 0x6f8 [0209.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.901] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a250 [0209.902] GetCurrentThreadId () returned 0x6f8 [0209.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.902] FindNextFileW (in: hFindFile=0x7e5a250, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.902] GetCurrentThreadId () returned 0x6f8 [0209.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.902] FindNextFileW (in: hFindFile=0x7e5a250, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.902] GetCurrentThreadId () returned 0x6f8 [0209.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.902] FindNextFileW (in: hFindFile=0x7e5a250, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.902] GetCurrentThreadId () returned 0x6f8 [0209.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.902] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0209.902] GetCurrentThreadId () returned 0x6f8 [0209.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.902] GetCurrentThreadId () returned 0x6f8 [0209.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.902] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a290 [0209.903] GetCurrentThreadId () returned 0x6f8 [0209.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.903] FindNextFileW (in: hFindFile=0x7e5a290, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.903] GetCurrentThreadId () returned 0x6f8 [0209.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.903] FindNextFileW (in: hFindFile=0x7e5a290, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x127, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.903] GetCurrentThreadId () returned 0x6f8 [0209.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.903] FindNextFileW (in: hFindFile=0x7e5a290, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x127, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.903] GetCurrentThreadId () returned 0x6f8 [0209.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.903] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0209.903] GetCurrentThreadId () returned 0x6f8 [0209.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.903] GetCurrentThreadId () returned 0x6f8 [0209.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.904] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a2d0 [0209.904] GetCurrentThreadId () returned 0x6f8 [0209.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.904] FindNextFileW (in: hFindFile=0x7e5a2d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.904] GetCurrentThreadId () returned 0x6f8 [0209.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.904] FindNextFileW (in: hFindFile=0x7e5a2d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.904] GetCurrentThreadId () returned 0x6f8 [0209.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.904] FindNextFileW (in: hFindFile=0x7e5a2d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.904] GetCurrentThreadId () returned 0x6f8 [0209.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.904] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0209.904] GetCurrentThreadId () returned 0x6f8 [0209.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.905] GetCurrentThreadId () returned 0x6f8 [0209.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.905] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a310 [0209.905] GetCurrentThreadId () returned 0x6f8 [0209.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.905] FindNextFileW (in: hFindFile=0x7e5a310, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.905] GetCurrentThreadId () returned 0x6f8 [0209.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.905] FindNextFileW (in: hFindFile=0x7e5a310, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.905] GetCurrentThreadId () returned 0x6f8 [0209.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.905] FindNextFileW (in: hFindFile=0x7e5a310, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.905] GetCurrentThreadId () returned 0x6f8 [0209.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.905] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0209.905] GetCurrentThreadId () returned 0x6f8 [0209.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.906] GetCurrentThreadId () returned 0x6f8 [0209.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a350 [0209.906] GetCurrentThreadId () returned 0x6f8 [0209.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.906] FindNextFileW (in: hFindFile=0x7e5a350, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.906] GetCurrentThreadId () returned 0x6f8 [0209.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.906] FindNextFileW (in: hFindFile=0x7e5a350, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.906] GetCurrentThreadId () returned 0x6f8 [0209.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.906] FindNextFileW (in: hFindFile=0x7e5a350, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.906] GetCurrentThreadId () returned 0x6f8 [0209.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.906] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0209.906] GetCurrentThreadId () returned 0x6f8 [0209.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.906] GetCurrentThreadId () returned 0x6f8 [0209.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a390 [0209.907] GetCurrentThreadId () returned 0x6f8 [0209.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.907] FindNextFileW (in: hFindFile=0x7e5a390, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.907] GetCurrentThreadId () returned 0x6f8 [0209.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.907] FindNextFileW (in: hFindFile=0x7e5a390, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.907] GetCurrentThreadId () returned 0x6f8 [0209.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.907] FindNextFileW (in: hFindFile=0x7e5a390, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.907] GetCurrentThreadId () returned 0x6f8 [0209.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.908] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0209.908] GetCurrentThreadId () returned 0x6f8 [0209.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.908] GetCurrentThreadId () returned 0x6f8 [0209.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.908] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a3d0 [0209.908] GetCurrentThreadId () returned 0x6f8 [0209.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.908] FindNextFileW (in: hFindFile=0x7e5a3d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.908] GetCurrentThreadId () returned 0x6f8 [0209.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.908] FindNextFileW (in: hFindFile=0x7e5a3d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.908] GetCurrentThreadId () returned 0x6f8 [0209.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.908] FindNextFileW (in: hFindFile=0x7e5a3d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.909] GetCurrentThreadId () returned 0x6f8 [0209.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.909] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0209.909] GetCurrentThreadId () returned 0x6f8 [0209.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.909] GetCurrentThreadId () returned 0x6f8 [0209.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.909] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a410 [0209.909] GetCurrentThreadId () returned 0x6f8 [0209.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.909] FindNextFileW (in: hFindFile=0x7e5a410, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.909] GetCurrentThreadId () returned 0x6f8 [0209.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.909] FindNextFileW (in: hFindFile=0x7e5a410, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.909] GetCurrentThreadId () returned 0x6f8 [0209.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.909] FindNextFileW (in: hFindFile=0x7e5a410, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.910] GetCurrentThreadId () returned 0x6f8 [0209.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.910] FindNextFileW (in: hFindFile=0x7e59a90, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0209.910] GetCurrentThreadId () returned 0x6f8 [0209.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.910] FindNextFileW (in: hFindFile=0x7e59a50, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0209.910] GetCurrentThreadId () returned 0x6f8 [0209.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.910] GetCurrentThreadId () returned 0x6f8 [0209.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.910] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a450 [0209.912] GetCurrentThreadId () returned 0x6f8 [0209.912] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.912] FindNextFileW (in: hFindFile=0x7e5a450, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.912] GetCurrentThreadId () returned 0x6f8 [0209.912] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.912] FindNextFileW (in: hFindFile=0x7e5a450, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ae0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86adfb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xdd12c400, ftLastWriteTime.dwHighDateTime=0x1d0683e, nFileSizeHigh=0x0, nFileSizeLow=0x2686, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0209.912] GetCurrentThreadId () returned 0x6f8 [0209.912] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.912] FindNextFileW (in: hFindFile=0x7e5a450, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ae0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86adfb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xdd12c400, ftLastWriteTime.dwHighDateTime=0x1d0683e, nFileSizeHigh=0x0, nFileSizeLow=0x2686, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0209.912] GetCurrentThreadId () returned 0x6f8 [0209.912] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.912] FindNextFileW (in: hFindFile=0x7e59a50, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0209.912] GetCurrentThreadId () returned 0x6f8 [0209.912] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.912] FindNextFileW (in: hFindFile=0x7e59a10, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8.1_0", cAlternateFileName="")) returned 0 [0209.913] GetCurrentThreadId () returned 0x6f8 [0209.913] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x1d665d0, dwHighDateTime=0x1d6076d)) [0209.913] FindNextFileW (in: hFindFile=0x6a9308, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 1 [0209.913] GetCurrentThreadId () returned 0x6f8 [0209.913] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x1d665d0, dwHighDateTime=0x1d6076d)) [0209.913] GetCurrentThreadId () returned 0x6f8 [0209.913] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x1d665d0, dwHighDateTime=0x1d6076d)) [0209.913] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a490 [0209.914] GetCurrentThreadId () returned 0x6f8 [0209.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x1d665d0, dwHighDateTime=0x1d6076d)) [0209.914] FindNextFileW (in: hFindFile=0x7e5a490, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.914] GetCurrentThreadId () returned 0x6f8 [0209.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x1d665d0, dwHighDateTime=0x1d6076d)) [0209.914] FindNextFileW (in: hFindFile=0x7e5a490, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5817.313.0.5_0", cAlternateFileName="581731~1.5_0")) returned 1 [0209.914] GetCurrentThreadId () returned 0x6f8 [0209.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1d665d0, dwHighDateTime=0x1d6076d)) [0209.914] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a4d0 [0209.917] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.918] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83637bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8363f0f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x8c0bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="angular.js", cAlternateFileName="")) returned 1 [0209.918] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83641800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83643f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xa89c, dwReserved0=0x0, dwReserved1=0x0, cFileName="background_script.js", cAlternateFileName="BACKGR~1.JS")) returned 1 [0209.918] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83646620, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83648d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x181aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_game_sender.js", cAlternateFileName="CAST_G~1.JS")) returned 1 [0209.918] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8364db50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8364db50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x111e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_route_details.html", cAlternateFileName="CAST_R~1.HTM")) returned 1 [0209.918] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83652970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83657790, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3a258, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_route_details.js", cAlternateFileName="CAST_R~1.JS")) returned 1 [0209.918] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8365ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836613d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xce17, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_sender.js", cAlternateFileName="CAST_S~1.JS")) returned 1 [0209.918] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_setup", cAlternateFileName="CAST_S~1")) returned 1 [0209.918] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a510 [0209.921] FindNextFileW (in: hFindFile=0x7e5a510, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.921] FindNextFileW (in: hFindFile=0x7e5a510, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836661f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836661f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x1a1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_app.css", cAlternateFileName="")) returned 1 [0209.921] FindNextFileW (in: hFindFile=0x7e5a510, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8366b010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8366d720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x221da, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_app.js", cAlternateFileName="")) returned 1 [0209.921] FindNextFileW (in: hFindFile=0x7e5a510, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8366fe30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8366fe30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_app_redirect.js", cAlternateFileName="CAST_A~1.JS")) returned 1 [0209.921] FindNextFileW (in: hFindFile=0x7e5a510, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83674c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83674c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x1bef, dwReserved0=0x0, dwReserved1=0x0, cFileName="chromecast_logo_grey.png", cAlternateFileName="CHROME~1.PNG")) returned 1 [0209.923] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png", dwFileAttributes=0x80) returned 1 [0209.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc24 [0209.923] GetFileSize (in: hFile=0xc24, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1bef [0209.931] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png", dwFileAttributes=0x2020) returned 1 [0209.931] GetCurrentThreadId () returned 0x6f8 [0209.931] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png", piIcon=0x4e4dc24 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png", piIcon=0x4e4dc24) returned 0x17008b [0209.946] GetIconInfo (in: hIcon=0x17008b, piconinfo=0x4e4dc10 | out: piconinfo=0x4e4dc10) returned 1 [0209.947] CreateFileW (lpFileName="uKAk.ico" (normalized: "c:\\windows\\system32\\ukak.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc28 [0209.947] GetObjectA (in: h=0x8e0501fe, c=24, pv=0x4e4dbd4 | out: pv=0x4e4dbd4) returned 24 [0209.947] GetObjectA (in: h=0x9c05076f, c=24, pv=0x4e4dbec | out: pv=0x4e4dbec) returned 24 [0209.947] CreateCompatibleDC (hdc=0x0) returned 0x6e01016f [0209.947] GetDIBits (in: hdc=0x6e01016f, hbm=0x8e0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d784, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d784) returned 1 [0209.948] GetDIBits (in: hdc=0x6e01016f, hbm=0x8e0501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4d784, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4d784) returned 32 [0209.948] GetDIBits (in: hdc=0x6e01016f, hbm=0x8e0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4d35c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4d35c) returned 1 [0209.948] GetDIBits (in: hdc=0x6e01016f, hbm=0x9c05076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4d35c, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4d35c) returned 32 [0209.948] WriteFile (in: hFile=0xc28, lpBuffer=0x4e4d33c*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x4e4d33c*, lpNumberOfBytesWritten=0x4e4d324*=0x6, lpOverlapped=0x0) returned 1 [0209.949] WriteFile (in: hFile=0xc28, lpBuffer=0x4e4d32c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x4e4d32c*, lpNumberOfBytesWritten=0x4e4d324*=0x10, lpOverlapped=0x0) returned 1 [0209.949] WriteFile (in: hFile=0xc28, lpBuffer=0x4e4dbac*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x4e4dbac*, lpNumberOfBytesWritten=0x4e4d324*=0x28, lpOverlapped=0x0) returned 1 [0209.949] WriteFile (in: hFile=0xc28, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4d324*=0x1000, lpOverlapped=0x0) returned 1 [0209.950] WriteFile (in: hFile=0xc28, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4d324, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4d324*=0x80, lpOverlapped=0x0) returned 1 [0209.950] DeleteDC (hdc=0x6e01016f) returned 1 [0209.950] CloseHandle (hObject=0xc28) returned 1 [0209.950] DeleteObject (ho=0x8e0501fe) returned 1 [0209.950] DeleteObject (ho=0x9c05076f) returned 1 [0209.950] DestroyCursor (hCursor=0x17008b) returned 1 [0209.950] GetCurrentThreadId () returned 0x6f8 [0209.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc28 [0209.950] GetFileSize (in: hFile=0xc28, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1bef [0209.956] ReadFile (in: hFile=0xc28, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1bef, lpNumberOfBytesRead=0x4e4df10, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4df10*=0x1bef, lpOverlapped=0x0) returned 1 [0209.956] CloseHandle (hObject=0xc28) returned 1 [0209.956] GetCurrentThreadId () returned 0x6f8 [0209.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db70 | out: lpSystemTimeAsFileTime=0x4e4db70*(dwLowDateTime=0x1db2890, dwHighDateTime=0x1d6076d)) [0209.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db70 | out: lpSystemTimeAsFileTime=0x4e4db70*(dwLowDateTime=0x1db2890, dwHighDateTime=0x1d6076d)) [0209.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db8c | out: lpSystemTimeAsFileTime=0x4e4db8c*(dwLowDateTime=0x1db2890, dwHighDateTime=0x1d6076d)) [0210.046] GetCurrentThreadId () returned 0x6f8 [0210.046] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db40 | out: lpSystemTimeAsFileTime=0x4e4db40*(dwLowDateTime=0x1e970d0, dwHighDateTime=0x1d6076d)) [0210.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4db40 | out: lpSystemTimeAsFileTime=0x4e4db40*(dwLowDateTime=0x1e970d0, dwHighDateTime=0x1d6076d)) [0210.047] GetCurrentThreadId () returned 0x6f8 [0210.047] CreateFileW (lpFileName="iQMu.exe" (normalized: "c:\\windows\\system32\\iqmu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.047] CreateFileW (lpFileName="iQMu.exe" (normalized: "c:\\windows\\system32\\iqmu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.048] GetCurrentThreadId () returned 0x6f8 [0210.048] GetCurrentThreadId () returned 0x6f8 [0210.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc00 | out: lpSystemTimeAsFileTime=0x4e4dc00*(dwLowDateTime=0x1e970d0, dwHighDateTime=0x1d6076d)) [0210.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc00 | out: lpSystemTimeAsFileTime=0x4e4dc00*(dwLowDateTime=0x1e970d0, dwHighDateTime=0x1d6076d)) [0210.048] CreateFileW (lpFileName="iQMu.exe" (normalized: "c:\\windows\\system32\\iqmu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.048] GetCurrentThreadId () returned 0x6f8 [0210.048] BeginUpdateResourceW (pFileName="iQMu.exe" (normalized: "c:\\windows\\system32\\iqmu.exe"), bDeleteExistingResources=0) returned 0x0 [0210.048] CreateFileW (lpFileName="uKAk.ico" (normalized: "c:\\windows\\system32\\ukak.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xc28 [0210.048] GetFileSize (in: hFile=0xc28, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0210.049] ReadFile (in: hFile=0xc28, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4dc24, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4dc24*=0x10be, lpOverlapped=0x0) returned 1 [0210.049] CloseHandle (hObject=0xc28) returned 1 [0210.049] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0210.049] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4dc10, cb=0x14) returned 0 [0210.049] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0210.049] CopyFileW (lpExistingFileName="iQMu.exe" (normalized: "c:\\windows\\system32\\iqmu.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.exe"), bFailIfExists=0) returned 0 [0210.049] SetNamedSecurityInfoW () returned 0x2 [0210.050] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png")) returned 1 [0210.051] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x154, lpNumberOfBytesWritten=0x4e4dc68, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4dc68*=0x154, lpOverlapped=0x0) returned 1 [0210.051] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4dc68, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4dc68*=0x4, lpOverlapped=0x0) returned 1 [0210.051] DeleteFileW (lpFileName="uKAk.ico" (normalized: "c:\\windows\\system32\\ukak.ico")) returned 1 [0210.053] DeleteFileW (lpFileName="iQMu.exe" (normalized: "c:\\windows\\system32\\iqmu.exe")) returned 0 [0210.053] GetCurrentThreadId () returned 0x6f8 [0210.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dc18 | out: lpSystemTimeAsFileTime=0x4e4dc18*(dwLowDateTime=0x1e970d0, dwHighDateTime=0x1d6076d)) [0210.053] GetCurrentThreadId () returned 0x6f8 [0210.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1e970d0, dwHighDateTime=0x1d6076d)) [0210.053] FindNextFileW (in: hFindFile=0x7e5a510, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83679a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83679a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="devices.html", cAlternateFileName="DEVICE~1.HTM")) returned 1 [0210.053] GetCurrentThreadId () returned 0x6f8 [0210.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.053] FindNextFileW (in: hFindFile=0x7e5a510, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8367c180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8367c180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x828, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.html", cAlternateFileName="INDEX~1.HTM")) returned 1 [0210.053] GetCurrentThreadId () returned 0x6f8 [0210.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.053] FindNextFileW (in: hFindFile=0x7e5a510, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83685dc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83685dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="offers.html", cAlternateFileName="OFFERS~1.HTM")) returned 1 [0210.054] GetCurrentThreadId () returned 0x6f8 [0210.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.054] FindNextFileW (in: hFindFile=0x7e5a510, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836884d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368abe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.html", cAlternateFileName="SETUP~1.HTM")) returned 1 [0210.054] GetCurrentThreadId () returned 0x6f8 [0210.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.054] FindNextFileW (in: hFindFile=0x7e5a510, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836884d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368abe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.html", cAlternateFileName="SETUP~1.HTM")) returned 0 [0210.054] GetCurrentThreadId () returned 0x6f8 [0210.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.054] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cloud_route_details", cAlternateFileName="CLOUD_~1")) returned 1 [0210.054] GetCurrentThreadId () returned 0x6f8 [0210.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.054] GetCurrentThreadId () returned 0x6f8 [0210.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.054] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a550 [0210.055] GetCurrentThreadId () returned 0x6f8 [0210.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.055] FindNextFileW (in: hFindFile=0x7e5a550, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.056] GetCurrentThreadId () returned 0x6f8 [0210.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.056] FindNextFileW (in: hFindFile=0x7e5a550, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8368fa00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368fa00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x174c, dwReserved0=0x0, dwReserved1=0x0, cFileName="view.html", cAlternateFileName="VIEW~1.HTM")) returned 1 [0210.056] GetCurrentThreadId () returned 0x6f8 [0210.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.056] FindNextFileW (in: hFindFile=0x7e5a550, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83694820, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x945, dwReserved0=0x0, dwReserved1=0x0, cFileName="view.js", cAlternateFileName="")) returned 1 [0210.056] GetCurrentThreadId () returned 0x6f8 [0210.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.056] FindNextFileW (in: hFindFile=0x7e5a550, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83694820, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x945, dwReserved0=0x0, dwReserved1=0x0, cFileName="view.js", cAlternateFileName="")) returned 0 [0210.056] GetCurrentThreadId () returned 0x6f8 [0210.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.056] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83696f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83699640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xc878, dwReserved0=0x0, dwReserved1=0x0, cFileName="common.js", cAlternateFileName="")) returned 1 [0210.056] GetCurrentThreadId () returned 0x6f8 [0210.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.056] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8369bd50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8369bd50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xc26, dwReserved0=0x0, dwReserved1=0x0, cFileName="feedback.css", cAlternateFileName="")) returned 1 [0210.056] GetCurrentThreadId () returned 0x6f8 [0210.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.056] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a0b70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a0b70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x38a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="feedback.html", cAlternateFileName="FEEDBA~1.HTM")) returned 1 [0210.056] GetCurrentThreadId () returned 0x6f8 [0210.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.056] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a5990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a5990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x2b20, dwReserved0=0x0, dwReserved1=0x0, cFileName="feedback_script.js", cAlternateFileName="FEEDBA~1.JS")) returned 1 [0210.056] GetCurrentThreadId () returned 0x6f8 [0210.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.057] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836af5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8395fd70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0210.057] GetCurrentThreadId () returned 0x6f8 [0210.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.057] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836b1ce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836b43f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x46039, dwReserved0=0x0, dwReserved1=0x0, cFileName="material_css_min.css", cAlternateFileName="MATERI~1.CSS")) returned 1 [0210.057] GetCurrentThreadId () returned 0x6f8 [0210.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.057] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836b6b00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836b9210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x7c33, dwReserved0=0x0, dwReserved1=0x0, cFileName="mirroring_cast_streaming.js", cAlternateFileName="MIRROR~1.JS")) returned 1 [0210.057] GetCurrentThreadId () returned 0x6f8 [0210.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.057] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836c2e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836c5560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x2adeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="mirroring_common.js", cAlternateFileName="MIRROR~2.JS")) returned 1 [0210.057] GetCurrentThreadId () returned 0x6f8 [0210.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.057] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836ca380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836cf1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x794cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="mirroring_hangouts.js", cAlternateFileName="MIRROR~3.JS")) returned 1 [0210.057] GetCurrentThreadId () returned 0x6f8 [0210.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.057] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836d3fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836d66d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x941, dwReserved0=0x0, dwReserved1=0x0, cFileName="mirroring_webrtc.js", cAlternateFileName="MIRROR~4.JS")) returned 1 [0210.057] GetCurrentThreadId () returned 0x6f8 [0210.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e19c | out: lpSystemTimeAsFileTime=0x4e4e19c*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.057] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0210.057] GetCurrentThreadId () returned 0x6f8 [0210.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.057] GetCurrentThreadId () returned 0x6f8 [0210.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.058] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a590 [0210.060] GetCurrentThreadId () returned 0x6f8 [0210.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.060] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.061] GetCurrentThreadId () returned 0x6f8 [0210.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.061] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="am", cAlternateFileName="")) returned 1 [0210.061] GetCurrentThreadId () returned 0x6f8 [0210.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.061] GetCurrentThreadId () returned 0x6f8 [0210.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.061] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a5d0 [0210.061] GetCurrentThreadId () returned 0x6f8 [0210.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.061] FindNextFileW (in: hFindFile=0x7e5a5d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.061] GetCurrentThreadId () returned 0x6f8 [0210.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.061] FindNextFileW (in: hFindFile=0x7e5a5d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833eb5b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397d230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4827, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.062] GetCurrentThreadId () returned 0x6f8 [0210.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.062] FindNextFileW (in: hFindFile=0x7e5a5d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833eb5b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397d230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4827, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.062] GetCurrentThreadId () returned 0x6f8 [0210.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.062] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0210.062] GetCurrentThreadId () returned 0x6f8 [0210.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.062] GetCurrentThreadId () returned 0x6f8 [0210.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.062] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a610 [0210.066] GetCurrentThreadId () returned 0x6f8 [0210.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.066] FindNextFileW (in: hFindFile=0x7e5a610, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.066] GetCurrentThreadId () returned 0x6f8 [0210.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.066] FindNextFileW (in: hFindFile=0x7e5a610, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833fee30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x45bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.066] GetCurrentThreadId () returned 0x6f8 [0210.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.066] FindNextFileW (in: hFindFile=0x7e5a610, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833fee30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x45bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.066] GetCurrentThreadId () returned 0x6f8 [0210.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.066] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0210.066] GetCurrentThreadId () returned 0x6f8 [0210.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.066] GetCurrentThreadId () returned 0x6f8 [0210.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.066] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a650 [0210.067] GetCurrentThreadId () returned 0x6f8 [0210.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.067] FindNextFileW (in: hFindFile=0x7e5a650, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.067] GetCurrentThreadId () returned 0x6f8 [0210.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.067] FindNextFileW (in: hFindFile=0x7e5a650, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83406360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83408a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b63, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.067] GetCurrentThreadId () returned 0x6f8 [0210.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.067] FindNextFileW (in: hFindFile=0x7e5a650, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83406360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83408a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b63, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.067] GetCurrentThreadId () returned 0x6f8 [0210.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.067] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bn", cAlternateFileName="")) returned 1 [0210.067] GetCurrentThreadId () returned 0x6f8 [0210.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.067] GetCurrentThreadId () returned 0x6f8 [0210.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ebd230, dwHighDateTime=0x1d6076d)) [0210.067] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a690 [0210.068] GetCurrentThreadId () returned 0x6f8 [0210.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.069] FindNextFileW (in: hFindFile=0x7e5a690, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.069] GetCurrentThreadId () returned 0x6f8 [0210.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.069] FindNextFileW (in: hFindFile=0x7e5a690, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.069] GetCurrentThreadId () returned 0x6f8 [0210.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.069] FindNextFileW (in: hFindFile=0x7e5a690, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.069] GetCurrentThreadId () returned 0x6f8 [0210.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.069] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0210.069] GetCurrentThreadId () returned 0x6f8 [0210.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.069] GetCurrentThreadId () returned 0x6f8 [0210.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.069] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a6d0 [0210.070] GetCurrentThreadId () returned 0x6f8 [0210.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.070] FindNextFileW (in: hFindFile=0x7e5a6d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.070] GetCurrentThreadId () returned 0x6f8 [0210.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.070] FindNextFileW (in: hFindFile=0x7e5a6d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834126b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83414dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x405d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.070] GetCurrentThreadId () returned 0x6f8 [0210.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.070] FindNextFileW (in: hFindFile=0x7e5a6d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834126b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83414dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x405d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.070] GetCurrentThreadId () returned 0x6f8 [0210.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.070] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0210.070] GetCurrentThreadId () returned 0x6f8 [0210.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.070] GetCurrentThreadId () returned 0x6f8 [0210.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.070] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a710 [0210.071] GetCurrentThreadId () returned 0x6f8 [0210.071] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.071] FindNextFileW (in: hFindFile=0x7e5a710, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.072] GetCurrentThreadId () returned 0x6f8 [0210.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.072] FindNextFileW (in: hFindFile=0x7e5a710, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8341c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83421110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4029, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.072] GetCurrentThreadId () returned 0x6f8 [0210.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.072] FindNextFileW (in: hFindFile=0x7e5a710, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8341c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83421110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4029, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.072] GetCurrentThreadId () returned 0x6f8 [0210.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.072] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0210.072] GetCurrentThreadId () returned 0x6f8 [0210.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.072] GetCurrentThreadId () returned 0x6f8 [0210.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.072] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a750 [0210.072] GetCurrentThreadId () returned 0x6f8 [0210.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.072] FindNextFileW (in: hFindFile=0x7e5a750, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.073] GetCurrentThreadId () returned 0x6f8 [0210.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.073] FindNextFileW (in: hFindFile=0x7e5a750, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83428640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f79, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.073] GetCurrentThreadId () returned 0x6f8 [0210.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.073] FindNextFileW (in: hFindFile=0x7e5a750, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83428640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f79, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.073] GetCurrentThreadId () returned 0x6f8 [0210.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.073] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0210.073] GetCurrentThreadId () returned 0x6f8 [0210.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.073] GetCurrentThreadId () returned 0x6f8 [0210.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.073] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a790 [0210.074] GetCurrentThreadId () returned 0x6f8 [0210.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.074] FindNextFileW (in: hFindFile=0x7e5a790, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.074] GetCurrentThreadId () returned 0x6f8 [0210.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.074] FindNextFileW (in: hFindFile=0x7e5a790, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8342fb70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83432280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x406f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.074] GetCurrentThreadId () returned 0x6f8 [0210.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.074] FindNextFileW (in: hFindFile=0x7e5a790, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8342fb70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83432280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x406f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.075] GetCurrentThreadId () returned 0x6f8 [0210.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.075] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0210.075] GetCurrentThreadId () returned 0x6f8 [0210.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.075] GetCurrentThreadId () returned 0x6f8 [0210.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.075] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a7d0 [0210.075] GetCurrentThreadId () returned 0x6f8 [0210.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.075] FindNextFileW (in: hFindFile=0x7e5a7d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.075] GetCurrentThreadId () returned 0x6f8 [0210.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.075] FindNextFileW (in: hFindFile=0x7e5a7d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834370a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834397b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4afe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.076] GetCurrentThreadId () returned 0x6f8 [0210.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.076] FindNextFileW (in: hFindFile=0x7e5a7d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834370a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834397b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4afe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.076] GetCurrentThreadId () returned 0x6f8 [0210.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.076] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0210.076] GetCurrentThreadId () returned 0x6f8 [0210.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.076] GetCurrentThreadId () returned 0x6f8 [0210.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.076] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a810 [0210.077] GetCurrentThreadId () returned 0x6f8 [0210.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.077] FindNextFileW (in: hFindFile=0x7e5a810, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.077] GetCurrentThreadId () returned 0x6f8 [0210.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.077] FindNextFileW (in: hFindFile=0x7e5a810, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8343e5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.077] GetCurrentThreadId () returned 0x6f8 [0210.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.077] FindNextFileW (in: hFindFile=0x7e5a810, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8343e5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.077] GetCurrentThreadId () returned 0x6f8 [0210.078] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.078] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0210.078] GetCurrentThreadId () returned 0x6f8 [0210.078] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.078] GetCurrentThreadId () returned 0x6f8 [0210.078] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.078] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a850 [0210.078] GetCurrentThreadId () returned 0x6f8 [0210.078] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.078] FindNextFileW (in: hFindFile=0x7e5a850, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.078] GetCurrentThreadId () returned 0x6f8 [0210.078] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.078] FindNextFileW (in: hFindFile=0x7e5a850, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8344d030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.079] GetCurrentThreadId () returned 0x6f8 [0210.079] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.079] FindNextFileW (in: hFindFile=0x7e5a850, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8344d030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.079] GetCurrentThreadId () returned 0x6f8 [0210.079] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.079] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0210.079] GetCurrentThreadId () returned 0x6f8 [0210.079] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.079] GetCurrentThreadId () returned 0x6f8 [0210.079] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.079] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a890 [0210.080] GetCurrentThreadId () returned 0x6f8 [0210.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.080] FindNextFileW (in: hFindFile=0x7e5a890, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.080] GetCurrentThreadId () returned 0x6f8 [0210.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.080] FindNextFileW (in: hFindFile=0x7e5a890, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83454560, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e85, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.080] GetCurrentThreadId () returned 0x6f8 [0210.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.080] FindNextFileW (in: hFindFile=0x7e5a890, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83454560, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e85, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.080] GetCurrentThreadId () returned 0x6f8 [0210.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.080] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fa", cAlternateFileName="")) returned 1 [0210.081] GetCurrentThreadId () returned 0x6f8 [0210.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.081] GetCurrentThreadId () returned 0x6f8 [0210.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.081] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5a8d0 [0210.081] GetCurrentThreadId () returned 0x6f8 [0210.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.081] FindNextFileW (in: hFindFile=0x7e5a8d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.081] GetCurrentThreadId () returned 0x6f8 [0210.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.081] FindNextFileW (in: hFindFile=0x7e5a8d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8345ba90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.081] GetCurrentThreadId () returned 0x6f8 [0210.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.081] FindNextFileW (in: hFindFile=0x7e5a8d0, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8345ba90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.081] GetCurrentThreadId () returned 0x6f8 [0210.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.081] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0210.082] GetCurrentThreadId () returned 0x6f8 [0210.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.082] GetCurrentThreadId () returned 0x6f8 [0210.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.082] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5b7d8 [0210.083] GetCurrentThreadId () returned 0x6f8 [0210.083] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.083] FindNextFileW (in: hFindFile=0x7e5b7d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.083] GetCurrentThreadId () returned 0x6f8 [0210.083] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.083] FindNextFileW (in: hFindFile=0x7e5b7d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83462fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.083] GetCurrentThreadId () returned 0x6f8 [0210.083] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.083] FindNextFileW (in: hFindFile=0x7e5b7d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83462fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.083] GetCurrentThreadId () returned 0x6f8 [0210.083] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.083] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0210.083] GetCurrentThreadId () returned 0x6f8 [0210.083] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.083] GetCurrentThreadId () returned 0x6f8 [0210.083] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.083] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5b818 [0210.084] GetCurrentThreadId () returned 0x6f8 [0210.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.084] FindNextFileW (in: hFindFile=0x7e5b818, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.084] GetCurrentThreadId () returned 0x6f8 [0210.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.084] FindNextFileW (in: hFindFile=0x7e5b818, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8346cc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83471a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4082, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.084] GetCurrentThreadId () returned 0x6f8 [0210.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1ee3390, dwHighDateTime=0x1d6076d)) [0210.084] FindNextFileW (in: hFindFile=0x7e5b818, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8346cc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83471a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4082, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.084] GetCurrentThreadId () returned 0x6f8 [0210.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.084] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0210.084] GetCurrentThreadId () returned 0x6f8 [0210.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.084] GetCurrentThreadId () returned 0x6f8 [0210.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.084] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5b858 [0210.086] GetCurrentThreadId () returned 0x6f8 [0210.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.086] FindNextFileW (in: hFindFile=0x7e5b858, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.086] GetCurrentThreadId () returned 0x6f8 [0210.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.086] FindNextFileW (in: hFindFile=0x7e5b858, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83478f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x419f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.086] GetCurrentThreadId () returned 0x6f8 [0210.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.086] FindNextFileW (in: hFindFile=0x7e5b858, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83478f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x419f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.086] GetCurrentThreadId () returned 0x6f8 [0210.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.086] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gu", cAlternateFileName="")) returned 1 [0210.086] GetCurrentThreadId () returned 0x6f8 [0210.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.086] GetCurrentThreadId () returned 0x6f8 [0210.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.086] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5b898 [0210.087] GetCurrentThreadId () returned 0x6f8 [0210.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.087] FindNextFileW (in: hFindFile=0x7e5b898, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.087] GetCurrentThreadId () returned 0x6f8 [0210.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.087] FindNextFileW (in: hFindFile=0x7e5b898, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83480480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5079, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.087] GetCurrentThreadId () returned 0x6f8 [0210.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.087] FindNextFileW (in: hFindFile=0x7e5b898, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83480480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5079, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.087] GetCurrentThreadId () returned 0x6f8 [0210.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.087] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0210.087] GetCurrentThreadId () returned 0x6f8 [0210.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.087] GetCurrentThreadId () returned 0x6f8 [0210.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.087] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5b8d8 [0210.088] GetCurrentThreadId () returned 0x6f8 [0210.088] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.088] FindNextFileW (in: hFindFile=0x7e5b8d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.089] GetCurrentThreadId () returned 0x6f8 [0210.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.089] FindNextFileW (in: hFindFile=0x7e5b8d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834879b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x50f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.089] GetCurrentThreadId () returned 0x6f8 [0210.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.089] FindNextFileW (in: hFindFile=0x7e5b8d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834879b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x50f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.089] GetCurrentThreadId () returned 0x6f8 [0210.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.089] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0210.089] GetCurrentThreadId () returned 0x6f8 [0210.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.089] GetCurrentThreadId () returned 0x6f8 [0210.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.089] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5b918 [0210.089] GetCurrentThreadId () returned 0x6f8 [0210.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.089] FindNextFileW (in: hFindFile=0x7e5b918, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.090] GetCurrentThreadId () returned 0x6f8 [0210.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.090] FindNextFileW (in: hFindFile=0x7e5b918, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8348eee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ff2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.090] GetCurrentThreadId () returned 0x6f8 [0210.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.090] FindNextFileW (in: hFindFile=0x7e5b918, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8348eee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ff2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.090] GetCurrentThreadId () returned 0x6f8 [0210.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.090] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0210.090] GetCurrentThreadId () returned 0x6f8 [0210.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.090] GetCurrentThreadId () returned 0x6f8 [0210.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.090] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5b958 [0210.091] GetCurrentThreadId () returned 0x6f8 [0210.091] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.091] FindNextFileW (in: hFindFile=0x7e5b958, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.091] GetCurrentThreadId () returned 0x6f8 [0210.091] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.091] FindNextFileW (in: hFindFile=0x7e5b958, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83498b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8349d940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.091] GetCurrentThreadId () returned 0x6f8 [0210.091] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.092] FindNextFileW (in: hFindFile=0x7e5b958, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83498b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8349d940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.092] GetCurrentThreadId () returned 0x6f8 [0210.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.092] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0210.092] GetCurrentThreadId () returned 0x6f8 [0210.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.092] GetCurrentThreadId () returned 0x6f8 [0210.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.092] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5b998 [0210.092] GetCurrentThreadId () returned 0x6f8 [0210.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.092] FindNextFileW (in: hFindFile=0x7e5b998, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.092] GetCurrentThreadId () returned 0x6f8 [0210.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.092] FindNextFileW (in: hFindFile=0x7e5b998, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a4e70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.093] GetCurrentThreadId () returned 0x6f8 [0210.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.093] FindNextFileW (in: hFindFile=0x7e5b998, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a4e70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.093] GetCurrentThreadId () returned 0x6f8 [0210.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.093] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0210.093] GetCurrentThreadId () returned 0x6f8 [0210.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.093] GetCurrentThreadId () returned 0x6f8 [0210.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.093] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5b9d8 [0210.094] GetCurrentThreadId () returned 0x6f8 [0210.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.094] FindNextFileW (in: hFindFile=0x7e5b9d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.094] GetCurrentThreadId () returned 0x6f8 [0210.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.094] FindNextFileW (in: hFindFile=0x7e5b9d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.094] GetCurrentThreadId () returned 0x6f8 [0210.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.094] FindNextFileW (in: hFindFile=0x7e5b9d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.094] GetCurrentThreadId () returned 0x6f8 [0210.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.094] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iw", cAlternateFileName="")) returned 1 [0210.095] GetCurrentThreadId () returned 0x6f8 [0210.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.095] GetCurrentThreadId () returned 0x6f8 [0210.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.095] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ba18 [0210.095] GetCurrentThreadId () returned 0x6f8 [0210.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.095] FindNextFileW (in: hFindFile=0x7e5ba18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.095] GetCurrentThreadId () returned 0x6f8 [0210.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.095] FindNextFileW (in: hFindFile=0x7e5ba18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834b11c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b38d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x5074, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.095] GetCurrentThreadId () returned 0x6f8 [0210.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.095] FindNextFileW (in: hFindFile=0x7e5ba18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834b11c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b38d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x5074, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.095] GetCurrentThreadId () returned 0x6f8 [0210.096] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.096] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0210.096] GetCurrentThreadId () returned 0x6f8 [0210.096] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.096] GetCurrentThreadId () returned 0x6f8 [0210.096] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.096] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ba58 [0210.097] GetCurrentThreadId () returned 0x6f8 [0210.097] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.097] FindNextFileW (in: hFindFile=0x7e5ba58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.097] GetCurrentThreadId () returned 0x6f8 [0210.097] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.097] FindNextFileW (in: hFindFile=0x7e5ba58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834bae00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bd510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x447a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.097] GetCurrentThreadId () returned 0x6f8 [0210.097] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.097] FindNextFileW (in: hFindFile=0x7e5ba58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834bae00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bd510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x447a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.097] GetCurrentThreadId () returned 0x6f8 [0210.097] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.097] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kn", cAlternateFileName="")) returned 1 [0210.097] GetCurrentThreadId () returned 0x6f8 [0210.097] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.097] GetCurrentThreadId () returned 0x6f8 [0210.097] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.097] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ba98 [0210.098] GetCurrentThreadId () returned 0x6f8 [0210.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.098] FindNextFileW (in: hFindFile=0x7e5ba98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.098] GetCurrentThreadId () returned 0x6f8 [0210.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.098] FindNextFileW (in: hFindFile=0x7e5ba98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834c7150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c9860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x55a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.098] GetCurrentThreadId () returned 0x6f8 [0210.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.098] FindNextFileW (in: hFindFile=0x7e5ba98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834c7150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c9860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x55a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.098] GetCurrentThreadId () returned 0x6f8 [0210.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.098] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0210.098] GetCurrentThreadId () returned 0x6f8 [0210.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.098] GetCurrentThreadId () returned 0x6f8 [0210.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.098] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bad8 [0210.099] GetCurrentThreadId () returned 0x6f8 [0210.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.099] FindNextFileW (in: hFindFile=0x7e5bad8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.100] GetCurrentThreadId () returned 0x6f8 [0210.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.100] FindNextFileW (in: hFindFile=0x7e5bad8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ce680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d0d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x403a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.100] GetCurrentThreadId () returned 0x6f8 [0210.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.100] FindNextFileW (in: hFindFile=0x7e5bad8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ce680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d0d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x403a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.100] GetCurrentThreadId () returned 0x6f8 [0210.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.100] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0210.100] GetCurrentThreadId () returned 0x6f8 [0210.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.100] GetCurrentThreadId () returned 0x6f8 [0210.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.100] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bb18 [0210.100] GetCurrentThreadId () returned 0x6f8 [0210.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.100] FindNextFileW (in: hFindFile=0x7e5bb18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.101] GetCurrentThreadId () returned 0x6f8 [0210.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.101] FindNextFileW (in: hFindFile=0x7e5bb18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834d5bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d82c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x416b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.101] GetCurrentThreadId () returned 0x6f8 [0210.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.101] FindNextFileW (in: hFindFile=0x7e5bb18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834d5bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d82c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x416b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.101] GetCurrentThreadId () returned 0x6f8 [0210.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.101] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0210.101] GetCurrentThreadId () returned 0x6f8 [0210.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.101] GetCurrentThreadId () returned 0x6f8 [0210.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.101] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bb58 [0210.102] GetCurrentThreadId () returned 0x6f8 [0210.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.102] FindNextFileW (in: hFindFile=0x7e5bb58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.102] GetCurrentThreadId () returned 0x6f8 [0210.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.102] FindNextFileW (in: hFindFile=0x7e5bb58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834dd0e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834df7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x41bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.102] GetCurrentThreadId () returned 0x6f8 [0210.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.102] FindNextFileW (in: hFindFile=0x7e5bb58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834dd0e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834df7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x41bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.102] GetCurrentThreadId () returned 0x6f8 [0210.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.103] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ml", cAlternateFileName="")) returned 1 [0210.103] GetCurrentThreadId () returned 0x6f8 [0210.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.103] GetCurrentThreadId () returned 0x6f8 [0210.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.103] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bb98 [0210.103] GetCurrentThreadId () returned 0x6f8 [0210.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.103] FindNextFileW (in: hFindFile=0x7e5bb98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.103] GetCurrentThreadId () returned 0x6f8 [0210.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.103] FindNextFileW (in: hFindFile=0x7e5bb98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ebb40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x583f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.103] GetCurrentThreadId () returned 0x6f8 [0210.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.104] FindNextFileW (in: hFindFile=0x7e5bb98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ebb40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x583f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.104] GetCurrentThreadId () returned 0x6f8 [0210.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.104] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mr", cAlternateFileName="")) returned 1 [0210.104] GetCurrentThreadId () returned 0x6f8 [0210.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.104] GetCurrentThreadId () returned 0x6f8 [0210.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.104] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bbd8 [0210.108] GetCurrentThreadId () returned 0x6f8 [0210.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.108] FindNextFileW (in: hFindFile=0x7e5bbd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.111] GetCurrentThreadId () returned 0x6f8 [0210.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.111] FindNextFileW (in: hFindFile=0x7e5bbd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834f3070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5224, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.111] GetCurrentThreadId () returned 0x6f8 [0210.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.111] FindNextFileW (in: hFindFile=0x7e5bbd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834f3070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5224, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.111] GetCurrentThreadId () returned 0x6f8 [0210.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.111] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0210.111] GetCurrentThreadId () returned 0x6f8 [0210.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.111] GetCurrentThreadId () returned 0x6f8 [0210.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.111] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bc18 [0210.112] GetCurrentThreadId () returned 0x6f8 [0210.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.112] FindNextFileW (in: hFindFile=0x7e5bc18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.112] GetCurrentThreadId () returned 0x6f8 [0210.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.112] FindNextFileW (in: hFindFile=0x7e5bc18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ff3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.112] GetCurrentThreadId () returned 0x6f8 [0210.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.112] FindNextFileW (in: hFindFile=0x7e5bc18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ff3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.112] GetCurrentThreadId () returned 0x6f8 [0210.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.112] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb", cAlternateFileName="")) returned 1 [0210.112] GetCurrentThreadId () returned 0x6f8 [0210.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.112] GetCurrentThreadId () returned 0x6f8 [0210.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.112] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bc58 [0210.114] GetCurrentThreadId () returned 0x6f8 [0210.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.114] FindNextFileW (in: hFindFile=0x7e5bc58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.114] GetCurrentThreadId () returned 0x6f8 [0210.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.114] FindNextFileW (in: hFindFile=0x7e5bc58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835068f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ebc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.114] GetCurrentThreadId () returned 0x6f8 [0210.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.114] FindNextFileW (in: hFindFile=0x7e5bc58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835068f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ebc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.114] GetCurrentThreadId () returned 0x6f8 [0210.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.114] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0210.114] GetCurrentThreadId () returned 0x6f8 [0210.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.114] GetCurrentThreadId () returned 0x6f8 [0210.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.114] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bc98 [0210.115] GetCurrentThreadId () returned 0x6f8 [0210.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.115] FindNextFileW (in: hFindFile=0x7e5bc98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.115] GetCurrentThreadId () returned 0x6f8 [0210.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.115] FindNextFileW (in: hFindFile=0x7e5bc98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8357bbf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f45, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.115] GetCurrentThreadId () returned 0x6f8 [0210.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.115] FindNextFileW (in: hFindFile=0x7e5bc98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8357bbf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f45, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.115] GetCurrentThreadId () returned 0x6f8 [0210.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.115] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0210.115] GetCurrentThreadId () returned 0x6f8 [0210.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.115] GetCurrentThreadId () returned 0x6f8 [0210.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f2f650, dwHighDateTime=0x1d6076d)) [0210.115] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bcd8 [0210.117] GetCurrentThreadId () returned 0x6f8 [0210.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.117] FindNextFileW (in: hFindFile=0x7e5bcd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.117] GetCurrentThreadId () returned 0x6f8 [0210.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.117] FindNextFileW (in: hFindFile=0x7e5bcd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83583120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.117] GetCurrentThreadId () returned 0x6f8 [0210.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.117] FindNextFileW (in: hFindFile=0x7e5bcd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83583120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.117] GetCurrentThreadId () returned 0x6f8 [0210.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.117] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt", cAlternateFileName="")) returned 1 [0210.117] GetCurrentThreadId () returned 0x6f8 [0210.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.117] GetCurrentThreadId () returned 0x6f8 [0210.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.117] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bd18 [0210.118] GetCurrentThreadId () returned 0x6f8 [0210.118] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.118] FindNextFileW (in: hFindFile=0x7e5bd18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.118] GetCurrentThreadId () returned 0x6f8 [0210.118] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.118] FindNextFileW (in: hFindFile=0x7e5bd18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8359b7c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359ded0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.118] GetCurrentThreadId () returned 0x6f8 [0210.118] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.118] FindNextFileW (in: hFindFile=0x7e5bd18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8359b7c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359ded0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.118] GetCurrentThreadId () returned 0x6f8 [0210.118] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.118] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0210.118] GetCurrentThreadId () returned 0x6f8 [0210.118] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.118] GetCurrentThreadId () returned 0x6f8 [0210.118] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.118] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bd58 [0210.119] GetCurrentThreadId () returned 0x6f8 [0210.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.119] FindNextFileW (in: hFindFile=0x7e5bd58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.120] GetCurrentThreadId () returned 0x6f8 [0210.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.120] FindNextFileW (in: hFindFile=0x7e5bd58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a05e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.120] GetCurrentThreadId () returned 0x6f8 [0210.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.120] FindNextFileW (in: hFindFile=0x7e5bd58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a05e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.120] GetCurrentThreadId () returned 0x6f8 [0210.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df28 | out: lpSystemTimeAsFileTime=0x4e4df28*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.120] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0210.120] GetCurrentThreadId () returned 0x6f8 [0210.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.120] GetCurrentThreadId () returned 0x6f8 [0210.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.120] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bd98 [0210.120] GetCurrentThreadId () returned 0x6f8 [0210.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.121] FindNextFileW (in: hFindFile=0x7e5bd98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.121] GetCurrentThreadId () returned 0x6f8 [0210.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.121] FindNextFileW (in: hFindFile=0x7e5bd98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a5400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.121] GetCurrentThreadId () returned 0x6f8 [0210.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4dcb4 | out: lpSystemTimeAsFileTime=0x4e4dcb4*(dwLowDateTime=0x1f557b0, dwHighDateTime=0x1d6076d)) [0210.121] FindNextFileW (in: hFindFile=0x7e5bd98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a5400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.121] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0210.121] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bdd8 [0210.125] FindNextFileW (in: hFindFile=0x7e5bdd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.125] FindNextFileW (in: hFindFile=0x7e5bdd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b1750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b3e60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40db, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.125] FindNextFileW (in: hFindFile=0x7e5bdd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b1750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b3e60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40db, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.125] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0210.125] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5be18 [0210.125] FindNextFileW (in: hFindFile=0x7e5be18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.125] FindNextFileW (in: hFindFile=0x7e5be18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b8c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835bb390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x490e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.125] FindNextFileW (in: hFindFile=0x7e5be18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b8c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835bb390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x490e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.125] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0210.125] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5be58 [0210.126] FindNextFileW (in: hFindFile=0x7e5be58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.127] FindNextFileW (in: hFindFile=0x7e5be58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c28c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.127] FindNextFileW (in: hFindFile=0x7e5be58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c28c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.127] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0210.127] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5be98 [0210.127] FindNextFileW (in: hFindFile=0x7e5be98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.127] FindNextFileW (in: hFindFile=0x7e5be98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c9df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x407a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.127] FindNextFileW (in: hFindFile=0x7e5be98, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c9df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x407a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.127] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0210.127] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bed8 [0210.128] FindNextFileW (in: hFindFile=0x7e5bed8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.128] FindNextFileW (in: hFindFile=0x7e5bed8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835d1320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x49c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.129] FindNextFileW (in: hFindFile=0x7e5bed8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835d1320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x49c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.129] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0210.129] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bf18 [0210.129] FindNextFileW (in: hFindFile=0x7e5bf18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.129] FindNextFileW (in: hFindFile=0x7e5bf18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e96, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.129] FindNextFileW (in: hFindFile=0x7e5bf18, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e96, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.129] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sw", cAlternateFileName="")) returned 1 [0210.129] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5bf58 [0210.130] FindNextFileW (in: hFindFile=0x7e5bf58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.130] FindNextFileW (in: hFindFile=0x7e5bf58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dfd80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.131] FindNextFileW (in: hFindFile=0x7e5bf58, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dfd80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.131] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ta", cAlternateFileName="")) returned 1 [0210.131] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5cfd8 [0210.131] FindNextFileW (in: hFindFile=0x7e5cfd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.131] FindNextFileW (in: hFindFile=0x7e5cfd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835e72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e99c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x563d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.131] FindNextFileW (in: hFindFile=0x7e5cfd8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835e72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e99c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x563d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.131] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="te", cAlternateFileName="")) returned 1 [0210.132] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d018 [0210.133] FindNextFileW (in: hFindFile=0x7e5d018, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.133] FindNextFileW (in: hFindFile=0x7e5d018, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f0ef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5593, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.133] FindNextFileW (in: hFindFile=0x7e5d018, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f0ef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5593, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.133] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0210.133] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d058 [0210.133] FindNextFileW (in: hFindFile=0x7e5d058, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.133] FindNextFileW (in: hFindFile=0x7e5d058, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f8420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835fab30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4f64, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.133] FindNextFileW (in: hFindFile=0x7e5d058, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f8420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835fab30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4f64, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.133] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0210.134] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d098 [0210.135] FindNextFileW (in: hFindFile=0x7e5d098, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.135] FindNextFileW (in: hFindFile=0x7e5d098, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ff950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83602060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.135] FindNextFileW (in: hFindFile=0x7e5d098, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ff950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83602060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.135] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0210.135] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d0d8 [0210.135] FindNextFileW (in: hFindFile=0x7e5d0d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.135] FindNextFileW (in: hFindFile=0x7e5d0d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8360e3b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83610ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.135] FindNextFileW (in: hFindFile=0x7e5d0d8, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8360e3b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83610ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.135] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0210.136] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d118 [0210.137] FindNextFileW (in: hFindFile=0x7e5d118, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.137] FindNextFileW (in: hFindFile=0x7e5d118, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83617ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x426b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.137] FindNextFileW (in: hFindFile=0x7e5d118, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83617ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x426b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.137] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh", cAlternateFileName="")) returned 1 [0210.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d158 [0210.137] FindNextFileW (in: hFindFile=0x7e5d158, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.137] FindNextFileW (in: hFindFile=0x7e5d158, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8361f520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d11, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.137] FindNextFileW (in: hFindFile=0x7e5d158, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8361f520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d11, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.137] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0210.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\*", lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d198 [0210.138] FindNextFileW (in: hFindFile=0x7e5d198, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.139] FindNextFileW (in: hFindFile=0x7e5d198, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8362b870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d72, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.139] FindNextFileW (in: hFindFile=0x7e5d198, lpFindFileData=0x4e4dce8 | out: lpFindFileData=0x4e4dce8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8362b870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d72, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.139] FindNextFileW (in: hFindFile=0x7e5a590, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0210.139] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0210.139] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d1d8 [0210.140] FindNextFileW (in: hFindFile=0x7e5d1d8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.140] FindNextFileW (in: hFindFile=0x7e5d1d8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x839fe880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7299, dwReserved0=0x0, dwReserved1=0x0, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0210.140] FindNextFileW (in: hFindFile=0x7e5d1d8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836e0310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3e39, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0210.140] FindNextFileW (in: hFindFile=0x7e5d1d8, lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836e0310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3e39, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0210.140] FindNextFileW (in: hFindFile=0x7e5a4d0, lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0210.140] FindNextFileW (in: hFindFile=0x7e5a490, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5817.313.0.5_0", cAlternateFileName="581731~1.5_0")) returned 0 [0210.140] FindNextFileW (in: hFindFile=0x6a9308, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 0 [0210.141] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80db2b00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favicons", cAlternateFileName="")) returned 1 [0210.141] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80e97340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favicons-journal", cAlternateFileName="FAVICO~1")) returned 1 [0210.141] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81c321d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81c321d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81c58330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b2e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Profile.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0210.141] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f47590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19000, dwReserved0=0x0, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0210.141] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824d3190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824d3190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b6860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x142f, dwReserved0=0x0, dwReserved1=0x0, cFileName="History Provider Cache", cAlternateFileName="HISTOR~2")) returned 1 [0210.141] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f6d6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History-journal", cAlternateFileName="HISTOR~1")) returned 1 [0210.141] FindNextFileW (in: hFindFile=0x6a91c8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JumpListIcons", cAlternateFileName="JUMPLI~2")) returned 1 [0210.141] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d218 [0210.142] FindNextFileW (in: hFindFile=0x7e5d218, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.142] FindNextFileW (in: hFindFile=0x7e5d218, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="A058.tmp", cAlternateFileName="")) returned 1 [0210.142] FindNextFileW (in: hFindFile=0x7e5d218, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="A059.tmp", cAlternateFileName="")) returned 1 [0210.143] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d258 [0210.143] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d298 [0210.143] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d2d8 [0210.145] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d318 [0210.148] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d358 [0210.149] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d398 [0210.151] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d3d8 [0210.151] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d418 [0210.153] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d458 [0210.154] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d498 [0210.154] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d4d8 [0210.154] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d518 [0210.155] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d558 [0210.155] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d598 [0210.156] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d5d8 [0210.156] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d618 [0210.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d658 [0210.158] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0210.158] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d698 [0210.158] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d6d8 [0210.159] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d718 [0210.159] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d758 [0210.162] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d798 [0210.164] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d7d8 [0210.164] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d818 [0210.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d858 [0210.167] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d898 [0210.168] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d8d8 [0210.168] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d918 [0210.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d958 [0210.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d998 [0210.170] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5d9d8 [0210.171] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5da18 [0210.172] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5da58 [0210.173] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5da98 [0210.173] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dad8 [0210.176] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5db18 [0210.177] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5db58 [0210.177] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5db98 [0210.177] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dbd8 [0210.180] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dc18 [0210.183] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dc58 [0210.184] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dc98 [0210.185] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dcd8 [0210.187] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dd18 [0210.189] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dd58 [0210.189] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dd98 [0210.190] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ddd8 [0210.192] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5de18 [0210.194] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5de58 [0210.195] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5de98 [0210.195] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ded8 [0210.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5df18 [0210.198] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5df58 [0210.198] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dfd8 [0210.199] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e018 [0210.199] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e058 [0210.200] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e098 [0210.202] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e0d8 [0210.203] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e118 [0210.204] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e158 [0210.204] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e198 [0210.205] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e1d8 [0210.206] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e218 [0210.207] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e258 [0210.208] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e298 [0210.210] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e2d8 [0210.213] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e318 [0210.216] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e358 [0210.217] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e398 [0210.218] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e3d8 [0210.219] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e418 [0210.219] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e458 [0210.220] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e498 [0210.221] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e4d8 [0210.221] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e518 [0210.222] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e558 [0210.223] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e598 [0210.224] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e5d8 [0210.225] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e618 [0210.226] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e658 [0210.226] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e698 [0210.227] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e6d8 [0210.228] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e718 [0210.229] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e758 [0210.230] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e798 [0210.231] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e7d8 [0210.231] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e818 [0210.232] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e858 [0210.233] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e898 [0210.234] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e8d8 [0210.234] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e918 [0210.234] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e958 [0210.235] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e998 [0210.236] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5e9d8 [0210.237] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ea18 [0210.237] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ea58 [0210.238] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ea98 [0210.239] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ead8 [0210.240] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5eb18 [0210.243] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5eb58 [0210.246] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5eb98 [0210.247] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ebd8 [0210.253] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", dwFileAttributes=0x80) returned 1 [0210.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xe9c [0210.254] GetFileSize (in: hFile=0xe9c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40b0 [0210.262] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", dwFileAttributes=0x2020) returned 1 [0210.262] GetCurrentThreadId () returned 0x6f8 [0210.263] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", piIcon=0x4e4e380 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", piIcon=0x4e4e380) returned 0x18008b [0210.277] GetIconInfo (in: hIcon=0x18008b, piconinfo=0x4e4e36c | out: piconinfo=0x4e4e36c) returned 1 [0210.277] CreateFileW (lpFileName="YooY.ico" (normalized: "c:\\windows\\system32\\yooy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xea0 [0210.278] GetObjectA (in: h=0x6e050776, c=24, pv=0x4e4e330 | out: pv=0x4e4e330) returned 24 [0210.278] GetObjectA (in: h=0x5e050770, c=24, pv=0x4e4e348 | out: pv=0x4e4e348) returned 24 [0210.278] CreateCompatibleDC (hdc=0x0) returned 0xc20101ca [0210.278] GetDIBits (in: hdc=0xc20101ca, hbm=0x6e050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dee0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dee0) returned 1 [0210.278] GetDIBits (in: hdc=0xc20101ca, hbm=0x6e050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4dee0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4dee0) returned 32 [0210.278] GetDIBits (in: hdc=0xc20101ca, hbm=0x6e050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dab8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dab8) returned 1 [0210.278] GetDIBits (in: hdc=0xc20101ca, hbm=0x5e050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4dab8, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4dab8) returned 32 [0210.278] WriteFile (in: hFile=0xea0, lpBuffer=0x4e4da98*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4da98*, lpNumberOfBytesWritten=0x4e4da80*=0x6, lpOverlapped=0x0) returned 1 [0210.279] WriteFile (in: hFile=0xea0, lpBuffer=0x4e4da88*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4da88*, lpNumberOfBytesWritten=0x4e4da80*=0x10, lpOverlapped=0x0) returned 1 [0210.279] WriteFile (in: hFile=0xea0, lpBuffer=0x4e4e308*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4e308*, lpNumberOfBytesWritten=0x4e4da80*=0x28, lpOverlapped=0x0) returned 1 [0210.279] WriteFile (in: hFile=0xea0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4da80*=0x1000, lpOverlapped=0x0) returned 1 [0210.280] WriteFile (in: hFile=0xea0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4da80*=0x80, lpOverlapped=0x0) returned 1 [0210.280] DeleteDC (hdc=0xc20101ca) returned 1 [0210.280] CloseHandle (hObject=0xea0) returned 1 [0210.280] DeleteObject (ho=0x6e050776) returned 1 [0210.280] DeleteObject (ho=0x5e050770) returned 1 [0210.280] DestroyCursor (hCursor=0x18008b) returned 1 [0210.280] GetCurrentThreadId () returned 0x6f8 [0210.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xea0 [0210.280] GetFileSize (in: hFile=0xea0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40b0 [0210.285] ReadFile (in: hFile=0xea0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x40b0, lpNumberOfBytesRead=0x4e4e66c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e66c*=0x40b0, lpOverlapped=0x0) returned 1 [0210.285] CloseHandle (hObject=0xea0) returned 1 [0210.285] GetCurrentThreadId () returned 0x6f8 [0210.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2cc | out: lpSystemTimeAsFileTime=0x4e4e2cc*(dwLowDateTime=0x20d2570, dwHighDateTime=0x1d6076d)) [0210.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2cc | out: lpSystemTimeAsFileTime=0x4e4e2cc*(dwLowDateTime=0x20d2570, dwHighDateTime=0x1d6076d)) [0210.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2e8 | out: lpSystemTimeAsFileTime=0x4e4e2e8*(dwLowDateTime=0x20d2570, dwHighDateTime=0x1d6076d)) [0210.366] GetCurrentThreadId () returned 0x6f8 [0210.366] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e29c | out: lpSystemTimeAsFileTime=0x4e4e29c*(dwLowDateTime=0x2190c50, dwHighDateTime=0x1d6076d)) [0210.366] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e29c | out: lpSystemTimeAsFileTime=0x4e4e29c*(dwLowDateTime=0x2190c50, dwHighDateTime=0x1d6076d)) [0210.366] GetCurrentThreadId () returned 0x6f8 [0210.366] CreateFileW (lpFileName="Ekse.exe" (normalized: "c:\\windows\\system32\\ekse.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.367] CreateFileW (lpFileName="Ekse.exe" (normalized: "c:\\windows\\system32\\ekse.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.367] GetCurrentThreadId () returned 0x6f8 [0210.367] GetCurrentThreadId () returned 0x6f8 [0210.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e35c | out: lpSystemTimeAsFileTime=0x4e4e35c*(dwLowDateTime=0x21b6db0, dwHighDateTime=0x1d6076d)) [0210.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e35c | out: lpSystemTimeAsFileTime=0x4e4e35c*(dwLowDateTime=0x21b6db0, dwHighDateTime=0x1d6076d)) [0210.367] CreateFileW (lpFileName="Ekse.exe" (normalized: "c:\\windows\\system32\\ekse.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.367] GetCurrentThreadId () returned 0x6f8 [0210.368] BeginUpdateResourceW (pFileName="Ekse.exe" (normalized: "c:\\windows\\system32\\ekse.exe"), bDeleteExistingResources=0) returned 0x0 [0210.368] CreateFileW (lpFileName="YooY.ico" (normalized: "c:\\windows\\system32\\yooy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xea0 [0210.368] GetFileSize (in: hFile=0xea0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0210.368] ReadFile (in: hFile=0xea0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4e380, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4e380*=0x10be, lpOverlapped=0x0) returned 1 [0210.368] CloseHandle (hObject=0xea0) returned 1 [0210.368] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0210.368] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4e36c, cb=0x14) returned 0 [0210.368] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0210.369] CopyFileW (lpExistingFileName="Ekse.exe" (normalized: "c:\\windows\\system32\\ekse.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.exe"), bFailIfExists=0) returned 0 [0210.369] SetNamedSecurityInfoW () returned 0x2 [0210.369] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png")) returned 1 [0210.370] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x4e4e3c4, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e3c4*=0x10a, lpOverlapped=0x0) returned 1 [0210.371] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4e3c4, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4e3c4*=0x4, lpOverlapped=0x0) returned 1 [0210.371] DeleteFileW (lpFileName="YooY.ico" (normalized: "c:\\windows\\system32\\yooy.ico")) returned 1 [0210.372] DeleteFileW (lpFileName="Ekse.exe" (normalized: "c:\\windows\\system32\\ekse.exe")) returned 0 [0210.372] GetCurrentThreadId () returned 0x6f8 [0210.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e374 | out: lpSystemTimeAsFileTime=0x4e4e374*(dwLowDateTime=0x21b6db0, dwHighDateTime=0x1d6076d)) [0210.372] GetCurrentThreadId () returned 0x6f8 [0210.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x21b6db0, dwHighDateTime=0x1d6076d)) [0210.372] FindNextFileW (in: hFindFile=0x7e5ebd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83ce6bb0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ba182bcd131f1f3c6b6fbbb1ba078341.png", cAlternateFileName="BA182B~1.PNG")) returned 1 [0210.372] GetCurrentThreadId () returned 0x6f8 [0210.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e39c | out: lpSystemTimeAsFileTime=0x4e4e39c*(dwLowDateTime=0x21b6db0, dwHighDateTime=0x1d6076d)) [0210.373] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png")) returned 0x2020 [0210.374] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", dwFileAttributes=0x80) returned 1 [0210.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xea0 [0210.375] GetFileSize (in: hFile=0xea0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40b0 [0210.380] ReadFile (in: hFile=0xea0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x40b0, lpNumberOfBytesRead=0x4e4e374, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e374*=0x40b0, lpOverlapped=0x0) returned 1 [0210.382] GetCurrentThreadId () returned 0x6f8 [0210.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2fc | out: lpSystemTimeAsFileTime=0x4e4e2fc*(dwLowDateTime=0x21dcf10, dwHighDateTime=0x1d6076d)) [0210.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2fc | out: lpSystemTimeAsFileTime=0x4e4e2fc*(dwLowDateTime=0x21dcf10, dwHighDateTime=0x1d6076d)) [0210.382] GetCurrentThreadId () returned 0x6f8 [0210.382] CloseHandle (hObject=0xea0) returned 1 [0210.383] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", dwFileAttributes=0x2020) returned 1 [0210.383] GetCurrentThreadId () returned 0x6f8 [0210.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4da54 | out: lpSystemTimeAsFileTime=0x4e4da54*(dwLowDateTime=0x21dcf10, dwHighDateTime=0x1d6076d)) [0210.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4da54 | out: lpSystemTimeAsFileTime=0x4e4da54*(dwLowDateTime=0x21dcf10, dwHighDateTime=0x1d6076d)) [0210.383] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", piIcon=0x4e4e380 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", piIcon=0x4e4e380) returned 0x19008b [0210.397] GetIconInfo (in: hIcon=0x19008b, piconinfo=0x4e4e36c | out: piconinfo=0x4e4e36c) returned 1 [0210.397] CreateFileW (lpFileName="UWwo.ico" (normalized: "c:\\windows\\system32\\uwwo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xe9c [0210.398] GetObjectA (in: h=0x9f05076f, c=24, pv=0x4e4e330 | out: pv=0x4e4e330) returned 24 [0210.398] GetObjectA (in: h=0x930501fe, c=24, pv=0x4e4e348 | out: pv=0x4e4e348) returned 24 [0210.398] CreateCompatibleDC (hdc=0x0) returned 0x4e010771 [0210.398] GetDIBits (in: hdc=0x4e010771, hbm=0x9f05076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dee0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dee0) returned 1 [0210.398] GetDIBits (in: hdc=0x4e010771, hbm=0x9f05076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4dee0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4dee0) returned 32 [0210.398] GetDIBits (in: hdc=0x4e010771, hbm=0x9f05076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dab8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dab8) returned 1 [0210.398] GetDIBits (in: hdc=0x4e010771, hbm=0x930501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4dab8, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4dab8) returned 32 [0210.398] WriteFile (in: hFile=0xe9c, lpBuffer=0x4e4da98*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4da98*, lpNumberOfBytesWritten=0x4e4da80*=0x6, lpOverlapped=0x0) returned 1 [0210.399] WriteFile (in: hFile=0xe9c, lpBuffer=0x4e4da88*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4da88*, lpNumberOfBytesWritten=0x4e4da80*=0x10, lpOverlapped=0x0) returned 1 [0210.399] WriteFile (in: hFile=0xe9c, lpBuffer=0x4e4e308*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4e308*, lpNumberOfBytesWritten=0x4e4da80*=0x28, lpOverlapped=0x0) returned 1 [0210.400] WriteFile (in: hFile=0xe9c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4da80*=0x1000, lpOverlapped=0x0) returned 1 [0210.400] WriteFile (in: hFile=0xe9c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4da80*=0x80, lpOverlapped=0x0) returned 1 [0210.400] DeleteDC (hdc=0x4e010771) returned 1 [0210.400] CloseHandle (hObject=0xe9c) returned 1 [0210.400] DeleteObject (ho=0x9f05076f) returned 1 [0210.400] DeleteObject (ho=0x930501fe) returned 1 [0210.400] DestroyCursor (hCursor=0x19008b) returned 1 [0210.400] GetCurrentThreadId () returned 0x6f8 [0210.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xe9c [0210.401] GetFileSize (in: hFile=0xe9c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40b0 [0210.406] ReadFile (in: hFile=0xe9c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x40b0, lpNumberOfBytesRead=0x4e4e66c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e66c*=0x40b0, lpOverlapped=0x0) returned 1 [0210.406] CloseHandle (hObject=0xe9c) returned 1 [0210.406] GetCurrentThreadId () returned 0x6f8 [0210.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2cc | out: lpSystemTimeAsFileTime=0x4e4e2cc*(dwLowDateTime=0x2203070, dwHighDateTime=0x1d6076d)) [0210.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2cc | out: lpSystemTimeAsFileTime=0x4e4e2cc*(dwLowDateTime=0x2203070, dwHighDateTime=0x1d6076d)) [0210.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2e8 | out: lpSystemTimeAsFileTime=0x4e4e2e8*(dwLowDateTime=0x2203070, dwHighDateTime=0x1d6076d)) [0210.471] GetCurrentThreadId () returned 0x6f8 [0210.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e29c | out: lpSystemTimeAsFileTime=0x4e4e29c*(dwLowDateTime=0x229b5f0, dwHighDateTime=0x1d6076d)) [0210.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e29c | out: lpSystemTimeAsFileTime=0x4e4e29c*(dwLowDateTime=0x229b5f0, dwHighDateTime=0x1d6076d)) [0210.471] GetCurrentThreadId () returned 0x6f8 [0210.471] CreateFileW (lpFileName="cUcK.exe" (normalized: "c:\\windows\\system32\\cuck.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.472] CreateFileW (lpFileName="cUcK.exe" (normalized: "c:\\windows\\system32\\cuck.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.472] GetCurrentThreadId () returned 0x6f8 [0210.472] GetCurrentThreadId () returned 0x6f8 [0210.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e35c | out: lpSystemTimeAsFileTime=0x4e4e35c*(dwLowDateTime=0x229b5f0, dwHighDateTime=0x1d6076d)) [0210.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e35c | out: lpSystemTimeAsFileTime=0x4e4e35c*(dwLowDateTime=0x229b5f0, dwHighDateTime=0x1d6076d)) [0210.472] CreateFileW (lpFileName="cUcK.exe" (normalized: "c:\\windows\\system32\\cuck.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.472] GetCurrentThreadId () returned 0x6f8 [0210.472] BeginUpdateResourceW (pFileName="cUcK.exe" (normalized: "c:\\windows\\system32\\cuck.exe"), bDeleteExistingResources=0) returned 0x0 [0210.472] CreateFileW (lpFileName="UWwo.ico" (normalized: "c:\\windows\\system32\\uwwo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe9c [0210.472] GetFileSize (in: hFile=0xe9c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0210.473] ReadFile (in: hFile=0xe9c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4e380, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4e380*=0x10be, lpOverlapped=0x0) returned 1 [0210.473] CloseHandle (hObject=0xe9c) returned 1 [0210.473] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0210.473] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4e36c, cb=0x14) returned 0 [0210.473] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0210.473] CopyFileW (lpExistingFileName="cUcK.exe" (normalized: "c:\\windows\\system32\\cuck.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.exe"), bFailIfExists=0) returned 0 [0210.473] SetNamedSecurityInfoW () returned 0x2 [0210.473] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png")) returned 1 [0210.475] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x4e4e3c4, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e3c4*=0x10a, lpOverlapped=0x0) returned 1 [0210.475] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4e3c4, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4e3c4*=0x4, lpOverlapped=0x0) returned 1 [0210.475] DeleteFileW (lpFileName="UWwo.ico" (normalized: "c:\\windows\\system32\\uwwo.ico")) returned 1 [0210.476] DeleteFileW (lpFileName="cUcK.exe" (normalized: "c:\\windows\\system32\\cuck.exe")) returned 0 [0210.476] GetCurrentThreadId () returned 0x6f8 [0210.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e374 | out: lpSystemTimeAsFileTime=0x4e4e374*(dwLowDateTime=0x22c1750, dwHighDateTime=0x1d6076d)) [0210.476] GetCurrentThreadId () returned 0x6f8 [0210.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x22c1750, dwHighDateTime=0x1d6076d)) [0210.476] FindNextFileW (in: hFindFile=0x7e5ebd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb97ade50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb97ade50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb97ade50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1c362, dwReserved0=0x0, dwReserved1=0x0, cFileName="ce8c0453589216a67cddb50284fbfe8d.png", cAlternateFileName="CE8C04~1.PNG")) returned 1 [0210.476] GetCurrentThreadId () returned 0x6f8 [0210.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e39c | out: lpSystemTimeAsFileTime=0x4e4e39c*(dwLowDateTime=0x22c1750, dwHighDateTime=0x1d6076d)) [0210.476] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png")) returned 0x2020 [0210.477] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", dwFileAttributes=0x80) returned 1 [0210.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xe9c [0210.478] GetFileSize (in: hFile=0xe9c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1c362 [0210.483] ReadFile (in: hFile=0xe9c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1c362, lpNumberOfBytesRead=0x4e4e374, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e374*=0x1c362, lpOverlapped=0x0) returned 1 [0210.486] GetCurrentThreadId () returned 0x6f8 [0210.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2fc | out: lpSystemTimeAsFileTime=0x4e4e2fc*(dwLowDateTime=0x22c1750, dwHighDateTime=0x1d6076d)) [0210.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2fc | out: lpSystemTimeAsFileTime=0x4e4e2fc*(dwLowDateTime=0x22c1750, dwHighDateTime=0x1d6076d)) [0210.487] GetCurrentThreadId () returned 0x6f8 [0210.487] CloseHandle (hObject=0xe9c) returned 1 [0210.487] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", dwFileAttributes=0x2020) returned 1 [0210.488] GetCurrentThreadId () returned 0x6f8 [0210.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4da54 | out: lpSystemTimeAsFileTime=0x4e4da54*(dwLowDateTime=0x22c1750, dwHighDateTime=0x1d6076d)) [0210.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4da54 | out: lpSystemTimeAsFileTime=0x4e4da54*(dwLowDateTime=0x22c1750, dwHighDateTime=0x1d6076d)) [0210.488] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", piIcon=0x4e4e380 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", piIcon=0x4e4e380) returned 0x1a008b [0210.499] GetIconInfo (in: hIcon=0x1a008b, piconinfo=0x4e4e36c | out: piconinfo=0x4e4e36c) returned 1 [0210.500] CreateFileW (lpFileName="EOQM.ico" (normalized: "c:\\windows\\system32\\eoqm.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xea0 [0210.517] GetObjectA (in: h=0x61050770, c=24, pv=0x4e4e330 | out: pv=0x4e4e330) returned 24 [0210.517] GetObjectA (in: h=0x73050776, c=24, pv=0x4e4e348 | out: pv=0x4e4e348) returned 24 [0210.517] CreateCompatibleDC (hdc=0x0) returned 0x71010772 [0210.517] GetDIBits (in: hdc=0x71010772, hbm=0x61050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dee0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dee0) returned 1 [0210.517] GetDIBits (in: hdc=0x71010772, hbm=0x61050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4dee0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4dee0) returned 32 [0210.517] GetDIBits (in: hdc=0x71010772, hbm=0x61050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dab8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dab8) returned 1 [0210.517] GetDIBits (in: hdc=0x71010772, hbm=0x73050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4dab8, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4dab8) returned 32 [0210.517] WriteFile (in: hFile=0xea0, lpBuffer=0x4e4da98*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4da98*, lpNumberOfBytesWritten=0x4e4da80*=0x6, lpOverlapped=0x0) returned 1 [0210.518] WriteFile (in: hFile=0xea0, lpBuffer=0x4e4da88*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4da88*, lpNumberOfBytesWritten=0x4e4da80*=0x10, lpOverlapped=0x0) returned 1 [0210.519] WriteFile (in: hFile=0xea0, lpBuffer=0x4e4e308*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x4e4e308*, lpNumberOfBytesWritten=0x4e4da80*=0x28, lpOverlapped=0x0) returned 1 [0210.519] WriteFile (in: hFile=0xea0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4da80*=0x1000, lpOverlapped=0x0) returned 1 [0210.519] WriteFile (in: hFile=0xea0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4da80, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4da80*=0x80, lpOverlapped=0x0) returned 1 [0210.519] DeleteDC (hdc=0x71010772) returned 1 [0210.519] CloseHandle (hObject=0xea0) returned 1 [0210.520] DeleteObject (ho=0x61050770) returned 1 [0210.520] DeleteObject (ho=0x73050776) returned 1 [0210.520] DestroyCursor (hCursor=0x1a008b) returned 1 [0210.520] GetCurrentThreadId () returned 0x6f8 [0210.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xea0 [0210.520] GetFileSize (in: hFile=0xea0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1c362 [0210.525] ReadFile (in: hFile=0xea0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1c362, lpNumberOfBytesRead=0x4e4e66c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e66c*=0x1c362, lpOverlapped=0x0) returned 1 [0210.526] CloseHandle (hObject=0xea0) returned 1 [0210.526] GetCurrentThreadId () returned 0x6f8 [0210.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2cc | out: lpSystemTimeAsFileTime=0x4e4e2cc*(dwLowDateTime=0x2333b70, dwHighDateTime=0x1d6076d)) [0210.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2cc | out: lpSystemTimeAsFileTime=0x4e4e2cc*(dwLowDateTime=0x2333b70, dwHighDateTime=0x1d6076d)) [0210.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e2e8 | out: lpSystemTimeAsFileTime=0x4e4e2e8*(dwLowDateTime=0x2333b70, dwHighDateTime=0x1d6076d)) [0210.614] GetCurrentThreadId () returned 0x6f8 [0210.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e29c | out: lpSystemTimeAsFileTime=0x4e4e29c*(dwLowDateTime=0x23f2250, dwHighDateTime=0x1d6076d)) [0210.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e29c | out: lpSystemTimeAsFileTime=0x4e4e29c*(dwLowDateTime=0x23f2250, dwHighDateTime=0x1d6076d)) [0210.614] GetCurrentThreadId () returned 0x6f8 [0210.614] CreateFileW (lpFileName="kQYS.exe" (normalized: "c:\\windows\\system32\\kqys.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.615] CreateFileW (lpFileName="kQYS.exe" (normalized: "c:\\windows\\system32\\kqys.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.616] GetCurrentThreadId () returned 0x6f8 [0210.616] GetCurrentThreadId () returned 0x6f8 [0210.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e35c | out: lpSystemTimeAsFileTime=0x4e4e35c*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e35c | out: lpSystemTimeAsFileTime=0x4e4e35c*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.616] CreateFileW (lpFileName="kQYS.exe" (normalized: "c:\\windows\\system32\\kqys.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.616] GetCurrentThreadId () returned 0x6f8 [0210.616] BeginUpdateResourceW (pFileName="kQYS.exe" (normalized: "c:\\windows\\system32\\kqys.exe"), bDeleteExistingResources=0) returned 0x0 [0210.616] CreateFileW (lpFileName="EOQM.ico" (normalized: "c:\\windows\\system32\\eoqm.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xea0 [0210.616] GetFileSize (in: hFile=0xea0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0210.617] ReadFile (in: hFile=0xea0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4e380, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4e380*=0x10be, lpOverlapped=0x0) returned 1 [0210.617] CloseHandle (hObject=0xea0) returned 1 [0210.617] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0210.617] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4e36c, cb=0x14) returned 0 [0210.617] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0210.617] CopyFileW (lpExistingFileName="kQYS.exe" (normalized: "c:\\windows\\system32\\kqys.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.exe"), bFailIfExists=0) returned 0 [0210.618] SetNamedSecurityInfoW () returned 0x2 [0210.618] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png")) returned 1 [0210.620] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x4e4e3c4, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e3c4*=0x10a, lpOverlapped=0x0) returned 1 [0210.620] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4e3c4, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4e3c4*=0x4, lpOverlapped=0x0) returned 1 [0210.621] DeleteFileW (lpFileName="EOQM.ico" (normalized: "c:\\windows\\system32\\eoqm.ico")) returned 1 [0210.623] DeleteFileW (lpFileName="kQYS.exe" (normalized: "c:\\windows\\system32\\kqys.exe")) returned 0 [0210.624] GetCurrentThreadId () returned 0x6f8 [0210.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e374 | out: lpSystemTimeAsFileTime=0x4e4e374*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.624] GetCurrentThreadId () returned 0x6f8 [0210.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.624] FindNextFileW (in: hFindFile=0x7e5ebd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb97ade50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb97ade50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb97ade50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1c362, dwReserved0=0x0, dwReserved1=0x0, cFileName="ce8c0453589216a67cddb50284fbfe8d.png", cAlternateFileName="CE8C04~1.PNG")) returned 0 [0210.624] GetCurrentThreadId () returned 0x6f8 [0210.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.624] FindNextFileW (in: hFindFile=0x7e5e2d8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853a9e10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x0, dwReserved1=0x0, cFileName="_CACHE_CLEAN_", cAlternateFileName="_CACHE~1")) returned 1 [0210.624] GetCurrentThreadId () returned 0x6f8 [0210.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.624] FindNextFileW (in: hFindFile=0x7e5e2d8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853a9e10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x0, dwReserved1=0x0, cFileName="_CACHE_CLEAN_", cAlternateFileName="_CACHE~1")) returned 0 [0210.624] GetCurrentThreadId () returned 0x6f8 [0210.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.624] FindNextFileW (in: hFindFile=0x7e5e298, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 0 [0210.624] GetCurrentThreadId () returned 0x6f8 [0210.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.624] FindNextFileW (in: hFindFile=0x7e5e258, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 0 [0210.624] GetCurrentThreadId () returned 0x6f8 [0210.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.625] FindNextFileW (in: hFindFile=0x7e5e218, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="updates", cAlternateFileName="")) returned 1 [0210.625] GetCurrentThreadId () returned 0x6f8 [0210.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.625] GetCurrentThreadId () returned 0x6f8 [0210.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.625] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ec18 [0210.626] GetCurrentThreadId () returned 0x6f8 [0210.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.626] FindNextFileW (in: hFindFile=0x7e5ec18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.626] GetCurrentThreadId () returned 0x6f8 [0210.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.626] FindNextFileW (in: hFindFile=0x7e5ec18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="E7CF176E110C211B", cAlternateFileName="E7CF17~1")) returned 1 [0210.626] GetCurrentThreadId () returned 0x6f8 [0210.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.626] GetCurrentThreadId () returned 0x6f8 [0210.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.626] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ec58 [0210.630] GetCurrentThreadId () returned 0x6f8 [0210.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.630] FindNextFileW (in: hFindFile=0x7e5ec58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.630] GetCurrentThreadId () returned 0x6f8 [0210.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x24183b0, dwHighDateTime=0x1d6076d)) [0210.630] FindNextFileW (in: hFindFile=0x7e5ec58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a2b6d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x464, dwReserved0=0x0, dwReserved1=0x0, cFileName="active-update.xml", cAlternateFileName="ACTIVE~1.XML")) returned 1 [0210.630] GetCurrentThreadId () returned 0x6f8 [0210.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.630] FindNextFileW (in: hFindFile=0x7e5ec58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="updates", cAlternateFileName="")) returned 1 [0210.630] GetCurrentThreadId () returned 0x6f8 [0210.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.630] GetCurrentThreadId () returned 0x6f8 [0210.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.631] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ec98 [0210.633] GetCurrentThreadId () returned 0x6f8 [0210.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.633] FindNextFileW (in: hFindFile=0x7e5ec98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.634] GetCurrentThreadId () returned 0x6f8 [0210.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.634] FindNextFileW (in: hFindFile=0x7e5ec98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0", cAlternateFileName="")) returned 1 [0210.634] GetCurrentThreadId () returned 0x6f8 [0210.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.634] GetCurrentThreadId () returned 0x6f8 [0210.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.634] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ecd8 [0210.635] GetCurrentThreadId () returned 0x6f8 [0210.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.635] FindNextFileW (in: hFindFile=0x7e5ecd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.635] GetCurrentThreadId () returned 0x6f8 [0210.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.635] FindNextFileW (in: hFindFile=0x7e5ecd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x818016b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x927c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="update.mar", cAlternateFileName="")) returned 1 [0210.635] GetCurrentThreadId () returned 0x6f8 [0210.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.635] FindNextFileW (in: hFindFile=0x7e5ecd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80993150, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80993150, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80993150, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xc, dwReserved0=0x0, dwReserved1=0x0, cFileName="update.status", cAlternateFileName="UPDATE~1.STA")) returned 1 [0210.635] GetCurrentThreadId () returned 0x6f8 [0210.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.636] FindNextFileW (in: hFindFile=0x7e5ecd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80993150, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80993150, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80993150, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xc, dwReserved0=0x0, dwReserved1=0x0, cFileName="update.status", cAlternateFileName="UPDATE~1.STA")) returned 0 [0210.636] GetCurrentThreadId () returned 0x6f8 [0210.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.636] FindNextFileW (in: hFindFile=0x7e5ec98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0", cAlternateFileName="")) returned 0 [0210.636] GetCurrentThreadId () returned 0x6f8 [0210.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.636] FindNextFileW (in: hFindFile=0x7e5ec58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a9daf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8548e650, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8548e650, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x0, dwReserved1=0x0, cFileName="updates.xml", cAlternateFileName="")) returned 1 [0210.636] GetCurrentThreadId () returned 0x6f8 [0210.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.636] FindNextFileW (in: hFindFile=0x7e5ec58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a9daf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8548e650, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8548e650, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x0, dwReserved1=0x0, cFileName="updates.xml", cAlternateFileName="")) returned 0 [0210.636] GetCurrentThreadId () returned 0x6f8 [0210.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.636] FindNextFileW (in: hFindFile=0x7e5ec18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="E7CF176E110C211B", cAlternateFileName="E7CF17~1")) returned 0 [0210.636] GetCurrentThreadId () returned 0x6f8 [0210.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.636] FindNextFileW (in: hFindFile=0x7e5e218, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="updates", cAlternateFileName="")) returned 0 [0210.636] GetCurrentThreadId () returned 0x6f8 [0210.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.636] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeaffcf40, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xeaffcf40, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0210.637] GetCurrentThreadId () returned 0x6f8 [0210.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.637] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0210.637] GetCurrentThreadId () returned 0x6f8 [0210.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.637] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf56c9a30, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xf56c9a30, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0210.637] GetCurrentThreadId () returned 0x6f8 [0210.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.637] GetCurrentThreadId () returned 0x6f8 [0210.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.637] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf56c9a30, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xf56c9a30, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ed18 [0210.637] GetCurrentThreadId () returned 0x6f8 [0210.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.637] FindNextFileW (in: hFindFile=0x7e5ed18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf56c9a30, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xf56c9a30, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.637] GetCurrentThreadId () returned 0x6f8 [0210.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.637] FindNextFileW (in: hFindFile=0x7e5ed18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf56efb90, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xf56efb90, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0210.637] GetCurrentThreadId () returned 0x6f8 [0210.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.637] FindNextFileW (in: hFindFile=0x7e5ed18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf56efb90, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xf56efb90, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0210.638] GetCurrentThreadId () returned 0x6f8 [0210.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.638] FindNextFileW (in: hFindFile=0x6a8b48, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf56c9a30, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xf56c9a30, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 0 [0210.638] GetCurrentThreadId () returned 0x6f8 [0210.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.638] FindNextFileW (in: hFindFile=0x6a8b08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0210.638] GetCurrentThreadId () returned 0x6f8 [0210.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.638] GetCurrentThreadId () returned 0x6f8 [0210.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.638] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ed58 [0210.638] GetCurrentThreadId () returned 0x6f8 [0210.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.638] FindNextFileW (in: hFindFile=0x7e5ed58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.638] GetCurrentThreadId () returned 0x6f8 [0210.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.638] FindNextFileW (in: hFindFile=0x7e5ed58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0210.639] GetCurrentThreadId () returned 0x6f8 [0210.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.639] GetCurrentThreadId () returned 0x6f8 [0210.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.639] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ed98 [0210.640] GetCurrentThreadId () returned 0x6f8 [0210.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.640] FindNextFileW (in: hFindFile=0x7e5ed98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.640] GetCurrentThreadId () returned 0x6f8 [0210.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.640] FindNextFileW (in: hFindFile=0x7e5ed98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0210.640] GetCurrentThreadId () returned 0x6f8 [0210.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.640] GetCurrentThreadId () returned 0x6f8 [0210.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.640] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5edd8 [0210.641] GetCurrentThreadId () returned 0x6f8 [0210.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.641] FindNextFileW (in: hFindFile=0x7e5edd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.641] GetCurrentThreadId () returned 0x6f8 [0210.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.641] FindNextFileW (in: hFindFile=0x7e5edd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0210.641] GetCurrentThreadId () returned 0x6f8 [0210.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.641] GetCurrentThreadId () returned 0x6f8 [0210.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.641] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ee18 [0210.643] GetCurrentThreadId () returned 0x6f8 [0210.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.643] FindNextFileW (in: hFindFile=0x7e5ee18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.643] GetCurrentThreadId () returned 0x6f8 [0210.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.643] FindNextFileW (in: hFindFile=0x7e5ee18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd9b6a040, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9b6a040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xde963ca0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0xa5ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="rdrmessage.zip", cAlternateFileName="RDRMES~1.ZIP")) returned 1 [0210.643] GetCurrentThreadId () returned 0x6f8 [0210.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e884 | out: lpSystemTimeAsFileTime=0x4e4e884*(dwLowDateTime=0x243e510, dwHighDateTime=0x1d6076d)) [0210.643] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip")) returned 0x2020 [0210.645] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", dwFileAttributes=0x80) returned 1 [0210.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec0 [0210.645] GetFileSize (in: hFile=0xec0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa5ff [0210.650] ReadFile (in: hFile=0xec0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa5ff, lpNumberOfBytesRead=0x4e4e85c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e85c*=0xa5ff, lpOverlapped=0x0) returned 1 [0210.653] GetCurrentThreadId () returned 0x6f8 [0210.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7e4 | out: lpSystemTimeAsFileTime=0x4e4e7e4*(dwLowDateTime=0x2464670, dwHighDateTime=0x1d6076d)) [0210.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7e4 | out: lpSystemTimeAsFileTime=0x4e4e7e4*(dwLowDateTime=0x2464670, dwHighDateTime=0x1d6076d)) [0210.653] GetCurrentThreadId () returned 0x6f8 [0210.653] CloseHandle (hObject=0xec0) returned 1 [0210.653] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", dwFileAttributes=0x2020) returned 1 [0210.654] GetCurrentThreadId () returned 0x6f8 [0210.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df3c | out: lpSystemTimeAsFileTime=0x4e4df3c*(dwLowDateTime=0x2464670, dwHighDateTime=0x1d6076d)) [0210.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df3c | out: lpSystemTimeAsFileTime=0x4e4df3c*(dwLowDateTime=0x2464670, dwHighDateTime=0x1d6076d)) [0210.654] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", piIcon=0x4e4e868 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", piIcon=0x4e4e868) returned 0x1c008b [0210.704] GetIconInfo (in: hIcon=0x1c008b, piconinfo=0x4e4e854 | out: piconinfo=0x4e4e854) returned 1 [0210.704] CreateFileW (lpFileName="aYIY.ico" (normalized: "c:\\windows\\system32\\ayiy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec4 [0210.705] GetObjectA (in: h=0x53050771, c=24, pv=0x4e4e818 | out: pv=0x4e4e818) returned 24 [0210.705] GetObjectA (in: h=0x7a05016f, c=24, pv=0x4e4e830 | out: pv=0x4e4e830) returned 24 [0210.705] CreateCompatibleDC (hdc=0x0) returned 0xa501076f [0210.705] GetDIBits (in: hdc=0xa501076f, hbm=0x53050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e3c8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e3c8) returned 1 [0210.705] GetDIBits (in: hdc=0xa501076f, hbm=0x53050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e3c8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e3c8) returned 32 [0210.705] GetDIBits (in: hdc=0xa501076f, hbm=0x53050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dfa0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dfa0) returned 1 [0210.705] GetDIBits (in: hdc=0xa501076f, hbm=0x7a05016f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4dfa0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4dfa0) returned 32 [0210.705] WriteFile (in: hFile=0xec4, lpBuffer=0x4e4df80*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4df80*, lpNumberOfBytesWritten=0x4e4df68*=0x6, lpOverlapped=0x0) returned 1 [0210.706] WriteFile (in: hFile=0xec4, lpBuffer=0x4e4df70*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4df70*, lpNumberOfBytesWritten=0x4e4df68*=0x10, lpOverlapped=0x0) returned 1 [0210.706] WriteFile (in: hFile=0xec4, lpBuffer=0x4e4e7f0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4e7f0*, lpNumberOfBytesWritten=0x4e4df68*=0x28, lpOverlapped=0x0) returned 1 [0210.707] WriteFile (in: hFile=0xec4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4df68*=0x1000, lpOverlapped=0x0) returned 1 [0210.709] WriteFile (in: hFile=0xec4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4df68*=0x80, lpOverlapped=0x0) returned 1 [0210.709] DeleteDC (hdc=0xa501076f) returned 1 [0210.709] CloseHandle (hObject=0xec4) returned 1 [0210.712] DeleteObject (ho=0x53050771) returned 1 [0210.712] DeleteObject (ho=0x7a05016f) returned 1 [0210.712] DestroyCursor (hCursor=0x1c008b) returned 1 [0210.712] GetCurrentThreadId () returned 0x6f8 [0210.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec4 [0210.712] GetFileSize (in: hFile=0xec4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa5ff [0210.717] ReadFile (in: hFile=0xec4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa5ff, lpNumberOfBytesRead=0x4e4eb54, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4eb54*=0xa5ff, lpOverlapped=0x0) returned 1 [0210.717] CloseHandle (hObject=0xec4) returned 1 [0210.717] GetCurrentThreadId () returned 0x6f8 [0210.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7b4 | out: lpSystemTimeAsFileTime=0x4e4e7b4*(dwLowDateTime=0x24fcbf0, dwHighDateTime=0x1d6076d)) [0210.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7b4 | out: lpSystemTimeAsFileTime=0x4e4e7b4*(dwLowDateTime=0x24fcbf0, dwHighDateTime=0x1d6076d)) [0210.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7d0 | out: lpSystemTimeAsFileTime=0x4e4e7d0*(dwLowDateTime=0x24fcbf0, dwHighDateTime=0x1d6076d)) [0210.783] GetCurrentThreadId () returned 0x6f8 [0210.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e784 | out: lpSystemTimeAsFileTime=0x4e4e784*(dwLowDateTime=0x2595170, dwHighDateTime=0x1d6076d)) [0210.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e784 | out: lpSystemTimeAsFileTime=0x4e4e784*(dwLowDateTime=0x2595170, dwHighDateTime=0x1d6076d)) [0210.783] GetCurrentThreadId () returned 0x6f8 [0210.783] CreateFileW (lpFileName="csou.exe" (normalized: "c:\\windows\\system32\\csou.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.784] CreateFileW (lpFileName="csou.exe" (normalized: "c:\\windows\\system32\\csou.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.784] GetCurrentThreadId () returned 0x6f8 [0210.784] GetCurrentThreadId () returned 0x6f8 [0210.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e844 | out: lpSystemTimeAsFileTime=0x4e4e844*(dwLowDateTime=0x2595170, dwHighDateTime=0x1d6076d)) [0210.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e844 | out: lpSystemTimeAsFileTime=0x4e4e844*(dwLowDateTime=0x2595170, dwHighDateTime=0x1d6076d)) [0210.784] CreateFileW (lpFileName="csou.exe" (normalized: "c:\\windows\\system32\\csou.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0210.784] GetCurrentThreadId () returned 0x6f8 [0210.784] BeginUpdateResourceW (pFileName="csou.exe" (normalized: "c:\\windows\\system32\\csou.exe"), bDeleteExistingResources=0) returned 0x0 [0210.784] CreateFileW (lpFileName="aYIY.ico" (normalized: "c:\\windows\\system32\\ayiy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xec4 [0210.784] GetFileSize (in: hFile=0xec4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0210.785] ReadFile (in: hFile=0xec4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4e868, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4e868*=0x10be, lpOverlapped=0x0) returned 1 [0210.785] CloseHandle (hObject=0xec4) returned 1 [0210.785] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0210.785] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4e854, cb=0x14) returned 0 [0210.785] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0210.785] CopyFileW (lpExistingFileName="csou.exe" (normalized: "c:\\windows\\system32\\csou.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip.exe"), bFailIfExists=0) returned 0 [0210.785] SetNamedSecurityInfoW () returned 0x2 [0210.785] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip")) returned 1 [0210.787] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x4e4e8ac, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e8ac*=0xa0, lpOverlapped=0x0) returned 1 [0210.787] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4e8ac, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4e8ac*=0x4, lpOverlapped=0x0) returned 1 [0210.787] DeleteFileW (lpFileName="aYIY.ico" (normalized: "c:\\windows\\system32\\ayiy.ico")) returned 1 [0210.788] DeleteFileW (lpFileName="csou.exe" (normalized: "c:\\windows\\system32\\csou.exe")) returned 0 [0210.788] GetCurrentThreadId () returned 0x6f8 [0210.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e85c | out: lpSystemTimeAsFileTime=0x4e4e85c*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.788] GetCurrentThreadId () returned 0x6f8 [0210.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.788] FindNextFileW (in: hFindFile=0x7e5ee18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce824760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce824760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe5ab8070, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReaderMessages", cAlternateFileName="READER~1")) returned 1 [0210.788] GetCurrentThreadId () returned 0x6f8 [0210.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.788] FindNextFileW (in: hFindFile=0x7e5ee18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0210.788] GetCurrentThreadId () returned 0x6f8 [0210.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.788] GetCurrentThreadId () returned 0x6f8 [0210.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.788] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ee58 [0210.789] GetCurrentThreadId () returned 0x6f8 [0210.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.790] FindNextFileW (in: hFindFile=0x7e5ee58, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.790] GetCurrentThreadId () returned 0x6f8 [0210.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.790] FindNextFileW (in: hFindFile=0x7e5ee58, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.790] GetCurrentThreadId () returned 0x6f8 [0210.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.790] FindNextFileW (in: hFindFile=0x7e5ee18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 0 [0210.790] GetCurrentThreadId () returned 0x6f8 [0210.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.790] FindNextFileW (in: hFindFile=0x7e5edd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 0 [0210.790] GetCurrentThreadId () returned 0x6f8 [0210.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.790] FindNextFileW (in: hFindFile=0x7e5ed98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0210.790] GetCurrentThreadId () returned 0x6f8 [0210.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.790] GetCurrentThreadId () returned 0x6f8 [0210.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.790] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ee98 [0210.790] GetCurrentThreadId () returned 0x6f8 [0210.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.790] FindNextFileW (in: hFindFile=0x7e5ee98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.791] GetCurrentThreadId () returned 0x6f8 [0210.791] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.791] FindNextFileW (in: hFindFile=0x7e5ee98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 1 [0210.791] GetCurrentThreadId () returned 0x6f8 [0210.791] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.791] GetCurrentThreadId () returned 0x6f8 [0210.791] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.791] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5eed8 [0210.793] GetCurrentThreadId () returned 0x6f8 [0210.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.793] FindNextFileW (in: hFindFile=0x7e5eed8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.793] GetCurrentThreadId () returned 0x6f8 [0210.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.793] FindNextFileW (in: hFindFile=0x7e5eed8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe Custom Dictionary", cAlternateFileName="ADOBEC~1")) returned 1 [0210.793] GetCurrentThreadId () returned 0x6f8 [0210.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.793] GetCurrentThreadId () returned 0x6f8 [0210.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.793] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ef18 [0210.795] GetCurrentThreadId () returned 0x6f8 [0210.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.795] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.795] GetCurrentThreadId () returned 0x6f8 [0210.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.795] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="all", cAlternateFileName="")) returned 1 [0210.795] GetCurrentThreadId () returned 0x6f8 [0210.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.795] GetCurrentThreadId () returned 0x6f8 [0210.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.795] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ef58 [0210.796] GetCurrentThreadId () returned 0x6f8 [0210.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.796] FindNextFileW (in: hFindFile=0x7e5ef58, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.796] GetCurrentThreadId () returned 0x6f8 [0210.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.796] FindNextFileW (in: hFindFile=0x7e5ef58, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.796] GetCurrentThreadId () returned 0x6f8 [0210.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.796] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="brt", cAlternateFileName="")) returned 1 [0210.796] GetCurrentThreadId () returned 0x6f8 [0210.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.796] GetCurrentThreadId () returned 0x6f8 [0210.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.796] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e61fd8 [0210.797] GetCurrentThreadId () returned 0x6f8 [0210.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.797] FindNextFileW (in: hFindFile=0x7e61fd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.797] GetCurrentThreadId () returned 0x6f8 [0210.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.797] FindNextFileW (in: hFindFile=0x7e61fd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.797] GetCurrentThreadId () returned 0x6f8 [0210.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.797] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="brz", cAlternateFileName="")) returned 1 [0210.797] GetCurrentThreadId () returned 0x6f8 [0210.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.798] GetCurrentThreadId () returned 0x6f8 [0210.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.798] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62018 [0210.798] GetCurrentThreadId () returned 0x6f8 [0210.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.799] FindNextFileW (in: hFindFile=0x7e62018, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.799] GetCurrentThreadId () returned 0x6f8 [0210.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.799] FindNextFileW (in: hFindFile=0x7e62018, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.799] GetCurrentThreadId () returned 0x6f8 [0210.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.799] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dan", cAlternateFileName="")) returned 1 [0210.799] GetCurrentThreadId () returned 0x6f8 [0210.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.799] GetCurrentThreadId () returned 0x6f8 [0210.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.799] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62058 [0210.799] GetCurrentThreadId () returned 0x6f8 [0210.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.799] FindNextFileW (in: hFindFile=0x7e62058, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.799] GetCurrentThreadId () returned 0x6f8 [0210.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.799] FindNextFileW (in: hFindFile=0x7e62058, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.799] GetCurrentThreadId () returned 0x6f8 [0210.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.800] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dut", cAlternateFileName="")) returned 1 [0210.800] GetCurrentThreadId () returned 0x6f8 [0210.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.800] GetCurrentThreadId () returned 0x6f8 [0210.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.800] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62098 [0210.800] GetCurrentThreadId () returned 0x6f8 [0210.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.800] FindNextFileW (in: hFindFile=0x7e62098, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.800] GetCurrentThreadId () returned 0x6f8 [0210.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.800] FindNextFileW (in: hFindFile=0x7e62098, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.800] GetCurrentThreadId () returned 0x6f8 [0210.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.800] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eng", cAlternateFileName="")) returned 1 [0210.800] GetCurrentThreadId () returned 0x6f8 [0210.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.800] GetCurrentThreadId () returned 0x6f8 [0210.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.800] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e620d8 [0210.801] GetCurrentThreadId () returned 0x6f8 [0210.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.801] FindNextFileW (in: hFindFile=0x7e620d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.801] GetCurrentThreadId () returned 0x6f8 [0210.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.801] FindNextFileW (in: hFindFile=0x7e620d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.801] GetCurrentThreadId () returned 0x6f8 [0210.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.801] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="frn", cAlternateFileName="")) returned 1 [0210.801] GetCurrentThreadId () returned 0x6f8 [0210.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.801] GetCurrentThreadId () returned 0x6f8 [0210.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.801] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62118 [0210.801] GetCurrentThreadId () returned 0x6f8 [0210.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.801] FindNextFileW (in: hFindFile=0x7e62118, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.801] GetCurrentThreadId () returned 0x6f8 [0210.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.801] FindNextFileW (in: hFindFile=0x7e62118, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.802] GetCurrentThreadId () returned 0x6f8 [0210.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.802] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="grm", cAlternateFileName="")) returned 1 [0210.802] GetCurrentThreadId () returned 0x6f8 [0210.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25bb2d0, dwHighDateTime=0x1d6076d)) [0210.802] GetCurrentThreadId () returned 0x6f8 [0210.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.802] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62158 [0210.802] GetCurrentThreadId () returned 0x6f8 [0210.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.802] FindNextFileW (in: hFindFile=0x7e62158, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.802] GetCurrentThreadId () returned 0x6f8 [0210.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.802] FindNextFileW (in: hFindFile=0x7e62158, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.802] GetCurrentThreadId () returned 0x6f8 [0210.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.802] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="itl", cAlternateFileName="")) returned 1 [0210.802] GetCurrentThreadId () returned 0x6f8 [0210.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.802] GetCurrentThreadId () returned 0x6f8 [0210.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.802] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62198 [0210.803] GetCurrentThreadId () returned 0x6f8 [0210.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.803] FindNextFileW (in: hFindFile=0x7e62198, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.803] GetCurrentThreadId () returned 0x6f8 [0210.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.803] FindNextFileW (in: hFindFile=0x7e62198, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.803] GetCurrentThreadId () returned 0x6f8 [0210.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.803] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nrw", cAlternateFileName="")) returned 1 [0210.803] GetCurrentThreadId () returned 0x6f8 [0210.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.803] GetCurrentThreadId () returned 0x6f8 [0210.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e621d8 [0210.803] GetCurrentThreadId () returned 0x6f8 [0210.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.803] FindNextFileW (in: hFindFile=0x7e621d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.803] GetCurrentThreadId () returned 0x6f8 [0210.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.804] FindNextFileW (in: hFindFile=0x7e621d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.804] GetCurrentThreadId () returned 0x6f8 [0210.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.804] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="prt", cAlternateFileName="")) returned 1 [0210.804] GetCurrentThreadId () returned 0x6f8 [0210.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.804] GetCurrentThreadId () returned 0x6f8 [0210.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.804] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62218 [0210.804] GetCurrentThreadId () returned 0x6f8 [0210.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.804] FindNextFileW (in: hFindFile=0x7e62218, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.804] GetCurrentThreadId () returned 0x6f8 [0210.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.804] FindNextFileW (in: hFindFile=0x7e62218, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.804] GetCurrentThreadId () returned 0x6f8 [0210.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.804] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="spn", cAlternateFileName="")) returned 1 [0210.804] GetCurrentThreadId () returned 0x6f8 [0210.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.804] GetCurrentThreadId () returned 0x6f8 [0210.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.805] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62258 [0210.805] GetCurrentThreadId () returned 0x6f8 [0210.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.805] FindNextFileW (in: hFindFile=0x7e62258, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.805] GetCurrentThreadId () returned 0x6f8 [0210.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.805] FindNextFileW (in: hFindFile=0x7e62258, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.805] GetCurrentThreadId () returned 0x6f8 [0210.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.805] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="swd", cAlternateFileName="")) returned 1 [0210.805] GetCurrentThreadId () returned 0x6f8 [0210.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.805] GetCurrentThreadId () returned 0x6f8 [0210.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.805] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62298 [0210.805] GetCurrentThreadId () returned 0x6f8 [0210.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.805] FindNextFileW (in: hFindFile=0x7e62298, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.806] GetCurrentThreadId () returned 0x6f8 [0210.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.806] FindNextFileW (in: hFindFile=0x7e62298, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.806] GetCurrentThreadId () returned 0x6f8 [0210.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.806] FindNextFileW (in: hFindFile=0x7e5ef18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="swd", cAlternateFileName="")) returned 0 [0210.806] GetCurrentThreadId () returned 0x6f8 [0210.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.806] FindNextFileW (in: hFindFile=0x7e5eed8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe Custom Dictionary", cAlternateFileName="ADOBEC~1")) returned 0 [0210.806] GetCurrentThreadId () returned 0x6f8 [0210.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.806] FindNextFileW (in: hFindFile=0x7e5ee98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 0 [0210.806] GetCurrentThreadId () returned 0x6f8 [0210.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.806] FindNextFileW (in: hFindFile=0x7e5ed98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 0 [0210.806] GetCurrentThreadId () returned 0x6f8 [0210.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.806] FindNextFileW (in: hFindFile=0x7e5ed58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0210.806] GetCurrentThreadId () returned 0x6f8 [0210.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.806] GetCurrentThreadId () returned 0x6f8 [0210.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.806] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e622d8 [0210.808] GetCurrentThreadId () returned 0x6f8 [0210.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.808] FindNextFileW (in: hFindFile=0x7e622d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.808] GetCurrentThreadId () returned 0x6f8 [0210.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.808] FindNextFileW (in: hFindFile=0x7e622d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CryptnetUrlCache", cAlternateFileName="CRYPTN~1")) returned 1 [0210.808] GetCurrentThreadId () returned 0x6f8 [0210.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.808] GetCurrentThreadId () returned 0x6f8 [0210.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.808] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62318 [0210.809] GetCurrentThreadId () returned 0x6f8 [0210.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.809] FindNextFileW (in: hFindFile=0x7e62318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.809] GetCurrentThreadId () returned 0x6f8 [0210.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.809] FindNextFileW (in: hFindFile=0x7e62318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Content", cAlternateFileName="")) returned 1 [0210.809] GetCurrentThreadId () returned 0x6f8 [0210.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.809] GetCurrentThreadId () returned 0x6f8 [0210.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62358 [0210.812] GetCurrentThreadId () returned 0x6f8 [0210.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.812] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.813] GetCurrentThreadId () returned 0x6f8 [0210.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.813] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf9eaad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf9eaad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf9eaad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cAlternateFileName="024823~1")) returned 1 [0210.813] GetCurrentThreadId () returned 0x6f8 [0210.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.813] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bd8410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bd8410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe98d390, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x561, dwReserved0=0x0, dwReserved1=0x0, cFileName="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cAlternateFileName="0F1583~1")) returned 1 [0210.813] GetCurrentThreadId () returned 0x6f8 [0210.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.813] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf952550, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf952550, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf952550, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cAlternateFileName="1BB09B~1")) returned 1 [0210.813] GetCurrentThreadId () returned 0x6f8 [0210.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.813] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4c00edb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c00edb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4c00edb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="1DAF2884EC4DFA96BA4A58D4DBC9C406", cAlternateFileName="1DAF28~1")) returned 1 [0210.813] GetCurrentThreadId () returned 0x6f8 [0210.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.813] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x580eb5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x580eb5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaedd4300, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x145, dwReserved0=0x0, dwReserved1=0x0, cFileName="23B523C9E7746F715D33C6527C18EB9D", cAlternateFileName="23B523~1")) returned 1 [0210.813] GetCurrentThreadId () returned 0x6f8 [0210.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.813] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xc3791460, ftCreationTime.dwHighDateTime=0x1d2e675, ftLastAccessTime.dwLowDateTime=0xc3791460, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc3791460, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="3130B1871A126520A8C47861EFE3ED4D", cAlternateFileName="3130B1~1")) returned 1 [0210.813] GetCurrentThreadId () returned 0x6f8 [0210.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53fdc930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53fdc930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf16fc70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0x0, dwReserved1=0x0, cFileName="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cAlternateFileName="3388EC~1")) returned 1 [0210.814] GetCurrentThreadId () returned 0x6f8 [0210.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53b19d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b19d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54583d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb68, dwReserved0=0x0, dwReserved1=0x0, cFileName="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cAlternateFileName="40E450~1")) returned 1 [0210.814] GetCurrentThreadId () returned 0x6f8 [0210.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54537ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54537ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae76e7e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cAlternateFileName="4C8F84~1")) returned 1 [0210.814] GetCurrentThreadId () returned 0x6f8 [0210.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x7295ee20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7295ee20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xadfb2060, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x680, dwReserved0=0x0, dwReserved1=0x0, cFileName="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cAlternateFileName="4DD397~1")) returned 1 [0210.814] GetCurrentThreadId () returned 0x6f8 [0210.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf8b9fd0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf8b9fd0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf8b9fd0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cAlternateFileName="5080DC~2")) returned 1 [0210.814] GetCurrentThreadId () returned 0x6f8 [0210.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf86dd10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf86dd10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf86dd10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cAlternateFileName="5080DC~1")) returned 1 [0210.814] GetCurrentThreadId () returned 0x6f8 [0210.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7af630, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cAlternateFileName="5457A8~1")) returned 1 [0210.814] GetCurrentThreadId () returned 0x6f8 [0210.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xed9b0820, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xed9b0820, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xed9b0820, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x32d, dwReserved0=0x0, dwReserved1=0x0, cFileName="696F3DE637E6DE85B458996D49D759AD", cAlternateFileName="696F3D~1")) returned 1 [0210.814] GetCurrentThreadId () returned 0x6f8 [0210.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf763370, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cAlternateFileName="705A76~1")) returned 1 [0210.814] GetCurrentThreadId () returned 0x6f8 [0210.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedb2d5e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedb2d5e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedb2d5e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x22a, dwReserved0=0x0, dwReserved1=0x0, cFileName="7396C420A8E1BC1DA97F1AF0D10BAD21", cAlternateFileName="7396C4~1")) returned 1 [0210.814] GetCurrentThreadId () returned 0x6f8 [0210.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.814] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x312640, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cAlternateFileName="7423F8~1")) returned 1 [0210.815] GetCurrentThreadId () returned 0x6f8 [0210.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.815] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd0e4c510, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x1fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0210.815] GetCurrentThreadId () returned 0x6f8 [0210.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.815] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b2324c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b2324c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b2324c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x67c, dwReserved0=0x0, dwReserved1=0x0, cFileName="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cAlternateFileName="7B8944~1")) returned 1 [0210.815] GetCurrentThreadId () returned 0x6f8 [0210.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x25e1430, dwHighDateTime=0x1d6076d)) [0210.815] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b199f40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b199f40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b199f40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cAlternateFileName="7D266D~2")) returned 1 [0210.819] GetCurrentThreadId () returned 0x6f8 [0210.819] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.819] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefaf7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefaf7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaec313e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cAlternateFileName="7D266D~1")) returned 1 [0210.819] GetCurrentThreadId () returned 0x6f8 [0210.819] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.819] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6056b480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6056b480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1ef687a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cAlternateFileName="8059E9~3")) returned 1 [0210.819] GetCurrentThreadId () returned 0x6f8 [0210.819] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.819] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61210960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61210960, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaecc9960, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cAlternateFileName="80273C~1")) returned 1 [0210.819] GetCurrentThreadId () returned 0x6f8 [0210.819] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.819] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58e24200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58e24200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9f5f40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cAlternateFileName="8059E9~2")) returned 1 [0210.819] GetCurrentThreadId () returned 0x6f8 [0210.819] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.820] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61236ac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61236ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3b0b01a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cAlternateFileName="809279~1")) returned 1 [0210.820] GetCurrentThreadId () returned 0x6f8 [0210.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.820] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58394060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58394060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f739c0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cAlternateFileName="8059E9~1")) returned 1 [0210.820] GetCurrentThreadId () returned 0x6f8 [0210.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.820] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x62378a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62378a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9a9c80, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cAlternateFileName="80E4BE~1")) returned 1 [0210.820] GetCurrentThreadId () returned 0x6f8 [0210.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.820] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x613675c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x613675c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69bba4a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cAlternateFileName="803B9E~1")) returned 1 [0210.820] GetCurrentThreadId () returned 0x6f8 [0210.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.820] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x63c50fe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c50fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb100bf40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cAlternateFileName="803D37~1")) returned 1 [0210.820] GetCurrentThreadId () returned 0x6f8 [0210.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.820] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61021780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61021780, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb1058200, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cAlternateFileName="8059E9~4")) returned 1 [0210.820] GetCurrentThreadId () returned 0x6f8 [0210.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.820] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x636a9ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x636a9ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb139e040, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cAlternateFileName="800D31~1")) returned 1 [0210.820] GetCurrentThreadId () returned 0x6f8 [0210.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.820] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x581f7ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x581f7ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f4d860, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x56e, dwReserved0=0x0, dwReserved1=0x0, cFileName="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cAlternateFileName="828298~1")) returned 1 [0210.820] GetCurrentThreadId () returned 0x6f8 [0210.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.820] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xec3c5340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec3c5340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xb16257a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cAlternateFileName="8828F3~1")) returned 1 [0210.820] GetCurrentThreadId () returned 0x6f8 [0210.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.820] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x8064ac00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8064ac00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80670d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cAlternateFileName="8828F3~2")) returned 1 [0210.820] GetCurrentThreadId () returned 0x6f8 [0210.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.821] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x59d, dwReserved0=0x0, dwReserved1=0x0, cFileName="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cAlternateFileName="8E4E51~1")) returned 1 [0210.821] GetCurrentThreadId () returned 0x6f8 [0210.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.821] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbddd270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd2da, dwReserved0=0x0, dwReserved1=0x0, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0210.821] GetCurrentThreadId () returned 0x6f8 [0210.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.821] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6a83cec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a83cec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaebe5120, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x5e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cAlternateFileName="955CAB~1")) returned 1 [0210.821] GetCurrentThreadId () returned 0x6f8 [0210.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.821] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf3f73d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf3f73d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf3f73d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cAlternateFileName="9BC2FF~1")) returned 1 [0210.822] GetCurrentThreadId () returned 0x6f8 [0210.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.822] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe06277d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe06277d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xb15d94e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x0, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cAlternateFileName="9C888B~1")) returned 1 [0210.822] GetCurrentThreadId () returned 0x6f8 [0210.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.822] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe07ca6f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe07ca6f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x965accc0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x0, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cAlternateFileName="9C888B~2")) returned 1 [0210.822] GetCurrentThreadId () returned 0x6f8 [0210.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.822] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54bc3730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54bc3730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb11d4fc0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cAlternateFileName="A9E4F7~1")) returned 1 [0210.822] GetCurrentThreadId () returned 0x6f8 [0210.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.822] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cAlternateFileName="ACF244~1")) returned 1 [0210.822] GetCurrentThreadId () returned 0x6f8 [0210.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.822] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe04aaa10, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe04aaa10, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xae4e7080, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x0, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cAlternateFileName="B3BB9C~2")) returned 1 [0210.822] GetCurrentThreadId () returned 0x6f8 [0210.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.822] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefc01b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefc01b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa4ee1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x0, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cAlternateFileName="B3BB9C~1")) returned 1 [0210.823] GetCurrentThreadId () returned 0x6f8 [0210.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.823] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54322770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54322770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cAlternateFileName="BC570E~2")) returned 1 [0210.823] GetCurrentThreadId () returned 0x6f8 [0210.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.823] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cAlternateFileName="BC570E~1")) returned 1 [0210.823] GetCurrentThreadId () returned 0x6f8 [0210.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.823] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56bb3b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56bb3b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaeca3800, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cAlternateFileName="C46E7B~2")) returned 1 [0210.823] GetCurrentThreadId () returned 0x6f8 [0210.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.823] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x682fbd00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x682fbd00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae0bca00, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cAlternateFileName="C46E7B~3")) returned 1 [0210.823] GetCurrentThreadId () returned 0x6f8 [0210.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.823] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5461c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5461c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf67eb30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cAlternateFileName="C46E7B~1")) returned 1 [0210.823] GetCurrentThreadId () returned 0x6f8 [0210.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.823] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x728c68a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x728c68a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xae63dce0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x5ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cAlternateFileName="D47DBD~2")) returned 1 [0210.823] GetCurrentThreadId () returned 0x6f8 [0210.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.824] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x545f6190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545f6190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69b6e1e0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x5ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cAlternateFileName="D47DBD~1")) returned 1 [0210.824] GetCurrentThreadId () returned 0x6f8 [0210.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.824] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x808d4a70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x808d4a70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x808d4a70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x663, dwReserved0=0x0, dwReserved1=0x0, cFileName="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cAlternateFileName="D52C56~1")) returned 1 [0210.824] GetCurrentThreadId () returned 0x6f8 [0210.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.824] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x683e0540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x683e0540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f015a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x64b, dwReserved0=0x0, dwReserved1=0x0, cFileName="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cAlternateFileName="EA6180~1")) returned 1 [0210.824] GetCurrentThreadId () returned 0x6f8 [0210.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.824] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf312b90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf312b90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x64c, dwReserved0=0x0, dwReserved1=0x0, cFileName="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cAlternateFileName="F293AE~1")) returned 1 [0210.824] GetCurrentThreadId () returned 0x6f8 [0210.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.824] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x0, dwReserved1=0x0, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 1 [0210.824] GetCurrentThreadId () returned 0x6f8 [0210.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.824] FindNextFileW (in: hFindFile=0x7e62358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x0, dwReserved1=0x0, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 0 [0210.824] GetCurrentThreadId () returned 0x6f8 [0210.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.824] FindNextFileW (in: hFindFile=0x7e62318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MetaData", cAlternateFileName="")) returned 1 [0210.824] GetCurrentThreadId () returned 0x6f8 [0210.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.825] GetCurrentThreadId () returned 0x6f8 [0210.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.825] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62398 [0210.827] GetCurrentThreadId () returned 0x6f8 [0210.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.828] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.829] GetCurrentThreadId () returned 0x6f8 [0210.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.829] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf9eaad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf9eaad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf9eaad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x0, dwReserved1=0x0, cFileName="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cAlternateFileName="024823~1")) returned 1 [0210.829] GetCurrentThreadId () returned 0x6f8 [0210.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.829] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bd8410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bd8410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe98d390, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x166, dwReserved0=0x0, dwReserved1=0x0, cFileName="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cAlternateFileName="0F1583~1")) returned 1 [0210.829] GetCurrentThreadId () returned 0x6f8 [0210.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.829] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf952550, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf952550, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf952550, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cAlternateFileName="1BB09B~1")) returned 1 [0210.829] GetCurrentThreadId () returned 0x6f8 [0210.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.829] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4c00edb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c00edb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4c00edb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="1DAF2884EC4DFA96BA4A58D4DBC9C406", cAlternateFileName="1DAF28~1")) returned 1 [0210.829] GetCurrentThreadId () returned 0x6f8 [0210.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.830] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x580eb5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x580eb5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaedd4300, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x0, dwReserved1=0x0, cFileName="23B523C9E7746F715D33C6527C18EB9D", cAlternateFileName="23B523~1")) returned 1 [0210.830] GetCurrentThreadId () returned 0x6f8 [0210.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.830] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xc3791460, ftCreationTime.dwHighDateTime=0x1d2e675, ftLastAccessTime.dwLowDateTime=0xc3791460, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc3791460, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="3130B1871A126520A8C47861EFE3ED4D", cAlternateFileName="3130B1~1")) returned 1 [0210.830] GetCurrentThreadId () returned 0x6f8 [0210.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.830] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53fdc930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53fdc930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf16fc70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18a, dwReserved0=0x0, dwReserved1=0x0, cFileName="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cAlternateFileName="3388EC~1")) returned 1 [0210.830] GetCurrentThreadId () returned 0x6f8 [0210.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.830] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53b19d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b19d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54583d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x0, dwReserved1=0x0, cFileName="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cAlternateFileName="40E450~1")) returned 1 [0210.830] GetCurrentThreadId () returned 0x6f8 [0210.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.830] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54537ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54537ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae76e7e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cAlternateFileName="4C8F84~1")) returned 1 [0210.830] GetCurrentThreadId () returned 0x6f8 [0210.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.830] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x7295ee20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7295ee20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xadfb2060, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cAlternateFileName="4DD397~1")) returned 1 [0210.830] GetCurrentThreadId () returned 0x6f8 [0210.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.830] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf8b9fd0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf8b9fd0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf8b9fd0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cAlternateFileName="5080DC~2")) returned 1 [0210.830] GetCurrentThreadId () returned 0x6f8 [0210.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.830] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf86dd10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf86dd10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf86dd10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x0, dwReserved1=0x0, cFileName="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cAlternateFileName="5080DC~1")) returned 1 [0210.831] GetCurrentThreadId () returned 0x6f8 [0210.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.831] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7af630, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cAlternateFileName="5457A8~1")) returned 1 [0210.831] GetCurrentThreadId () returned 0x6f8 [0210.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.831] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xed9b0820, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xed9b0820, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xed9b0820, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0xf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="696F3DE637E6DE85B458996D49D759AD", cAlternateFileName="696F3D~1")) returned 1 [0210.831] GetCurrentThreadId () returned 0x6f8 [0210.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.831] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf763370, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cAlternateFileName="705A76~1")) returned 1 [0210.831] GetCurrentThreadId () returned 0x6f8 [0210.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.831] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedb2d5e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedb2d5e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedb2d5e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="7396C420A8E1BC1DA97F1AF0D10BAD21", cAlternateFileName="7396C4~1")) returned 1 [0210.831] GetCurrentThreadId () returned 0x6f8 [0210.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.831] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x312640, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cAlternateFileName="7423F8~1")) returned 1 [0210.831] GetCurrentThreadId () returned 0x6f8 [0210.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.831] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd48e2bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0210.831] GetCurrentThreadId () returned 0x6f8 [0210.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.831] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b2324c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b2324c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b2324c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cAlternateFileName="7B8944~1")) returned 1 [0210.832] GetCurrentThreadId () returned 0x6f8 [0210.832] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2607590, dwHighDateTime=0x1d6076d)) [0210.832] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b199f40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b199f40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b199f40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cAlternateFileName="7D266D~2")) returned 1 [0210.833] GetCurrentThreadId () returned 0x6f8 [0210.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.833] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefaf7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefaf7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaec313e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cAlternateFileName="7D266D~1")) returned 1 [0210.833] GetCurrentThreadId () returned 0x6f8 [0210.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.833] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6056b480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6056b480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1ef687a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cAlternateFileName="8059E9~3")) returned 1 [0210.833] GetCurrentThreadId () returned 0x6f8 [0210.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.833] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x611ea800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x611ea800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaecc9960, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cAlternateFileName="80273C~1")) returned 1 [0210.834] GetCurrentThreadId () returned 0x6f8 [0210.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.834] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58e24200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58e24200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9f5f40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cAlternateFileName="8059E9~2")) returned 1 [0210.834] GetCurrentThreadId () returned 0x6f8 [0210.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.834] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61236ac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61236ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3b0b01a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cAlternateFileName="809279~1")) returned 1 [0210.834] GetCurrentThreadId () returned 0x6f8 [0210.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.834] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5836df00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5836df00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f739c0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cAlternateFileName="8059E9~1")) returned 1 [0210.834] GetCurrentThreadId () returned 0x6f8 [0210.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.834] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x62378a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62378a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9a9c80, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cAlternateFileName="80E4BE~1")) returned 1 [0210.834] GetCurrentThreadId () returned 0x6f8 [0210.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.834] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x613675c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x613675c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69bba4a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cAlternateFileName="803B9E~1")) returned 1 [0210.834] GetCurrentThreadId () returned 0x6f8 [0210.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.834] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x63c50fe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c50fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb100bf40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cAlternateFileName="803D37~1")) returned 1 [0210.834] GetCurrentThreadId () returned 0x6f8 [0210.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.834] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61021780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61021780, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb1058200, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cAlternateFileName="8059E9~4")) returned 1 [0210.834] GetCurrentThreadId () returned 0x6f8 [0210.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.835] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x636a9ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x636a9ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb139e040, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cAlternateFileName="800D31~1")) returned 1 [0210.835] GetCurrentThreadId () returned 0x6f8 [0210.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.835] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x581f7ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x581f7ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f4d860, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x180, dwReserved0=0x0, dwReserved1=0x0, cFileName="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cAlternateFileName="828298~1")) returned 1 [0210.835] GetCurrentThreadId () returned 0x6f8 [0210.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.835] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xec3c5340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec3c5340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xb16257a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x0, dwReserved1=0x0, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cAlternateFileName="8828F3~1")) returned 1 [0210.835] GetCurrentThreadId () returned 0x6f8 [0210.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.835] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x8064ac00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8064ac00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80670d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x0, dwReserved1=0x0, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cAlternateFileName="8828F3~2")) returned 1 [0210.835] GetCurrentThreadId () returned 0x6f8 [0210.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.835] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x196, dwReserved0=0x0, dwReserved1=0x0, cFileName="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cAlternateFileName="8E4E51~1")) returned 1 [0210.835] GetCurrentThreadId () returned 0x6f8 [0210.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.835] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbf0dd70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x0, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0210.835] GetCurrentThreadId () returned 0x6f8 [0210.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.835] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6a83cec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a83cec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaebe5120, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cAlternateFileName="955CAB~1")) returned 1 [0210.835] GetCurrentThreadId () returned 0x6f8 [0210.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.835] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf3f73d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf3f73d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf3f73d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cAlternateFileName="9BC2FF~1")) returned 1 [0210.836] GetCurrentThreadId () returned 0x6f8 [0210.836] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.836] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe06277d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe06277d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xb15d94e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cAlternateFileName="9C888B~1")) returned 1 [0210.836] GetCurrentThreadId () returned 0x6f8 [0210.836] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.836] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe07ca6f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe07ca6f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x965accc0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cAlternateFileName="9C888B~2")) returned 1 [0210.837] GetCurrentThreadId () returned 0x6f8 [0210.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.837] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54bc3730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54bc3730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb11d4fc0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cAlternateFileName="A9E4F7~1")) returned 1 [0210.837] GetCurrentThreadId () returned 0x6f8 [0210.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.837] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cAlternateFileName="ACF244~1")) returned 1 [0210.837] GetCurrentThreadId () returned 0x6f8 [0210.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.837] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe04aaa10, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe04aaa10, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xae4e7080, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cAlternateFileName="B3BB9C~2")) returned 1 [0210.837] GetCurrentThreadId () returned 0x6f8 [0210.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.837] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefc01b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefc01b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa4ee1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cAlternateFileName="B3BB9C~1")) returned 1 [0210.837] GetCurrentThreadId () returned 0x6f8 [0210.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.837] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54322770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54322770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x204, dwReserved0=0x0, dwReserved1=0x0, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cAlternateFileName="BC570E~2")) returned 1 [0210.837] GetCurrentThreadId () returned 0x6f8 [0210.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.837] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x204, dwReserved0=0x0, dwReserved1=0x0, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cAlternateFileName="BC570E~1")) returned 1 [0210.837] GetCurrentThreadId () returned 0x6f8 [0210.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.837] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56bb3b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56bb3b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaeca3800, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cAlternateFileName="C46E7B~2")) returned 1 [0210.837] GetCurrentThreadId () returned 0x6f8 [0210.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.837] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x682fbd00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x682fbd00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae0bca00, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cAlternateFileName="C46E7B~3")) returned 1 [0210.838] GetCurrentThreadId () returned 0x6f8 [0210.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.838] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5461c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5461c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf67eb30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cAlternateFileName="C46E7B~1")) returned 1 [0210.838] GetCurrentThreadId () returned 0x6f8 [0210.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.838] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x728c68a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x728c68a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xae63dce0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cAlternateFileName="D47DBD~2")) returned 1 [0210.838] GetCurrentThreadId () returned 0x6f8 [0210.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.838] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x545f6190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545f6190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69b6e1e0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cAlternateFileName="D47DBD~1")) returned 1 [0210.838] GetCurrentThreadId () returned 0x6f8 [0210.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.838] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x808d4a70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x808d4a70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x808d4a70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cAlternateFileName="D52C56~1")) returned 1 [0210.838] GetCurrentThreadId () returned 0x6f8 [0210.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.838] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x683e0540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x683e0540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f015a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cAlternateFileName="EA6180~1")) returned 1 [0210.838] GetCurrentThreadId () returned 0x6f8 [0210.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.838] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf312b90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf312b90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cAlternateFileName="F293AE~1")) returned 1 [0210.838] GetCurrentThreadId () returned 0x6f8 [0210.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.838] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x0, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 1 [0210.838] GetCurrentThreadId () returned 0x6f8 [0210.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.839] FindNextFileW (in: hFindFile=0x7e62398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x0, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 0 [0210.839] GetCurrentThreadId () returned 0x6f8 [0210.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.839] FindNextFileW (in: hFindFile=0x7e62318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MetaData", cAlternateFileName="")) returned 0 [0210.839] GetCurrentThreadId () returned 0x6f8 [0210.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.839] FindNextFileW (in: hFindFile=0x7e622d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IME12", cAlternateFileName="")) returned 1 [0210.839] GetCurrentThreadId () returned 0x6f8 [0210.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.839] GetCurrentThreadId () returned 0x6f8 [0210.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.839] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e623d8 [0210.840] GetCurrentThreadId () returned 0x6f8 [0210.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.841] FindNextFileW (in: hFindFile=0x7e623d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.841] GetCurrentThreadId () returned 0x6f8 [0210.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.841] FindNextFileW (in: hFindFile=0x7e623d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.841] GetCurrentThreadId () returned 0x6f8 [0210.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.841] FindNextFileW (in: hFindFile=0x7e622d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0210.841] GetCurrentThreadId () returned 0x6f8 [0210.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.841] GetCurrentThreadId () returned 0x6f8 [0210.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.841] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62418 [0210.841] GetCurrentThreadId () returned 0x6f8 [0210.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.842] FindNextFileW (in: hFindFile=0x7e62418, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.842] GetCurrentThreadId () returned 0x6f8 [0210.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.842] FindNextFileW (in: hFindFile=0x7e62418, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.842] GetCurrentThreadId () returned 0x6f8 [0210.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.842] FindNextFileW (in: hFindFile=0x7e622d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0210.842] GetCurrentThreadId () returned 0x6f8 [0210.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.842] GetCurrentThreadId () returned 0x6f8 [0210.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.842] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62458 [0210.843] GetCurrentThreadId () returned 0x6f8 [0210.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.843] FindNextFileW (in: hFindFile=0x7e62458, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.843] GetCurrentThreadId () returned 0x6f8 [0210.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.843] FindNextFileW (in: hFindFile=0x7e62458, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.843] GetCurrentThreadId () returned 0x6f8 [0210.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.844] FindNextFileW (in: hFindFile=0x7e622d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0210.844] GetCurrentThreadId () returned 0x6f8 [0210.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.844] GetCurrentThreadId () returned 0x6f8 [0210.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.844] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62498 [0210.844] GetCurrentThreadId () returned 0x6f8 [0210.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.844] FindNextFileW (in: hFindFile=0x7e62498, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.844] GetCurrentThreadId () returned 0x6f8 [0210.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.844] FindNextFileW (in: hFindFile=0x7e62498, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.844] GetCurrentThreadId () returned 0x6f8 [0210.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.844] FindNextFileW (in: hFindFile=0x7e622d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0210.845] GetCurrentThreadId () returned 0x6f8 [0210.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.845] GetCurrentThreadId () returned 0x6f8 [0210.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.845] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e624d8 [0210.846] GetCurrentThreadId () returned 0x6f8 [0210.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.846] FindNextFileW (in: hFindFile=0x7e624d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.846] GetCurrentThreadId () returned 0x6f8 [0210.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.846] FindNextFileW (in: hFindFile=0x7e624d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DOMStore", cAlternateFileName="")) returned 1 [0210.846] GetCurrentThreadId () returned 0x6f8 [0210.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.846] GetCurrentThreadId () returned 0x6f8 [0210.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.846] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62518 [0210.848] GetCurrentThreadId () returned 0x6f8 [0210.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.848] FindNextFileW (in: hFindFile=0x7e62518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.848] GetCurrentThreadId () returned 0x6f8 [0210.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.848] FindNextFileW (in: hFindFile=0x7e62518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="36USA68T", cAlternateFileName="")) returned 1 [0210.848] GetCurrentThreadId () returned 0x6f8 [0210.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x262d6f0, dwHighDateTime=0x1d6076d)) [0210.848] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62558 [0210.849] FindNextFileW (in: hFindFile=0x7e62558, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.849] FindNextFileW (in: hFindFile=0x7e62558, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b05050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x0, cFileName="imagesrv.adition[1].xml", cAlternateFileName="IMAGES~1.XML")) returned 1 [0210.849] FindNextFileW (in: hFindFile=0x7e62558, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b05050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x0, cFileName="imagesrv.adition[1].xml", cAlternateFileName="IMAGES~1.XML")) returned 0 [0210.850] FindNextFileW (in: hFindFile=0x7e62518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3O75JDME", cAlternateFileName="")) returned 1 [0210.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62598 [0210.851] FindNextFileW (in: hFindFile=0x7e62598, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.851] FindNextFileW (in: hFindFile=0x7e62598, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605dd8a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x696aec80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x0, cFileName="www.google[1].xml", cAlternateFileName="WWWGOO~1.XML")) returned 1 [0210.851] FindNextFileW (in: hFindFile=0x7e62598, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605dd8a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x696aec80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x0, cFileName="www.google[1].xml", cAlternateFileName="WWWGOO~1.XML")) returned 0 [0210.851] FindNextFileW (in: hFindFile=0x7e62518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0210.851] FindNextFileW (in: hFindFile=0x7e62518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UV0DUWVB", cAlternateFileName="")) returned 1 [0210.851] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e625d8 [0210.853] FindNextFileW (in: hFindFile=0x7e625d8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.853] FindNextFileW (in: hFindFile=0x7e625d8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.853] FindNextFileW (in: hFindFile=0x7e62518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VGMTOI09", cAlternateFileName="")) returned 1 [0210.853] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62618 [0210.853] FindNextFileW (in: hFindFile=0x7e62618, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.854] FindNextFileW (in: hFindFile=0x7e62618, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x344, dwReserved0=0x0, dwReserved1=0x0, cFileName="www.msn[1].xml", cAlternateFileName="WWWMSN~1.XML")) returned 1 [0210.854] FindNextFileW (in: hFindFile=0x7e62618, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x344, dwReserved0=0x0, dwReserved1=0x0, cFileName="www.msn[1].xml", cAlternateFileName="WWWMSN~1.XML")) returned 0 [0210.854] FindNextFileW (in: hFindFile=0x7e62518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VGMTOI09", cAlternateFileName="")) returned 0 [0210.854] FindNextFileW (in: hFindFile=0x7e624d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0210.854] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62658 [0210.855] FindNextFileW (in: hFindFile=0x7e62658, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.855] FindNextFileW (in: hFindFile=0x7e62658, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.855] FindNextFileW (in: hFindFile=0x7e624d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 0 [0210.856] FindNextFileW (in: hFindFile=0x7e622d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 0 [0210.856] FindNextFileW (in: hFindFile=0x7e5ed58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0210.856] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62698 [0210.857] FindNextFileW (in: hFindFile=0x7e62698, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.857] FindNextFileW (in: hFindFile=0x7e62698, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0210.857] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e626d8 [0210.858] FindNextFileW (in: hFindFile=0x7e626d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.858] FindNextFileW (in: hFindFile=0x7e626d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AU", cAlternateFileName="")) returned 1 [0210.858] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62718 [0210.859] FindNextFileW (in: hFindFile=0x7e62718, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.860] FindNextFileW (in: hFindFile=0x7e62718, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eec92c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8e062, dwReserved0=0x0, dwReserved1=0x0, cFileName="au.cab", cAlternateFileName="")) returned 1 [0210.860] FindNextFileW (in: hFindFile=0x7e62718, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eec92c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d400, dwReserved0=0x0, dwReserved1=0x0, cFileName="au.msi", cAlternateFileName="")) returned 1 [0210.860] FindNextFileW (in: hFindFile=0x7e62718, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eec92c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d400, dwReserved0=0x0, dwReserved1=0x0, cFileName="au.msi", cAlternateFileName="")) returned 0 [0210.860] FindNextFileW (in: hFindFile=0x7e626d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0210.860] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e62758 [0210.861] FindNextFileW (in: hFindFile=0x7e62758, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.861] FindNextFileW (in: hFindFile=0x7e62758, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1ea6db0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xfec5c570, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="deployment.properties", cAlternateFileName="DEPLOY~1.PRO")) returned 1 [0210.861] FindNextFileW (in: hFindFile=0x7e62758, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="security", cAlternateFileName="")) returned 1 [0210.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e687d8 [0210.862] FindNextFileW (in: hFindFile=0x7e687d8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.862] FindNextFileW (in: hFindFile=0x7e687d8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.862] FindNextFileW (in: hFindFile=0x7e62758, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tmp", cAlternateFileName="")) returned 1 [0210.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68818 [0210.863] FindNextFileW (in: hFindFile=0x7e68818, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.863] FindNextFileW (in: hFindFile=0x7e68818, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfaeead90, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="si", cAlternateFileName="")) returned 1 [0210.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68858 [0210.864] FindNextFileW (in: hFindFile=0x7e68858, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.864] FindNextFileW (in: hFindFile=0x7e68858, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0210.864] FindNextFileW (in: hFindFile=0x7e68818, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfaeead90, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="si", cAlternateFileName="")) returned 0 [0210.864] FindNextFileW (in: hFindFile=0x7e62758, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tmp", cAlternateFileName="")) returned 0 [0210.865] FindNextFileW (in: hFindFile=0x7e626d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jre1.7.0_45", cAlternateFileName="JRE17~1.0_4")) returned 1 [0210.865] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68898 [0210.865] FindNextFileW (in: hFindFile=0x7e68898, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.865] FindNextFileW (in: hFindFile=0x7e68898, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x182ac2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data1.cab", cAlternateFileName="")) returned 1 [0210.865] FindNextFileW (in: hFindFile=0x7e68898, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68d26e60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xdd600, dwReserved0=0x0, dwReserved1=0x0, cFileName="jre1.7.0_45.msi", cAlternateFileName="JRE170~1.MSI")) returned 1 [0210.865] FindNextFileW (in: hFindFile=0x7e68898, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68d26e60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xdd600, dwReserved0=0x0, dwReserved1=0x0, cFileName="jre1.7.0_45.msi", cAlternateFileName="JRE170~1.MSI")) returned 0 [0210.865] FindNextFileW (in: hFindFile=0x7e626d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jre1.7.0_45", cAlternateFileName="JRE17~1.0_4")) returned 0 [0210.865] FindNextFileW (in: hFindFile=0x7e62698, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 0 [0210.866] FindNextFileW (in: hFindFile=0x7e5ed58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 0 [0210.866] FindNextFileW (in: hFindFile=0x6a8b08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda3b1fe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda3b1fe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0210.866] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda3b1fe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda3b1fe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e688d8 [0210.867] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda3b1fe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda3b1fe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.867] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bb9dbe0, ftCreationTime.dwHighDateTime=0x1d5dc9b, ftLastAccessTime.dwLowDateTime=0xb094d400, ftLastAccessTime.dwHighDateTime=0x1d5ddf4, ftLastWriteTime.dwLowDateTime=0xb094d400, ftLastWriteTime.dwHighDateTime=0x1d5ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x13ec5, dwReserved0=0x0, dwReserved1=0x0, cFileName="4iUatEjeZpHqCmOXk_.mp3", cAlternateFileName="4IUATE~1.MP3")) returned 1 [0210.876] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4iUatEjeZpHqCmOXk_.mp3", dwFileAttributes=0x80) returned 1 [0210.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4iUatEjeZpHqCmOXk_.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4iuatejezphqcmoxk_.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf64 [0210.876] GetFileSize (in: hFile=0xf64, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13ec5 [0210.885] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4iUatEjeZpHqCmOXk_.mp3", dwFileAttributes=0x2020) returned 1 [0210.886] GetCurrentThreadId () returned 0x6f8 [0210.886] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4iUatEjeZpHqCmOXk_.mp3", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4iUatEjeZpHqCmOXk_.mp3", piIcon=0x4e4efc4) returned 0x1e008b [0210.934] GetIconInfo (in: hIcon=0x1e008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0210.934] CreateFileW (lpFileName="KsIk.ico" (normalized: "c:\\windows\\system32\\ksik.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf64 [0210.935] GetObjectA (in: h=0x77050772, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0210.935] GetObjectA (in: h=0x6b050770, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0210.935] CreateCompatibleDC (hdc=0x0) returned 0x9f0101fe [0210.935] GetDIBits (in: hdc=0x9f0101fe, hbm=0x77050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0210.935] GetDIBits (in: hdc=0x9f0101fe, hbm=0x77050772, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0210.935] GetDIBits (in: hdc=0x9f0101fe, hbm=0x77050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0210.936] GetDIBits (in: hdc=0x9f0101fe, hbm=0x6b050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0210.936] WriteFile (in: hFile=0xf64, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0210.936] WriteFile (in: hFile=0xf64, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0210.937] WriteFile (in: hFile=0xf64, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0210.937] WriteFile (in: hFile=0xf64, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0210.937] WriteFile (in: hFile=0xf64, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0210.937] DeleteDC (hdc=0x9f0101fe) returned 1 [0210.937] CloseHandle (hObject=0xf64) returned 1 [0211.036] DeleteObject (ho=0x77050772) returned 1 [0211.036] DeleteObject (ho=0x6b050770) returned 1 [0211.036] DestroyCursor (hCursor=0x1e008b) returned 1 [0211.036] GetCurrentThreadId () returned 0x6f8 [0211.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4iUatEjeZpHqCmOXk_.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4iuatejezphqcmoxk_.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf64 [0211.036] GetFileSize (in: hFile=0xf64, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13ec5 [0211.041] ReadFile (in: hFile=0xf64, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x13ec5, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x13ec5, lpOverlapped=0x0) returned 1 [0211.042] CloseHandle (hObject=0xf64) returned 1 [0211.042] GetCurrentThreadId () returned 0x6f8 [0211.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x275e1f0, dwHighDateTime=0x1d6076d)) [0211.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x275e1f0, dwHighDateTime=0x1d6076d)) [0211.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x275e1f0, dwHighDateTime=0x1d6076d)) [0211.138] GetCurrentThreadId () returned 0x6f8 [0211.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2842a30, dwHighDateTime=0x1d6076d)) [0211.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2842a30, dwHighDateTime=0x1d6076d)) [0211.138] GetCurrentThreadId () returned 0x6f8 [0211.138] CreateFileW (lpFileName="gAgw.exe" (normalized: "c:\\windows\\system32\\gagw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.139] CreateFileW (lpFileName="gAgw.exe" (normalized: "c:\\windows\\system32\\gagw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.140] GetCurrentThreadId () returned 0x6f8 [0211.140] GetCurrentThreadId () returned 0x6f8 [0211.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2842a30, dwHighDateTime=0x1d6076d)) [0211.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2842a30, dwHighDateTime=0x1d6076d)) [0211.140] CreateFileW (lpFileName="gAgw.exe" (normalized: "c:\\windows\\system32\\gagw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.140] GetCurrentThreadId () returned 0x6f8 [0211.140] BeginUpdateResourceW (pFileName="gAgw.exe" (normalized: "c:\\windows\\system32\\gagw.exe"), bDeleteExistingResources=0) returned 0x0 [0211.140] CreateFileW (lpFileName="KsIk.ico" (normalized: "c:\\windows\\system32\\ksik.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf64 [0211.140] GetFileSize (in: hFile=0xf64, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0211.140] ReadFile (in: hFile=0xf64, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0211.140] CloseHandle (hObject=0xf64) returned 1 [0211.141] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0211.141] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0211.141] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0211.141] CopyFileW (lpExistingFileName="gAgw.exe" (normalized: "c:\\windows\\system32\\gagw.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4iUatEjeZpHqCmOXk_.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4iuatejezphqcmoxk_.mp3.exe"), bFailIfExists=0) returned 0 [0211.141] SetNamedSecurityInfoW () returned 0x2 [0211.141] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4iUatEjeZpHqCmOXk_.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4iuatejezphqcmoxk_.mp3")) returned 1 [0211.143] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x88, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x88, lpOverlapped=0x0) returned 1 [0211.143] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0211.143] DeleteFileW (lpFileName="KsIk.ico" (normalized: "c:\\windows\\system32\\ksik.ico")) returned 1 [0211.146] DeleteFileW (lpFileName="gAgw.exe" (normalized: "c:\\windows\\system32\\gagw.exe")) returned 0 [0211.146] GetCurrentThreadId () returned 0x6f8 [0211.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x2868b90, dwHighDateTime=0x1d6076d)) [0211.146] GetCurrentThreadId () returned 0x6f8 [0211.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2868b90, dwHighDateTime=0x1d6076d)) [0211.146] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9a26b80, ftCreationTime.dwHighDateTime=0x1d5e47a, ftLastAccessTime.dwLowDateTime=0x7f22a160, ftLastAccessTime.dwHighDateTime=0x1d5db45, ftLastWriteTime.dwLowDateTime=0x7f22a160, ftLastWriteTime.dwHighDateTime=0x1d5db45, nFileSizeHigh=0x0, nFileSizeLow=0x174c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="88fGHH-bB.png", cAlternateFileName="88FGHH~1.PNG")) returned 1 [0211.146] GetCurrentThreadId () returned 0x6f8 [0211.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x2868b90, dwHighDateTime=0x1d6076d)) [0211.147] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\88fGHH-bB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\88fghh-bb.png")) returned 0x2020 [0211.148] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\88fGHH-bB.png", dwFileAttributes=0x80) returned 1 [0211.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\88fGHH-bB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\88fghh-bb.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf64 [0211.148] GetFileSize (in: hFile=0xf64, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x174c3 [0211.153] ReadFile (in: hFile=0xf64, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x174c3, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x174c3, lpOverlapped=0x0) returned 1 [0211.156] GetCurrentThreadId () returned 0x6f8 [0211.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2868b90, dwHighDateTime=0x1d6076d)) [0211.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2868b90, dwHighDateTime=0x1d6076d)) [0211.156] GetCurrentThreadId () returned 0x6f8 [0211.156] CloseHandle (hObject=0xf64) returned 1 [0211.157] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\88fGHH-bB.png", dwFileAttributes=0x2020) returned 1 [0211.157] GetCurrentThreadId () returned 0x6f8 [0211.157] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2868b90, dwHighDateTime=0x1d6076d)) [0211.157] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2868b90, dwHighDateTime=0x1d6076d)) [0211.157] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\88fGHH-bB.png", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\88fGHH-bB.png", piIcon=0x4e4efc4) returned 0x1f008b [0211.169] GetIconInfo (in: hIcon=0x1f008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0211.170] CreateFileW (lpFileName="yYMQ.ico" (normalized: "c:\\windows\\system32\\yymq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf6c [0211.170] GetObjectA (in: h=0x600501fa, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0211.170] GetObjectA (in: h=0xd40501ca, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0211.170] CreateCompatibleDC (hdc=0x0) returned 0x8301016f [0211.170] GetDIBits (in: hdc=0x8301016f, hbm=0x600501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0211.171] GetDIBits (in: hdc=0x8301016f, hbm=0x600501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0211.171] GetDIBits (in: hdc=0x8301016f, hbm=0x600501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0211.171] GetDIBits (in: hdc=0x8301016f, hbm=0xd40501ca, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0211.171] WriteFile (in: hFile=0xf6c, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0211.172] WriteFile (in: hFile=0xf6c, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0211.172] WriteFile (in: hFile=0xf6c, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0211.172] WriteFile (in: hFile=0xf6c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0211.172] WriteFile (in: hFile=0xf6c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0211.173] DeleteDC (hdc=0x8301016f) returned 1 [0211.173] CloseHandle (hObject=0xf6c) returned 1 [0211.173] DeleteObject (ho=0x600501fa) returned 1 [0211.173] DeleteObject (ho=0xd40501ca) returned 1 [0211.173] DestroyCursor (hCursor=0x1f008b) returned 1 [0211.173] GetCurrentThreadId () returned 0x6f8 [0211.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\88fGHH-bB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\88fghh-bb.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf6c [0211.173] GetFileSize (in: hFile=0xf6c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x174c3 [0211.178] ReadFile (in: hFile=0xf6c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x174c3, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x174c3, lpOverlapped=0x0) returned 1 [0211.178] CloseHandle (hObject=0xf6c) returned 1 [0211.178] GetCurrentThreadId () returned 0x6f8 [0211.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x28b4e50, dwHighDateTime=0x1d6076d)) [0211.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x28b4e50, dwHighDateTime=0x1d6076d)) [0211.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x28b4e50, dwHighDateTime=0x1d6076d)) [0211.257] GetCurrentThreadId () returned 0x6f8 [0211.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2973530, dwHighDateTime=0x1d6076d)) [0211.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2973530, dwHighDateTime=0x1d6076d)) [0211.257] GetCurrentThreadId () returned 0x6f8 [0211.257] CreateFileW (lpFileName="IAwK.exe" (normalized: "c:\\windows\\system32\\iawk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.258] CreateFileW (lpFileName="IAwK.exe" (normalized: "c:\\windows\\system32\\iawk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.258] GetCurrentThreadId () returned 0x6f8 [0211.258] GetCurrentThreadId () returned 0x6f8 [0211.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2973530, dwHighDateTime=0x1d6076d)) [0211.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2973530, dwHighDateTime=0x1d6076d)) [0211.258] CreateFileW (lpFileName="IAwK.exe" (normalized: "c:\\windows\\system32\\iawk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.259] GetCurrentThreadId () returned 0x6f8 [0211.259] BeginUpdateResourceW (pFileName="IAwK.exe" (normalized: "c:\\windows\\system32\\iawk.exe"), bDeleteExistingResources=0) returned 0x0 [0211.259] CreateFileW (lpFileName="yYMQ.ico" (normalized: "c:\\windows\\system32\\yymq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf6c [0211.259] GetFileSize (in: hFile=0xf6c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0211.259] ReadFile (in: hFile=0xf6c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0211.259] CloseHandle (hObject=0xf6c) returned 1 [0211.260] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0211.260] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0211.260] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0211.260] CopyFileW (lpExistingFileName="IAwK.exe" (normalized: "c:\\windows\\system32\\iawk.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\88fGHH-bB.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\88fghh-bb.png.exe"), bFailIfExists=0) returned 0 [0211.260] SetNamedSecurityInfoW () returned 0x2 [0211.260] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\88fGHH-bB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\88fghh-bb.png")) returned 1 [0211.264] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x76, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x76, lpOverlapped=0x0) returned 1 [0211.264] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0211.264] DeleteFileW (lpFileName="yYMQ.ico" (normalized: "c:\\windows\\system32\\yymq.ico")) returned 1 [0211.265] DeleteFileW (lpFileName="IAwK.exe" (normalized: "c:\\windows\\system32\\iawk.exe")) returned 0 [0211.265] GetCurrentThreadId () returned 0x6f8 [0211.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x2973530, dwHighDateTime=0x1d6076d)) [0211.265] GetCurrentThreadId () returned 0x6f8 [0211.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2973530, dwHighDateTime=0x1d6076d)) [0211.265] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5039c650, ftCreationTime.dwHighDateTime=0x1d5e60b, ftLastAccessTime.dwLowDateTime=0xe4199140, ftLastAccessTime.dwHighDateTime=0x1d5e6a9, ftLastWriteTime.dwLowDateTime=0xe4199140, ftLastWriteTime.dwHighDateTime=0x1d5e6a9, nFileSizeHigh=0x0, nFileSizeLow=0x23e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="a3D-Y gOV9dSqwM.flv", cAlternateFileName="A3D-YG~1.FLV")) returned 1 [0211.265] GetCurrentThreadId () returned 0x6f8 [0211.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2973530, dwHighDateTime=0x1d6076d)) [0211.265] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe6f9c20, ftCreationTime.dwHighDateTime=0x1d5dc1c, ftLastAccessTime.dwLowDateTime=0x50ef6c20, ftLastAccessTime.dwHighDateTime=0x1d5e747, ftLastWriteTime.dwLowDateTime=0x50ef6c20, ftLastWriteTime.dwHighDateTime=0x1d5e747, nFileSizeHigh=0x0, nFileSizeLow=0x2f7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="a5lNIpKaFDZ8fs9F1EOh.mp3", cAlternateFileName="A5LNIP~1.MP3")) returned 1 [0211.266] GetCurrentThreadId () returned 0x6f8 [0211.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x2973530, dwHighDateTime=0x1d6076d)) [0211.266] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\a5lNIpKaFDZ8fs9F1EOh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a5lnipkafdz8fs9f1eoh.mp3")) returned 0x2020 [0211.267] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\a5lNIpKaFDZ8fs9F1EOh.mp3", dwFileAttributes=0x80) returned 1 [0211.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\a5lNIpKaFDZ8fs9F1EOh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a5lnipkafdz8fs9f1eoh.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf6c [0211.267] GetFileSize (in: hFile=0xf6c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2f7f [0211.273] ReadFile (in: hFile=0xf6c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2f7f, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x2f7f, lpOverlapped=0x0) returned 1 [0211.277] GetCurrentThreadId () returned 0x6f8 [0211.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2999690, dwHighDateTime=0x1d6076d)) [0211.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2999690, dwHighDateTime=0x1d6076d)) [0211.277] GetCurrentThreadId () returned 0x6f8 [0211.277] CloseHandle (hObject=0xf6c) returned 1 [0211.278] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\a5lNIpKaFDZ8fs9F1EOh.mp3", dwFileAttributes=0x2020) returned 1 [0211.278] GetCurrentThreadId () returned 0x6f8 [0211.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2999690, dwHighDateTime=0x1d6076d)) [0211.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2999690, dwHighDateTime=0x1d6076d)) [0211.278] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\a5lNIpKaFDZ8fs9F1EOh.mp3", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\a5lNIpKaFDZ8fs9F1EOh.mp3", piIcon=0x4e4efc4) returned 0x20008b [0211.289] GetIconInfo (in: hIcon=0x20008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0211.289] CreateFileW (lpFileName="MqsE.ico" (normalized: "c:\\windows\\system32\\mqse.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf64 [0211.290] GetObjectA (in: h=0x6e050770, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0211.290] GetObjectA (in: h=0x7c050772, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0211.290] CreateCompatibleDC (hdc=0x0) returned 0x5e010771 [0211.290] GetDIBits (in: hdc=0x5e010771, hbm=0x6e050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0211.290] GetDIBits (in: hdc=0x5e010771, hbm=0x6e050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0211.290] GetDIBits (in: hdc=0x5e010771, hbm=0x6e050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0211.291] GetDIBits (in: hdc=0x5e010771, hbm=0x7c050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0211.291] WriteFile (in: hFile=0xf64, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0211.292] WriteFile (in: hFile=0xf64, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0211.292] WriteFile (in: hFile=0xf64, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0211.292] WriteFile (in: hFile=0xf64, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0211.292] WriteFile (in: hFile=0xf64, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0211.292] DeleteDC (hdc=0x5e010771) returned 1 [0211.292] CloseHandle (hObject=0xf64) returned 1 [0211.293] DeleteObject (ho=0x6e050770) returned 1 [0211.293] DeleteObject (ho=0x7c050772) returned 1 [0211.293] DestroyCursor (hCursor=0x20008b) returned 1 [0211.293] GetCurrentThreadId () returned 0x6f8 [0211.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\a5lNIpKaFDZ8fs9F1EOh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a5lnipkafdz8fs9f1eoh.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf64 [0211.293] GetFileSize (in: hFile=0xf64, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2f7f [0211.298] ReadFile (in: hFile=0xf64, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2f7f, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x2f7f, lpOverlapped=0x0) returned 1 [0211.298] CloseHandle (hObject=0xf64) returned 1 [0211.298] GetCurrentThreadId () returned 0x6f8 [0211.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x29bf7f0, dwHighDateTime=0x1d6076d)) [0211.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x29bf7f0, dwHighDateTime=0x1d6076d)) [0211.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x29bf7f0, dwHighDateTime=0x1d6076d)) [0211.393] GetCurrentThreadId () returned 0x6f8 [0211.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2aa4030, dwHighDateTime=0x1d6076d)) [0211.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2aa4030, dwHighDateTime=0x1d6076d)) [0211.393] GetCurrentThreadId () returned 0x6f8 [0211.393] CreateFileW (lpFileName="YscE.exe" (normalized: "c:\\windows\\system32\\ysce.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.394] CreateFileW (lpFileName="YscE.exe" (normalized: "c:\\windows\\system32\\ysce.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.394] GetCurrentThreadId () returned 0x6f8 [0211.394] GetCurrentThreadId () returned 0x6f8 [0211.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2aa4030, dwHighDateTime=0x1d6076d)) [0211.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2aa4030, dwHighDateTime=0x1d6076d)) [0211.394] CreateFileW (lpFileName="YscE.exe" (normalized: "c:\\windows\\system32\\ysce.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.394] GetCurrentThreadId () returned 0x6f8 [0211.394] BeginUpdateResourceW (pFileName="YscE.exe" (normalized: "c:\\windows\\system32\\ysce.exe"), bDeleteExistingResources=0) returned 0x0 [0211.394] CreateFileW (lpFileName="MqsE.ico" (normalized: "c:\\windows\\system32\\mqse.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf64 [0211.395] GetFileSize (in: hFile=0xf64, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0211.395] ReadFile (in: hFile=0xf64, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0211.396] CloseHandle (hObject=0xf64) returned 1 [0211.396] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0211.396] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0211.396] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0211.396] CopyFileW (lpExistingFileName="YscE.exe" (normalized: "c:\\windows\\system32\\ysce.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\a5lNIpKaFDZ8fs9F1EOh.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a5lnipkafdz8fs9f1eoh.mp3.exe"), bFailIfExists=0) returned 0 [0211.396] SetNamedSecurityInfoW () returned 0x2 [0211.396] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\a5lNIpKaFDZ8fs9F1EOh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a5lnipkafdz8fs9f1eoh.mp3")) returned 1 [0211.397] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x8c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x8c, lpOverlapped=0x0) returned 1 [0211.397] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0211.397] DeleteFileW (lpFileName="MqsE.ico" (normalized: "c:\\windows\\system32\\mqse.ico")) returned 1 [0211.399] DeleteFileW (lpFileName="YscE.exe" (normalized: "c:\\windows\\system32\\ysce.exe")) returned 0 [0211.399] GetCurrentThreadId () returned 0x6f8 [0211.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x2aca190, dwHighDateTime=0x1d6076d)) [0211.399] GetCurrentThreadId () returned 0x6f8 [0211.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2aca190, dwHighDateTime=0x1d6076d)) [0211.399] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0211.399] GetCurrentThreadId () returned 0x6f8 [0211.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2aca190, dwHighDateTime=0x1d6076d)) [0211.399] GetCurrentThreadId () returned 0x6f8 [0211.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2aca190, dwHighDateTime=0x1d6076d)) [0211.399] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68918 [0211.419] GetCurrentThreadId () returned 0x6f8 [0211.419] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.419] FindNextFileW (in: hFindFile=0x7e68918, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.420] GetCurrentThreadId () returned 0x6f8 [0211.420] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.420] FindNextFileW (in: hFindFile=0x7e68918, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0211.420] GetCurrentThreadId () returned 0x6f8 [0211.420] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.420] GetCurrentThreadId () returned 0x6f8 [0211.420] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.420] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68958 [0211.420] GetCurrentThreadId () returned 0x6f8 [0211.420] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.420] FindNextFileW (in: hFindFile=0x7e68958, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.420] GetCurrentThreadId () returned 0x6f8 [0211.420] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.420] FindNextFileW (in: hFindFile=0x7e68958, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0211.421] GetCurrentThreadId () returned 0x6f8 [0211.421] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.421] GetCurrentThreadId () returned 0x6f8 [0211.421] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.421] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68998 [0211.422] GetCurrentThreadId () returned 0x6f8 [0211.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.422] FindNextFileW (in: hFindFile=0x7e68998, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.422] GetCurrentThreadId () returned 0x6f8 [0211.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.422] FindNextFileW (in: hFindFile=0x7e68998, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Collab", cAlternateFileName="")) returned 1 [0211.422] GetCurrentThreadId () returned 0x6f8 [0211.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.422] GetCurrentThreadId () returned 0x6f8 [0211.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.422] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e689d8 [0211.423] GetCurrentThreadId () returned 0x6f8 [0211.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.423] FindNextFileW (in: hFindFile=0x7e689d8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.423] GetCurrentThreadId () returned 0x6f8 [0211.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.423] FindNextFileW (in: hFindFile=0x7e689d8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.423] GetCurrentThreadId () returned 0x6f8 [0211.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.423] FindNextFileW (in: hFindFile=0x7e68998, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Forms", cAlternateFileName="")) returned 1 [0211.423] GetCurrentThreadId () returned 0x6f8 [0211.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.423] GetCurrentThreadId () returned 0x6f8 [0211.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.423] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68a18 [0211.423] GetCurrentThreadId () returned 0x6f8 [0211.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.424] FindNextFileW (in: hFindFile=0x7e68a18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.424] GetCurrentThreadId () returned 0x6f8 [0211.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.424] FindNextFileW (in: hFindFile=0x7e68a18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.424] GetCurrentThreadId () returned 0x6f8 [0211.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.424] FindNextFileW (in: hFindFile=0x7e68998, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JavaScripts", cAlternateFileName="JAVASC~1")) returned 1 [0211.424] GetCurrentThreadId () returned 0x6f8 [0211.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.424] GetCurrentThreadId () returned 0x6f8 [0211.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.424] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68a58 [0211.424] GetCurrentThreadId () returned 0x6f8 [0211.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.424] FindNextFileW (in: hFindFile=0x7e68a58, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.424] GetCurrentThreadId () returned 0x6f8 [0211.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.424] FindNextFileW (in: hFindFile=0x7e68a58, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="glob.js", cAlternateFileName="")) returned 1 [0211.425] GetCurrentThreadId () returned 0x6f8 [0211.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.425] FindNextFileW (in: hFindFile=0x7e68a58, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="glob.settings.js", cAlternateFileName="GLOBSE~1.JS")) returned 1 [0211.425] GetCurrentThreadId () returned 0x6f8 [0211.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.425] FindNextFileW (in: hFindFile=0x7e68a58, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="glob.settings.js", cAlternateFileName="GLOBSE~1.JS")) returned 0 [0211.425] GetCurrentThreadId () returned 0x6f8 [0211.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.425] FindNextFileW (in: hFindFile=0x7e68998, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0211.425] GetCurrentThreadId () returned 0x6f8 [0211.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.425] GetCurrentThreadId () returned 0x6f8 [0211.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.425] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68a98 [0211.425] GetCurrentThreadId () returned 0x6f8 [0211.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.425] FindNextFileW (in: hFindFile=0x7e68a98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.425] GetCurrentThreadId () returned 0x6f8 [0211.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.426] FindNextFileW (in: hFindFile=0x7e68a98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda8cdc00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8f3d60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x1517, dwReserved0=0x0, dwReserved1=0x0, cFileName="addressbook.acrodata", cAlternateFileName="ADDRES~1.ACR")) returned 1 [0211.426] GetCurrentThreadId () returned 0x6f8 [0211.426] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.426] FindNextFileW (in: hFindFile=0x7e68a98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLCache", cAlternateFileName="")) returned 1 [0211.433] GetCurrentThreadId () returned 0x6f8 [0211.433] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.433] GetCurrentThreadId () returned 0x6f8 [0211.433] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.433] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68ad8 [0211.434] GetCurrentThreadId () returned 0x6f8 [0211.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.434] FindNextFileW (in: hFindFile=0x7e68ad8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.434] GetCurrentThreadId () returned 0x6f8 [0211.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.434] FindNextFileW (in: hFindFile=0x7e68ad8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda5adf20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefc97c0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", cAlternateFileName="48B764~1.CRL")) returned 1 [0211.434] GetCurrentThreadId () returned 0x6f8 [0211.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.435] FindNextFileW (in: hFindFile=0x7e68ad8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda3e4ea0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda3e4ea0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefa3660, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x9347, dwReserved0=0x0, dwReserved1=0x0, cFileName="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", cAlternateFileName="A9B821~1.CRL")) returned 1 [0211.435] GetCurrentThreadId () returned 0x6f8 [0211.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.435] FindNextFileW (in: hFindFile=0x7e68ad8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda3e4ea0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda3e4ea0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefa3660, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x9347, dwReserved0=0x0, dwReserved1=0x0, cFileName="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", cAlternateFileName="A9B821~1.CRL")) returned 0 [0211.435] GetCurrentThreadId () returned 0x6f8 [0211.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.435] FindNextFileW (in: hFindFile=0x7e68a98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLCache", cAlternateFileName="")) returned 0 [0211.435] GetCurrentThreadId () returned 0x6f8 [0211.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.435] FindNextFileW (in: hFindFile=0x7e68998, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 0 [0211.435] GetCurrentThreadId () returned 0x6f8 [0211.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.435] FindNextFileW (in: hFindFile=0x7e68958, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 0 [0211.435] GetCurrentThreadId () returned 0x6f8 [0211.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.435] FindNextFileW (in: hFindFile=0x7e68918, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0211.435] GetCurrentThreadId () returned 0x6f8 [0211.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.435] GetCurrentThreadId () returned 0x6f8 [0211.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.435] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68b18 [0211.436] GetCurrentThreadId () returned 0x6f8 [0211.436] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.437] FindNextFileW (in: hFindFile=0x7e68b18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.437] GetCurrentThreadId () returned 0x6f8 [0211.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.437] FindNextFileW (in: hFindFile=0x7e68b18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetCache", cAlternateFileName="ASSETC~1")) returned 1 [0211.437] GetCurrentThreadId () returned 0x6f8 [0211.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.437] GetCurrentThreadId () returned 0x6f8 [0211.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.437] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68b58 [0211.437] GetCurrentThreadId () returned 0x6f8 [0211.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.437] FindNextFileW (in: hFindFile=0x7e68b58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.437] GetCurrentThreadId () returned 0x6f8 [0211.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.437] FindNextFileW (in: hFindFile=0x7e68b58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D5NTRC6R", cAlternateFileName="")) returned 1 [0211.437] GetCurrentThreadId () returned 0x6f8 [0211.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.437] GetCurrentThreadId () returned 0x6f8 [0211.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.438] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68b98 [0211.439] GetCurrentThreadId () returned 0x6f8 [0211.439] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.439] FindNextFileW (in: hFindFile=0x7e68b98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.440] GetCurrentThreadId () returned 0x6f8 [0211.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.440] FindNextFileW (in: hFindFile=0x7e68b98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.440] GetCurrentThreadId () returned 0x6f8 [0211.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.440] FindNextFileW (in: hFindFile=0x7e68b58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D5NTRC6R", cAlternateFileName="")) returned 0 [0211.440] GetCurrentThreadId () returned 0x6f8 [0211.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.440] FindNextFileW (in: hFindFile=0x7e68b18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetCache", cAlternateFileName="ASSETC~1")) returned 0 [0211.440] GetCurrentThreadId () returned 0x6f8 [0211.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.440] FindNextFileW (in: hFindFile=0x7e68918, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Headlights", cAlternateFileName="HEADLI~1")) returned 1 [0211.440] GetCurrentThreadId () returned 0x6f8 [0211.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.440] GetCurrentThreadId () returned 0x6f8 [0211.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.440] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68bd8 [0211.440] GetCurrentThreadId () returned 0x6f8 [0211.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.441] FindNextFileW (in: hFindFile=0x7e68bd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.441] GetCurrentThreadId () returned 0x6f8 [0211.441] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.441] FindNextFileW (in: hFindFile=0x7e68bd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.441] GetCurrentThreadId () returned 0x6f8 [0211.441] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.441] FindNextFileW (in: hFindFile=0x7e68918, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0211.441] GetCurrentThreadId () returned 0x6f8 [0211.441] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.441] GetCurrentThreadId () returned 0x6f8 [0211.441] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b16450, dwHighDateTime=0x1d6076d)) [0211.441] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68c18 [0211.441] GetCurrentThreadId () returned 0x6f8 [0211.441] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.441] FindNextFileW (in: hFindFile=0x7e68c18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.444] GetCurrentThreadId () returned 0x6f8 [0211.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.444] FindNextFileW (in: hFindFile=0x7e68c18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 1 [0211.444] GetCurrentThreadId () returned 0x6f8 [0211.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.444] GetCurrentThreadId () returned 0x6f8 [0211.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.444] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68c58 [0211.445] GetCurrentThreadId () returned 0x6f8 [0211.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.445] FindNextFileW (in: hFindFile=0x7e68c58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.445] GetCurrentThreadId () returned 0x6f8 [0211.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.445] FindNextFileW (in: hFindFile=0x7e68c58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.445] GetCurrentThreadId () returned 0x6f8 [0211.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.445] FindNextFileW (in: hFindFile=0x7e68c18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 0 [0211.445] GetCurrentThreadId () returned 0x6f8 [0211.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.445] FindNextFileW (in: hFindFile=0x7e68918, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LogTransport2", cAlternateFileName="LOGTRA~1")) returned 1 [0211.445] GetCurrentThreadId () returned 0x6f8 [0211.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.445] GetCurrentThreadId () returned 0x6f8 [0211.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.445] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68c98 [0211.446] GetCurrentThreadId () returned 0x6f8 [0211.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.446] FindNextFileW (in: hFindFile=0x7e68c98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.446] GetCurrentThreadId () returned 0x6f8 [0211.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.446] FindNextFileW (in: hFindFile=0x7e68c98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.446] GetCurrentThreadId () returned 0x6f8 [0211.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.446] FindNextFileW (in: hFindFile=0x7e68918, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LogTransport2", cAlternateFileName="LOGTRA~1")) returned 0 [0211.446] GetCurrentThreadId () returned 0x6f8 [0211.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.446] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7a09dcb0, ftCreationTime.dwHighDateTime=0x1d5d952, ftLastAccessTime.dwLowDateTime=0xd64f5e70, ftLastAccessTime.dwHighDateTime=0x1d5e11b, ftLastWriteTime.dwLowDateTime=0xd64f5e70, ftLastWriteTime.dwHighDateTime=0x1d5e11b, nFileSizeHigh=0x0, nFileSizeLow=0xaaba, dwReserved0=0x0, dwReserved1=0x0, cFileName="AnfGNYVPpO.m4a", cAlternateFileName="ANFGNY~1.M4A")) returned 1 [0211.446] GetCurrentThreadId () returned 0x6f8 [0211.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.446] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf5235c00, ftCreationTime.dwHighDateTime=0x1d5dc4f, ftLastAccessTime.dwLowDateTime=0xbbda2f90, ftLastAccessTime.dwHighDateTime=0x1d5e033, ftLastWriteTime.dwLowDateTime=0xbbda2f90, ftLastWriteTime.dwHighDateTime=0x1d5e033, nFileSizeHigh=0x0, nFileSizeLow=0x113ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="brhHA_XP.mkv", cAlternateFileName="")) returned 1 [0211.446] GetCurrentThreadId () returned 0x6f8 [0211.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.446] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f7e92a0, ftCreationTime.dwHighDateTime=0x1d5dbde, ftLastAccessTime.dwLowDateTime=0x2378f100, ftLastAccessTime.dwHighDateTime=0x1d5e24f, ftLastWriteTime.dwLowDateTime=0x2378f100, ftLastWriteTime.dwHighDateTime=0x1d5e24f, nFileSizeHigh=0x0, nFileSizeLow=0xae7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cppi8 Jmuxg427.mkv", cAlternateFileName="CPPI8J~1.MKV")) returned 1 [0211.446] GetCurrentThreadId () returned 0x6f8 [0211.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.447] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c560410, ftCreationTime.dwHighDateTime=0x1d5d8e6, ftLastAccessTime.dwLowDateTime=0xb2922e10, ftLastAccessTime.dwHighDateTime=0x1d5d877, ftLastWriteTime.dwLowDateTime=0xb2922e10, ftLastWriteTime.dwHighDateTime=0x1d5d877, nFileSizeHigh=0x0, nFileSizeLow=0x11c8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dbrl.wav", cAlternateFileName="")) returned 1 [0211.447] GetCurrentThreadId () returned 0x6f8 [0211.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.447] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93b72140, ftCreationTime.dwHighDateTime=0x1d5e4ba, ftLastAccessTime.dwLowDateTime=0x655d5ce0, ftLastAccessTime.dwHighDateTime=0x1d5e2f5, ftLastWriteTime.dwLowDateTime=0x655d5ce0, ftLastWriteTime.dwHighDateTime=0x1d5e2f5, nFileSizeHigh=0x0, nFileSizeLow=0x14489, dwReserved0=0x0, dwReserved1=0x0, cFileName="ebzIkx.m4a", cAlternateFileName="")) returned 1 [0211.447] GetCurrentThreadId () returned 0x6f8 [0211.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.447] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2f1d0170, ftCreationTime.dwHighDateTime=0x1d5e6ca, ftLastAccessTime.dwLowDateTime=0x80684e30, ftLastAccessTime.dwHighDateTime=0x1d5da3c, ftLastWriteTime.dwLowDateTime=0x80684e30, ftLastWriteTime.dwHighDateTime=0x1d5da3c, nFileSizeHigh=0x0, nFileSizeLow=0x4ca5, dwReserved0=0x0, dwReserved1=0x0, cFileName="fTg7.wav", cAlternateFileName="")) returned 1 [0211.447] GetCurrentThreadId () returned 0x6f8 [0211.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.447] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe026b520, ftCreationTime.dwHighDateTime=0x1d5dad5, ftLastAccessTime.dwLowDateTime=0x47ec94c0, ftLastAccessTime.dwHighDateTime=0x1d5e640, ftLastWriteTime.dwLowDateTime=0x47ec94c0, ftLastWriteTime.dwHighDateTime=0x1d5e640, nFileSizeHigh=0x0, nFileSizeLow=0x2b6d, dwReserved0=0x0, dwReserved1=0x0, cFileName="gCYPffwRu.bmp", cAlternateFileName="GCYPFF~1.BMP")) returned 1 [0211.447] GetCurrentThreadId () returned 0x6f8 [0211.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.447] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gCYPffwRu.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gcypffwru.bmp")) returned 0x2020 [0211.449] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gCYPffwRu.bmp", dwFileAttributes=0x80) returned 1 [0211.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gCYPffwRu.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gcypffwru.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfa0 [0211.449] GetFileSize (in: hFile=0xfa0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b6d [0211.454] ReadFile (in: hFile=0xfa0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2b6d, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x2b6d, lpOverlapped=0x0) returned 1 [0211.456] GetCurrentThreadId () returned 0x6f8 [0211.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.456] GetCurrentThreadId () returned 0x6f8 [0211.456] CloseHandle (hObject=0xfa0) returned 1 [0211.456] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gCYPffwRu.bmp", dwFileAttributes=0x2020) returned 1 [0211.456] GetCurrentThreadId () returned 0x6f8 [0211.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.457] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.457] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gCYPffwRu.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gCYPffwRu.bmp", piIcon=0x4e4efc4) returned 0x22008b [0211.486] GetIconInfo (in: hIcon=0x22008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0211.487] CreateFileW (lpFileName="MGYI.ico" (normalized: "c:\\windows\\system32\\mgyi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfa0 [0211.487] GetObjectA (in: h=0x8805016f, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0211.487] GetObjectA (in: h=0xb205076f, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0211.487] CreateCompatibleDC (hdc=0x0) returned 0x660101fa [0211.488] GetDIBits (in: hdc=0x660101fa, hbm=0x8805016f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0211.488] GetDIBits (in: hdc=0x660101fa, hbm=0x8805016f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0211.488] GetDIBits (in: hdc=0x660101fa, hbm=0x8805016f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0211.488] GetDIBits (in: hdc=0x660101fa, hbm=0xb205076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0211.488] WriteFile (in: hFile=0xfa0, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0211.489] WriteFile (in: hFile=0xfa0, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0211.489] WriteFile (in: hFile=0xfa0, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0211.489] WriteFile (in: hFile=0xfa0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0211.489] WriteFile (in: hFile=0xfa0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0211.489] DeleteDC (hdc=0x660101fa) returned 1 [0211.489] CloseHandle (hObject=0xfa0) returned 1 [0211.492] DeleteObject (ho=0x8805016f) returned 1 [0211.492] DeleteObject (ho=0xb205076f) returned 1 [0211.492] DestroyCursor (hCursor=0x22008b) returned 1 [0211.492] GetCurrentThreadId () returned 0x6f8 [0211.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gCYPffwRu.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gcypffwru.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfa0 [0211.492] GetFileSize (in: hFile=0xfa0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b6d [0211.497] ReadFile (in: hFile=0xfa0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2b6d, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x2b6d, lpOverlapped=0x0) returned 1 [0211.497] CloseHandle (hObject=0xfa0) returned 1 [0211.497] GetCurrentThreadId () returned 0x6f8 [0211.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x2bae9d0, dwHighDateTime=0x1d6076d)) [0211.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x2bae9d0, dwHighDateTime=0x1d6076d)) [0211.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x2bae9d0, dwHighDateTime=0x1d6076d)) [0211.624] GetCurrentThreadId () returned 0x6f8 [0211.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2cdf4d0, dwHighDateTime=0x1d6076d)) [0211.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2cdf4d0, dwHighDateTime=0x1d6076d)) [0211.624] GetCurrentThreadId () returned 0x6f8 [0211.624] CreateFileW (lpFileName="uUUu.exe" (normalized: "c:\\windows\\system32\\uuuu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.625] CreateFileW (lpFileName="uUUu.exe" (normalized: "c:\\windows\\system32\\uuuu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.625] GetCurrentThreadId () returned 0x6f8 [0211.625] GetCurrentThreadId () returned 0x6f8 [0211.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2cdf4d0, dwHighDateTime=0x1d6076d)) [0211.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2cdf4d0, dwHighDateTime=0x1d6076d)) [0211.626] CreateFileW (lpFileName="uUUu.exe" (normalized: "c:\\windows\\system32\\uuuu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.626] GetCurrentThreadId () returned 0x6f8 [0211.626] BeginUpdateResourceW (pFileName="uUUu.exe" (normalized: "c:\\windows\\system32\\uuuu.exe"), bDeleteExistingResources=0) returned 0x0 [0211.626] CreateFileW (lpFileName="MGYI.ico" (normalized: "c:\\windows\\system32\\mgyi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfa0 [0211.626] GetFileSize (in: hFile=0xfa0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0211.626] ReadFile (in: hFile=0xfa0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0211.626] CloseHandle (hObject=0xfa0) returned 1 [0211.627] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0211.627] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0211.627] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0211.627] CopyFileW (lpExistingFileName="uUUu.exe" (normalized: "c:\\windows\\system32\\uuuu.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gCYPffwRu.bmp.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gcypffwru.bmp.exe"), bFailIfExists=0) returned 0 [0211.627] SetNamedSecurityInfoW () returned 0x2 [0211.627] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gCYPffwRu.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gcypffwru.bmp")) returned 1 [0211.630] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x76, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x76, lpOverlapped=0x0) returned 1 [0211.630] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0211.630] DeleteFileW (lpFileName="MGYI.ico" (normalized: "c:\\windows\\system32\\mgyi.ico")) returned 1 [0211.632] DeleteFileW (lpFileName="uUUu.exe" (normalized: "c:\\windows\\system32\\uuuu.exe")) returned 0 [0211.632] GetCurrentThreadId () returned 0x6f8 [0211.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.632] GetCurrentThreadId () returned 0x6f8 [0211.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.632] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0211.632] GetCurrentThreadId () returned 0x6f8 [0211.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.632] GetCurrentThreadId () returned 0x6f8 [0211.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.632] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68cd8 [0211.632] GetCurrentThreadId () returned 0x6f8 [0211.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.632] FindNextFileW (in: hFindFile=0x7e68cd8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.633] GetCurrentThreadId () returned 0x6f8 [0211.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.633] FindNextFileW (in: hFindFile=0x7e68cd8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0211.633] GetCurrentThreadId () returned 0x6f8 [0211.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.633] GetCurrentThreadId () returned 0x6f8 [0211.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.633] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68d18 [0211.633] GetCurrentThreadId () returned 0x6f8 [0211.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.633] FindNextFileW (in: hFindFile=0x7e68d18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.633] GetCurrentThreadId () returned 0x6f8 [0211.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.633] FindNextFileW (in: hFindFile=0x7e68d18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.633] GetCurrentThreadId () returned 0x6f8 [0211.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.633] FindNextFileW (in: hFindFile=0x7e68cd8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0211.634] GetCurrentThreadId () returned 0x6f8 [0211.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.634] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa4a76120, ftCreationTime.dwHighDateTime=0x1d5e543, ftLastAccessTime.dwLowDateTime=0xfdfca4d0, ftLastAccessTime.dwHighDateTime=0x1d5e73a, ftLastWriteTime.dwLowDateTime=0xfdfca4d0, ftLastWriteTime.dwHighDateTime=0x1d5e73a, nFileSizeHigh=0x0, nFileSizeLow=0xb5c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="iEEOjUdv0Wj0JqvTmm.gif", cAlternateFileName="IEEOJU~1.GIF")) returned 1 [0211.634] GetCurrentThreadId () returned 0x6f8 [0211.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.634] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iEEOjUdv0Wj0JqvTmm.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ieeojudv0wj0jqvtmm.gif")) returned 0x2020 [0211.634] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iEEOjUdv0Wj0JqvTmm.gif", dwFileAttributes=0x80) returned 1 [0211.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iEEOjUdv0Wj0JqvTmm.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ieeojudv0wj0jqvtmm.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfa4 [0211.635] GetFileSize (in: hFile=0xfa4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb5c5 [0211.639] ReadFile (in: hFile=0xfa4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xb5c5, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xb5c5, lpOverlapped=0x0) returned 1 [0211.641] GetCurrentThreadId () returned 0x6f8 [0211.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.642] GetCurrentThreadId () returned 0x6f8 [0211.642] CloseHandle (hObject=0xfa4) returned 1 [0211.642] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iEEOjUdv0Wj0JqvTmm.gif", dwFileAttributes=0x2020) returned 1 [0211.642] GetCurrentThreadId () returned 0x6f8 [0211.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2d05630, dwHighDateTime=0x1d6076d)) [0211.642] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iEEOjUdv0Wj0JqvTmm.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iEEOjUdv0Wj0JqvTmm.gif", piIcon=0x4e4efc4) returned 0x23008b [0211.654] GetIconInfo (in: hIcon=0x23008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0211.655] CreateFileW (lpFileName="IWQU.ico" (normalized: "c:\\windows\\system32\\iwqu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfac [0211.656] GetObjectA (in: h=0xa90501fe, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0211.656] GetObjectA (in: h=0xdf0501ca, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0211.656] CreateCompatibleDC (hdc=0x0) returned 0x85010772 [0211.656] GetDIBits (in: hdc=0x85010772, hbm=0xa90501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0211.656] GetDIBits (in: hdc=0x85010772, hbm=0xa90501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0211.656] GetDIBits (in: hdc=0x85010772, hbm=0xa90501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0211.656] GetDIBits (in: hdc=0x85010772, hbm=0xdf0501ca, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0211.656] WriteFile (in: hFile=0xfac, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0211.657] WriteFile (in: hFile=0xfac, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0211.657] WriteFile (in: hFile=0xfac, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0211.657] WriteFile (in: hFile=0xfac, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0211.657] WriteFile (in: hFile=0xfac, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0211.657] DeleteDC (hdc=0x85010772) returned 1 [0211.657] CloseHandle (hObject=0xfac) returned 1 [0211.658] DeleteObject (ho=0xa90501fe) returned 1 [0211.658] DeleteObject (ho=0xdf0501ca) returned 1 [0211.658] DestroyCursor (hCursor=0x23008b) returned 1 [0211.658] GetCurrentThreadId () returned 0x6f8 [0211.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iEEOjUdv0Wj0JqvTmm.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ieeojudv0wj0jqvtmm.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfac [0211.658] GetFileSize (in: hFile=0xfac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb5c5 [0211.663] ReadFile (in: hFile=0xfac, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xb5c5, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xb5c5, lpOverlapped=0x0) returned 1 [0211.664] CloseHandle (hObject=0xfac) returned 1 [0211.664] GetCurrentThreadId () returned 0x6f8 [0211.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x2d2b790, dwHighDateTime=0x1d6076d)) [0211.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x2d2b790, dwHighDateTime=0x1d6076d)) [0211.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x2d2b790, dwHighDateTime=0x1d6076d)) [0211.776] GetCurrentThreadId () returned 0x6f8 [0211.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2e5c290, dwHighDateTime=0x1d6076d)) [0211.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2e5c290, dwHighDateTime=0x1d6076d)) [0211.776] GetCurrentThreadId () returned 0x6f8 [0211.776] CreateFileW (lpFileName="scsw.exe" (normalized: "c:\\windows\\system32\\scsw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.777] CreateFileW (lpFileName="scsw.exe" (normalized: "c:\\windows\\system32\\scsw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.778] GetCurrentThreadId () returned 0x6f8 [0211.778] GetCurrentThreadId () returned 0x6f8 [0211.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2e5c290, dwHighDateTime=0x1d6076d)) [0211.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2e5c290, dwHighDateTime=0x1d6076d)) [0211.778] CreateFileW (lpFileName="scsw.exe" (normalized: "c:\\windows\\system32\\scsw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.778] GetCurrentThreadId () returned 0x6f8 [0211.778] BeginUpdateResourceW (pFileName="scsw.exe" (normalized: "c:\\windows\\system32\\scsw.exe"), bDeleteExistingResources=0) returned 0x0 [0211.778] CreateFileW (lpFileName="IWQU.ico" (normalized: "c:\\windows\\system32\\iwqu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfac [0211.778] GetFileSize (in: hFile=0xfac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0211.779] ReadFile (in: hFile=0xfac, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0211.779] CloseHandle (hObject=0xfac) returned 1 [0211.779] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0211.779] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0211.779] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0211.779] CopyFileW (lpExistingFileName="scsw.exe" (normalized: "c:\\windows\\system32\\scsw.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iEEOjUdv0Wj0JqvTmm.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ieeojudv0wj0jqvtmm.gif.exe"), bFailIfExists=0) returned 0 [0211.779] SetNamedSecurityInfoW () returned 0x2 [0211.779] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iEEOjUdv0Wj0JqvTmm.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ieeojudv0wj0jqvtmm.gif")) returned 1 [0211.781] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x88, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x88, lpOverlapped=0x0) returned 1 [0211.781] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0211.781] DeleteFileW (lpFileName="IWQU.ico" (normalized: "c:\\windows\\system32\\iwqu.ico")) returned 1 [0211.782] DeleteFileW (lpFileName="scsw.exe" (normalized: "c:\\windows\\system32\\scsw.exe")) returned 0 [0211.782] GetCurrentThreadId () returned 0x6f8 [0211.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x2e5c290, dwHighDateTime=0x1d6076d)) [0211.782] GetCurrentThreadId () returned 0x6f8 [0211.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2e5c290, dwHighDateTime=0x1d6076d)) [0211.782] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe2031d40, ftCreationTime.dwHighDateTime=0x1d5d817, ftLastAccessTime.dwLowDateTime=0x57825500, ftLastAccessTime.dwHighDateTime=0x1d5e78a, ftLastWriteTime.dwLowDateTime=0x57825500, ftLastWriteTime.dwHighDateTime=0x1d5e78a, nFileSizeHigh=0x0, nFileSizeLow=0xc8e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="JOkHrQY 7.flv", cAlternateFileName="JOKHRQ~1.FLV")) returned 1 [0211.783] GetCurrentThreadId () returned 0x6f8 [0211.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2e5c290, dwHighDateTime=0x1d6076d)) [0211.783] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa8648080, ftCreationTime.dwHighDateTime=0x1d5dfae, ftLastAccessTime.dwLowDateTime=0xc688aed0, ftLastAccessTime.dwHighDateTime=0x1d5e321, ftLastWriteTime.dwLowDateTime=0xc688aed0, ftLastWriteTime.dwHighDateTime=0x1d5e321, nFileSizeHigh=0x0, nFileSizeLow=0xb4c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="JqeJOQ.ppt", cAlternateFileName="")) returned 1 [0211.783] GetCurrentThreadId () returned 0x6f8 [0211.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x2e5c290, dwHighDateTime=0x1d6076d)) [0211.783] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JqeJOQ.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jqejoq.ppt")) returned 0x2020 [0211.783] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JqeJOQ.ppt", dwFileAttributes=0x80) returned 1 [0211.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JqeJOQ.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jqejoq.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfac [0211.783] GetFileSize (in: hFile=0xfac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb4c7 [0211.788] ReadFile (in: hFile=0xfac, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xb4c7, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xb4c7, lpOverlapped=0x0) returned 1 [0211.790] GetCurrentThreadId () returned 0x6f8 [0211.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2e823f0, dwHighDateTime=0x1d6076d)) [0211.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2e823f0, dwHighDateTime=0x1d6076d)) [0211.790] GetCurrentThreadId () returned 0x6f8 [0211.790] CloseHandle (hObject=0xfac) returned 1 [0211.790] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JqeJOQ.ppt", dwFileAttributes=0x2020) returned 1 [0211.790] GetCurrentThreadId () returned 0x6f8 [0211.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2e823f0, dwHighDateTime=0x1d6076d)) [0211.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2e823f0, dwHighDateTime=0x1d6076d)) [0211.791] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JqeJOQ.ppt", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JqeJOQ.ppt", piIcon=0x4e4efc4) returned 0x25008b [0211.816] GetIconInfo (in: hIcon=0x25008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0211.816] CreateFileW (lpFileName="MQEY.ico" (normalized: "c:\\windows\\system32\\mqey.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfac [0211.817] GetObjectA (in: h=0x6b0501fa, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0211.817] GetObjectA (in: h=0x93050776, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0211.817] CreateCompatibleDC (hdc=0x0) returned 0x8e01016f [0211.817] GetDIBits (in: hdc=0x8e01016f, hbm=0x6b0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0211.817] GetDIBits (in: hdc=0x8e01016f, hbm=0x6b0501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0211.817] GetDIBits (in: hdc=0x8e01016f, hbm=0x6b0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0211.817] GetDIBits (in: hdc=0x8e01016f, hbm=0x93050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0211.817] WriteFile (in: hFile=0xfac, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0211.819] WriteFile (in: hFile=0xfac, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0211.819] WriteFile (in: hFile=0xfac, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0211.819] WriteFile (in: hFile=0xfac, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0211.819] WriteFile (in: hFile=0xfac, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0211.819] DeleteDC (hdc=0x8e01016f) returned 1 [0211.819] CloseHandle (hObject=0xfac) returned 1 [0211.825] DeleteObject (ho=0x6b0501fa) returned 1 [0211.825] DeleteObject (ho=0x93050776) returned 1 [0211.825] DestroyCursor (hCursor=0x25008b) returned 1 [0211.825] GetCurrentThreadId () returned 0x6f8 [0211.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JqeJOQ.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jqejoq.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfac [0211.825] GetFileSize (in: hFile=0xfac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb4c7 [0211.830] ReadFile (in: hFile=0xfac, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xb4c7, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xb4c7, lpOverlapped=0x0) returned 1 [0211.830] CloseHandle (hObject=0xfac) returned 1 [0211.830] GetCurrentThreadId () returned 0x6f8 [0211.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x2ece6b0, dwHighDateTime=0x1d6076d)) [0211.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x2ece6b0, dwHighDateTime=0x1d6076d)) [0211.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x2ece6b0, dwHighDateTime=0x1d6076d)) [0211.879] GetCurrentThreadId () returned 0x6f8 [0211.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2f66c30, dwHighDateTime=0x1d6076d)) [0211.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x2f66c30, dwHighDateTime=0x1d6076d)) [0211.879] GetCurrentThreadId () returned 0x6f8 [0211.879] CreateFileW (lpFileName="cEsK.exe" (normalized: "c:\\windows\\system32\\cesk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.881] CreateFileW (lpFileName="cEsK.exe" (normalized: "c:\\windows\\system32\\cesk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.881] GetCurrentThreadId () returned 0x6f8 [0211.881] GetCurrentThreadId () returned 0x6f8 [0211.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2f66c30, dwHighDateTime=0x1d6076d)) [0211.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x2f66c30, dwHighDateTime=0x1d6076d)) [0211.881] CreateFileW (lpFileName="cEsK.exe" (normalized: "c:\\windows\\system32\\cesk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0211.881] GetCurrentThreadId () returned 0x6f8 [0211.881] BeginUpdateResourceW (pFileName="cEsK.exe" (normalized: "c:\\windows\\system32\\cesk.exe"), bDeleteExistingResources=0) returned 0x0 [0211.882] CreateFileW (lpFileName="MQEY.ico" (normalized: "c:\\windows\\system32\\mqey.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfac [0211.882] GetFileSize (in: hFile=0xfac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0211.882] ReadFile (in: hFile=0xfac, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0211.882] CloseHandle (hObject=0xfac) returned 1 [0211.882] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0211.882] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0211.882] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0211.883] CopyFileW (lpExistingFileName="cEsK.exe" (normalized: "c:\\windows\\system32\\cesk.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JqeJOQ.ppt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jqejoq.ppt.exe"), bFailIfExists=0) returned 0 [0211.883] SetNamedSecurityInfoW () returned 0x2 [0211.883] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JqeJOQ.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jqejoq.ppt")) returned 1 [0211.886] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x70, lpOverlapped=0x0) returned 1 [0211.886] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0211.886] DeleteFileW (lpFileName="MQEY.ico" (normalized: "c:\\windows\\system32\\mqey.ico")) returned 1 [0211.888] DeleteFileW (lpFileName="cEsK.exe" (normalized: "c:\\windows\\system32\\cesk.exe")) returned 0 [0211.888] GetCurrentThreadId () returned 0x6f8 [0211.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x2f66c30, dwHighDateTime=0x1d6076d)) [0211.888] GetCurrentThreadId () returned 0x6f8 [0211.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x2f66c30, dwHighDateTime=0x1d6076d)) [0211.888] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2c67b50, ftCreationTime.dwHighDateTime=0x1d5dfe1, ftLastAccessTime.dwLowDateTime=0xc2551c40, ftLastAccessTime.dwHighDateTime=0x1d5e7cc, ftLastWriteTime.dwLowDateTime=0xc2551c40, ftLastWriteTime.dwHighDateTime=0x1d5e7cc, nFileSizeHigh=0x0, nFileSizeLow=0x1a20, dwReserved0=0x0, dwReserved1=0x0, cFileName="KPwSrol.mp3", cAlternateFileName="")) returned 1 [0211.888] GetCurrentThreadId () returned 0x6f8 [0211.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x2f66c30, dwHighDateTime=0x1d6076d)) [0211.888] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KPwSrol.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kpwsrol.mp3")) returned 0x2020 [0211.888] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KPwSrol.mp3", dwFileAttributes=0x80) returned 1 [0211.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KPwSrol.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kpwsrol.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfac [0211.889] GetFileSize (in: hFile=0xfac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a20 [0211.894] ReadFile (in: hFile=0xfac, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1a20, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x1a20, lpOverlapped=0x0) returned 1 [0211.896] GetCurrentThreadId () returned 0x6f8 [0211.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2f8cd90, dwHighDateTime=0x1d6076d)) [0211.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x2f8cd90, dwHighDateTime=0x1d6076d)) [0211.896] GetCurrentThreadId () returned 0x6f8 [0211.896] CloseHandle (hObject=0xfac) returned 1 [0211.896] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KPwSrol.mp3", dwFileAttributes=0x2020) returned 1 [0211.897] GetCurrentThreadId () returned 0x6f8 [0211.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2f8cd90, dwHighDateTime=0x1d6076d)) [0211.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x2f8cd90, dwHighDateTime=0x1d6076d)) [0211.897] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KPwSrol.mp3", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KPwSrol.mp3", piIcon=0x4e4efc4) returned 0x26008b [0211.906] GetIconInfo (in: hIcon=0x26008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0211.907] CreateFileW (lpFileName="umIU.ico" (normalized: "c:\\windows\\system32\\umiu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfb0 [0211.907] GetObjectA (in: h=0x69050771, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0211.907] GetObjectA (in: h=0xbd05076f, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0211.907] CreateCompatibleDC (hdc=0x0) returned 0xe80101ca [0211.907] GetDIBits (in: hdc=0xe80101ca, hbm=0x69050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0211.907] GetDIBits (in: hdc=0xe80101ca, hbm=0x69050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0211.907] GetDIBits (in: hdc=0xe80101ca, hbm=0x69050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0211.907] GetDIBits (in: hdc=0xe80101ca, hbm=0xbd05076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0211.908] WriteFile (in: hFile=0xfb0, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0211.908] WriteFile (in: hFile=0xfb0, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0211.908] WriteFile (in: hFile=0xfb0, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0211.909] WriteFile (in: hFile=0xfb0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0211.909] WriteFile (in: hFile=0xfb0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0211.909] DeleteDC (hdc=0xe80101ca) returned 1 [0211.909] CloseHandle (hObject=0xfb0) returned 1 [0211.909] DeleteObject (ho=0x69050771) returned 1 [0211.909] DeleteObject (ho=0xbd05076f) returned 1 [0211.909] DestroyCursor (hCursor=0x26008b) returned 1 [0211.909] GetCurrentThreadId () returned 0x6f8 [0211.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KPwSrol.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kpwsrol.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfb0 [0211.909] GetFileSize (in: hFile=0xfb0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a20 [0211.914] ReadFile (in: hFile=0xfb0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1a20, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x1a20, lpOverlapped=0x0) returned 1 [0211.915] CloseHandle (hObject=0xfb0) returned 1 [0211.915] GetCurrentThreadId () returned 0x6f8 [0211.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x2fb2ef0, dwHighDateTime=0x1d6076d)) [0211.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x2fb2ef0, dwHighDateTime=0x1d6076d)) [0211.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x2fb2ef0, dwHighDateTime=0x1d6076d)) [0212.009] GetCurrentThreadId () returned 0x6f8 [0212.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x3097730, dwHighDateTime=0x1d6076d)) [0212.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x3097730, dwHighDateTime=0x1d6076d)) [0212.009] GetCurrentThreadId () returned 0x6f8 [0212.009] CreateFileW (lpFileName="woky.exe" (normalized: "c:\\windows\\system32\\woky.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.011] CreateFileW (lpFileName="woky.exe" (normalized: "c:\\windows\\system32\\woky.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.011] GetCurrentThreadId () returned 0x6f8 [0212.011] GetCurrentThreadId () returned 0x6f8 [0212.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x3097730, dwHighDateTime=0x1d6076d)) [0212.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x3097730, dwHighDateTime=0x1d6076d)) [0212.011] CreateFileW (lpFileName="woky.exe" (normalized: "c:\\windows\\system32\\woky.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.012] GetCurrentThreadId () returned 0x6f8 [0212.012] BeginUpdateResourceW (pFileName="woky.exe" (normalized: "c:\\windows\\system32\\woky.exe"), bDeleteExistingResources=0) returned 0x0 [0212.012] CreateFileW (lpFileName="umIU.ico" (normalized: "c:\\windows\\system32\\umiu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfb0 [0212.012] GetFileSize (in: hFile=0xfb0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0212.012] ReadFile (in: hFile=0xfb0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0212.012] CloseHandle (hObject=0xfb0) returned 1 [0212.013] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0212.013] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0212.013] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0212.013] CopyFileW (lpExistingFileName="woky.exe" (normalized: "c:\\windows\\system32\\woky.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KPwSrol.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kpwsrol.mp3.exe"), bFailIfExists=0) returned 0 [0212.013] SetNamedSecurityInfoW () returned 0x2 [0212.013] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KPwSrol.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kpwsrol.mp3")) returned 1 [0212.014] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x72, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x72, lpOverlapped=0x0) returned 1 [0212.014] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0212.015] DeleteFileW (lpFileName="umIU.ico" (normalized: "c:\\windows\\system32\\umiu.ico")) returned 1 [0212.016] DeleteFileW (lpFileName="woky.exe" (normalized: "c:\\windows\\system32\\woky.exe")) returned 0 [0212.016] GetCurrentThreadId () returned 0x6f8 [0212.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x3097730, dwHighDateTime=0x1d6076d)) [0212.016] GetCurrentThreadId () returned 0x6f8 [0212.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x3097730, dwHighDateTime=0x1d6076d)) [0212.016] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x441f4af0, ftCreationTime.dwHighDateTime=0x1d5e220, ftLastAccessTime.dwLowDateTime=0x38fdaf40, ftLastAccessTime.dwHighDateTime=0x1d5e61c, ftLastWriteTime.dwLowDateTime=0x38fdaf40, ftLastWriteTime.dwHighDateTime=0x1d5e61c, nFileSizeHigh=0x0, nFileSizeLow=0xfdd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KQWIk.mp3", cAlternateFileName="")) returned 1 [0212.016] GetCurrentThreadId () returned 0x6f8 [0212.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x3097730, dwHighDateTime=0x1d6076d)) [0212.016] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQWIk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kqwik.mp3")) returned 0x2020 [0212.018] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQWIk.mp3", dwFileAttributes=0x80) returned 1 [0212.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQWIk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kqwik.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfb0 [0212.018] GetFileSize (in: hFile=0xfb0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfdd0 [0212.023] ReadFile (in: hFile=0xfb0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xfdd0, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xfdd0, lpOverlapped=0x0) returned 1 [0212.025] GetCurrentThreadId () returned 0x6f8 [0212.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x30bd890, dwHighDateTime=0x1d6076d)) [0212.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x30bd890, dwHighDateTime=0x1d6076d)) [0212.025] GetCurrentThreadId () returned 0x6f8 [0212.026] CloseHandle (hObject=0xfb0) returned 1 [0212.026] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQWIk.mp3", dwFileAttributes=0x2020) returned 1 [0212.026] GetCurrentThreadId () returned 0x6f8 [0212.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x30bd890, dwHighDateTime=0x1d6076d)) [0212.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x30bd890, dwHighDateTime=0x1d6076d)) [0212.027] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQWIk.mp3", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQWIk.mp3", piIcon=0x4e4efc4) returned 0x27008b [0212.039] GetIconInfo (in: hIcon=0x27008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0212.039] CreateFileW (lpFileName="YUgI.ico" (normalized: "c:\\windows\\system32\\yugi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfac [0212.040] GetObjectA (in: h=0x96050776, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0212.040] GetObjectA (in: h=0x700501fa, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0212.040] CreateCompatibleDC (hdc=0x0) returned 0xb40101fe [0212.040] GetDIBits (in: hdc=0xb40101fe, hbm=0x96050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0212.040] GetDIBits (in: hdc=0xb40101fe, hbm=0x96050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0212.040] GetDIBits (in: hdc=0xb40101fe, hbm=0x96050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0212.040] GetDIBits (in: hdc=0xb40101fe, hbm=0x700501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0212.040] WriteFile (in: hFile=0xfac, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0212.041] WriteFile (in: hFile=0xfac, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0212.041] WriteFile (in: hFile=0xfac, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0212.041] WriteFile (in: hFile=0xfac, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0212.042] WriteFile (in: hFile=0xfac, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0212.042] DeleteDC (hdc=0xb40101fe) returned 1 [0212.042] CloseHandle (hObject=0xfac) returned 1 [0212.042] DeleteObject (ho=0x96050776) returned 1 [0212.042] DeleteObject (ho=0x700501fa) returned 1 [0212.042] DestroyCursor (hCursor=0x27008b) returned 1 [0212.042] GetCurrentThreadId () returned 0x6f8 [0212.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQWIk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kqwik.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfac [0212.042] GetFileSize (in: hFile=0xfac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfdd0 [0212.047] ReadFile (in: hFile=0xfac, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xfdd0, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xfdd0, lpOverlapped=0x0) returned 1 [0212.048] CloseHandle (hObject=0xfac) returned 1 [0212.048] GetCurrentThreadId () returned 0x6f8 [0212.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x30e39f0, dwHighDateTime=0x1d6076d)) [0212.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x30e39f0, dwHighDateTime=0x1d6076d)) [0212.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x30e39f0, dwHighDateTime=0x1d6076d)) [0212.178] GetCurrentThreadId () returned 0x6f8 [0212.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x323a650, dwHighDateTime=0x1d6076d)) [0212.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x323a650, dwHighDateTime=0x1d6076d)) [0212.178] GetCurrentThreadId () returned 0x6f8 [0212.178] CreateFileW (lpFileName="GoUc.exe" (normalized: "c:\\windows\\system32\\gouc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.179] CreateFileW (lpFileName="GoUc.exe" (normalized: "c:\\windows\\system32\\gouc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.179] GetCurrentThreadId () returned 0x6f8 [0212.179] GetCurrentThreadId () returned 0x6f8 [0212.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x323a650, dwHighDateTime=0x1d6076d)) [0212.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x323a650, dwHighDateTime=0x1d6076d)) [0212.179] CreateFileW (lpFileName="GoUc.exe" (normalized: "c:\\windows\\system32\\gouc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.180] GetCurrentThreadId () returned 0x6f8 [0212.180] BeginUpdateResourceW (pFileName="GoUc.exe" (normalized: "c:\\windows\\system32\\gouc.exe"), bDeleteExistingResources=0) returned 0x0 [0212.180] CreateFileW (lpFileName="YUgI.ico" (normalized: "c:\\windows\\system32\\yugi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfac [0212.180] GetFileSize (in: hFile=0xfac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0212.180] ReadFile (in: hFile=0xfac, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0212.180] CloseHandle (hObject=0xfac) returned 1 [0212.180] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0212.180] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0212.180] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0212.180] CopyFileW (lpExistingFileName="GoUc.exe" (normalized: "c:\\windows\\system32\\gouc.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQWIk.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kqwik.mp3.exe"), bFailIfExists=0) returned 0 [0212.181] SetNamedSecurityInfoW () returned 0x2 [0212.181] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQWIk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kqwik.mp3")) returned 1 [0212.182] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x6e, lpOverlapped=0x0) returned 1 [0212.182] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0212.182] DeleteFileW (lpFileName="YUgI.ico" (normalized: "c:\\windows\\system32\\yugi.ico")) returned 1 [0212.183] DeleteFileW (lpFileName="GoUc.exe" (normalized: "c:\\windows\\system32\\gouc.exe")) returned 0 [0212.183] GetCurrentThreadId () returned 0x6f8 [0212.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x323a650, dwHighDateTime=0x1d6076d)) [0212.183] GetCurrentThreadId () returned 0x6f8 [0212.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x323a650, dwHighDateTime=0x1d6076d)) [0212.183] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4551c670, ftCreationTime.dwHighDateTime=0x1d5debd, ftLastAccessTime.dwLowDateTime=0x2e3fa80, ftLastAccessTime.dwHighDateTime=0x1d5e613, ftLastWriteTime.dwLowDateTime=0x2e3fa80, ftLastWriteTime.dwHighDateTime=0x1d5e613, nFileSizeHigh=0x0, nFileSizeLow=0x3eb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="kTjFYVFAn4.mp3", cAlternateFileName="KTJFYV~1.MP3")) returned 1 [0212.183] GetCurrentThreadId () returned 0x6f8 [0212.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x323a650, dwHighDateTime=0x1d6076d)) [0212.184] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kTjFYVFAn4.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktjfyvfan4.mp3")) returned 0x2020 [0212.184] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kTjFYVFAn4.mp3", dwFileAttributes=0x80) returned 1 [0212.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kTjFYVFAn4.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktjfyvfan4.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfac [0212.185] GetFileSize (in: hFile=0xfac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3eb8 [0212.190] ReadFile (in: hFile=0xfac, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x3eb8, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x3eb8, lpOverlapped=0x0) returned 1 [0212.194] GetCurrentThreadId () returned 0x6f8 [0212.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x32607b0, dwHighDateTime=0x1d6076d)) [0212.195] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x32607b0, dwHighDateTime=0x1d6076d)) [0212.195] GetCurrentThreadId () returned 0x6f8 [0212.195] CloseHandle (hObject=0xfac) returned 1 [0212.195] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kTjFYVFAn4.mp3", dwFileAttributes=0x2020) returned 1 [0212.195] GetCurrentThreadId () returned 0x6f8 [0212.195] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x32607b0, dwHighDateTime=0x1d6076d)) [0212.195] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x32607b0, dwHighDateTime=0x1d6076d)) [0212.195] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kTjFYVFAn4.mp3", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kTjFYVFAn4.mp3", piIcon=0x4e4efc4) returned 0x28008b [0212.207] GetIconInfo (in: hIcon=0x28008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0212.207] CreateFileW (lpFileName="IuoE.ico" (normalized: "c:\\windows\\system32\\iuoe.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfb0 [0212.208] GetObjectA (in: h=0xc005076f, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0212.208] GetObjectA (in: h=0x6e050771, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0212.208] CreateCompatibleDC (hdc=0x0) returned 0x85010770 [0212.208] GetDIBits (in: hdc=0x85010770, hbm=0xc005076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0212.208] GetDIBits (in: hdc=0x85010770, hbm=0xc005076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0212.208] GetDIBits (in: hdc=0x85010770, hbm=0xc005076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0212.208] GetDIBits (in: hdc=0x85010770, hbm=0x6e050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0212.208] WriteFile (in: hFile=0xfb0, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0212.209] WriteFile (in: hFile=0xfb0, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0212.209] WriteFile (in: hFile=0xfb0, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0212.209] WriteFile (in: hFile=0xfb0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0212.210] WriteFile (in: hFile=0xfb0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0212.210] DeleteDC (hdc=0x85010770) returned 1 [0212.210] CloseHandle (hObject=0xfb0) returned 1 [0212.210] DeleteObject (ho=0xc005076f) returned 1 [0212.210] DeleteObject (ho=0x6e050771) returned 1 [0212.210] DestroyCursor (hCursor=0x28008b) returned 1 [0212.210] GetCurrentThreadId () returned 0x6f8 [0212.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kTjFYVFAn4.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktjfyvfan4.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfb0 [0212.210] GetFileSize (in: hFile=0xfb0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3eb8 [0212.215] ReadFile (in: hFile=0xfb0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x3eb8, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x3eb8, lpOverlapped=0x0) returned 1 [0212.215] CloseHandle (hObject=0xfb0) returned 1 [0212.215] GetCurrentThreadId () returned 0x6f8 [0212.215] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x3286910, dwHighDateTime=0x1d6076d)) [0212.216] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x3286910, dwHighDateTime=0x1d6076d)) [0212.216] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x3286910, dwHighDateTime=0x1d6076d)) [0212.354] GetCurrentThreadId () returned 0x6f8 [0212.354] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.354] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.354] GetCurrentThreadId () returned 0x6f8 [0212.354] CreateFileW (lpFileName="YcIC.exe" (normalized: "c:\\windows\\system32\\ycic.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.355] CreateFileW (lpFileName="YcIC.exe" (normalized: "c:\\windows\\system32\\ycic.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.355] GetCurrentThreadId () returned 0x6f8 [0212.355] GetCurrentThreadId () returned 0x6f8 [0212.355] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.355] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.355] CreateFileW (lpFileName="YcIC.exe" (normalized: "c:\\windows\\system32\\ycic.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.356] GetCurrentThreadId () returned 0x6f8 [0212.356] BeginUpdateResourceW (pFileName="YcIC.exe" (normalized: "c:\\windows\\system32\\ycic.exe"), bDeleteExistingResources=0) returned 0x0 [0212.356] CreateFileW (lpFileName="IuoE.ico" (normalized: "c:\\windows\\system32\\iuoe.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfb0 [0212.356] GetFileSize (in: hFile=0xfb0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0212.356] ReadFile (in: hFile=0xfb0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0212.356] CloseHandle (hObject=0xfb0) returned 1 [0212.356] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0212.357] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0212.357] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0212.357] CopyFileW (lpExistingFileName="YcIC.exe" (normalized: "c:\\windows\\system32\\ycic.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kTjFYVFAn4.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktjfyvfan4.mp3.exe"), bFailIfExists=0) returned 0 [0212.357] SetNamedSecurityInfoW () returned 0x2 [0212.357] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kTjFYVFAn4.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktjfyvfan4.mp3")) returned 1 [0212.358] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x78, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x78, lpOverlapped=0x0) returned 1 [0212.359] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0212.359] DeleteFileW (lpFileName="IuoE.ico" (normalized: "c:\\windows\\system32\\iuoe.ico")) returned 1 [0212.360] DeleteFileW (lpFileName="YcIC.exe" (normalized: "c:\\windows\\system32\\ycic.exe")) returned 0 [0212.360] GetCurrentThreadId () returned 0x6f8 [0212.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.360] GetCurrentThreadId () returned 0x6f8 [0212.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.360] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xea7dfba0, ftCreationTime.dwHighDateTime=0x1d5daad, ftLastAccessTime.dwLowDateTime=0x581d22c0, ftLastAccessTime.dwHighDateTime=0x1d5e487, ftLastWriteTime.dwLowDateTime=0x581d22c0, ftLastWriteTime.dwHighDateTime=0x1d5e487, nFileSizeHigh=0x0, nFileSizeLow=0x7fcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kuam1j1Clul.m4a", cAlternateFileName="KUAM1J~1.M4A")) returned 1 [0212.360] GetCurrentThreadId () returned 0x6f8 [0212.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.360] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Macromedia", cAlternateFileName="MACROM~1")) returned 1 [0212.361] GetCurrentThreadId () returned 0x6f8 [0212.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.361] GetCurrentThreadId () returned 0x6f8 [0212.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.361] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68d58 [0212.361] GetCurrentThreadId () returned 0x6f8 [0212.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.361] FindNextFileW (in: hFindFile=0x7e68d58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.361] GetCurrentThreadId () returned 0x6f8 [0212.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.361] FindNextFileW (in: hFindFile=0x7e68d58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0212.361] GetCurrentThreadId () returned 0x6f8 [0212.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.361] GetCurrentThreadId () returned 0x6f8 [0212.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x33dd570, dwHighDateTime=0x1d6076d)) [0212.361] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68d98 [0212.363] GetCurrentThreadId () returned 0x6f8 [0212.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.363] FindNextFileW (in: hFindFile=0x7e68d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.363] GetCurrentThreadId () returned 0x6f8 [0212.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.363] FindNextFileW (in: hFindFile=0x7e68d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="#SharedObjects", cAlternateFileName="#SHARE~1")) returned 1 [0212.363] GetCurrentThreadId () returned 0x6f8 [0212.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.363] GetCurrentThreadId () returned 0x6f8 [0212.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.363] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68dd8 [0212.365] GetCurrentThreadId () returned 0x6f8 [0212.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.365] FindNextFileW (in: hFindFile=0x7e68dd8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.365] GetCurrentThreadId () returned 0x6f8 [0212.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.365] FindNextFileW (in: hFindFile=0x7e68dd8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="P7Y3F7QB", cAlternateFileName="")) returned 1 [0212.365] GetCurrentThreadId () returned 0x6f8 [0212.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.365] GetCurrentThreadId () returned 0x6f8 [0212.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.365] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68e18 [0212.366] GetCurrentThreadId () returned 0x6f8 [0212.366] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.366] FindNextFileW (in: hFindFile=0x7e68e18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.366] GetCurrentThreadId () returned 0x6f8 [0212.366] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.366] FindNextFileW (in: hFindFile=0x7e68e18, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.366] GetCurrentThreadId () returned 0x6f8 [0212.366] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.366] FindNextFileW (in: hFindFile=0x7e68dd8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="P7Y3F7QB", cAlternateFileName="")) returned 0 [0212.367] GetCurrentThreadId () returned 0x6f8 [0212.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.367] FindNextFileW (in: hFindFile=0x7e68d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="macromedia.com", cAlternateFileName="MACROM~1.COM")) returned 1 [0212.367] GetCurrentThreadId () returned 0x6f8 [0212.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.367] GetCurrentThreadId () returned 0x6f8 [0212.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.367] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68e58 [0212.367] GetCurrentThreadId () returned 0x6f8 [0212.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.367] FindNextFileW (in: hFindFile=0x7e68e58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.367] GetCurrentThreadId () returned 0x6f8 [0212.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.367] FindNextFileW (in: hFindFile=0x7e68e58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="support", cAlternateFileName="")) returned 1 [0212.367] GetCurrentThreadId () returned 0x6f8 [0212.368] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.368] GetCurrentThreadId () returned 0x6f8 [0212.368] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.368] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68e98 [0212.368] GetCurrentThreadId () returned 0x6f8 [0212.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.369] FindNextFileW (in: hFindFile=0x7e68e98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.369] GetCurrentThreadId () returned 0x6f8 [0212.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.369] FindNextFileW (in: hFindFile=0x7e68e98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="flashplayer", cAlternateFileName="FLASHP~1")) returned 1 [0212.369] GetCurrentThreadId () returned 0x6f8 [0212.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.369] GetCurrentThreadId () returned 0x6f8 [0212.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.369] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68ed8 [0212.370] GetCurrentThreadId () returned 0x6f8 [0212.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.370] FindNextFileW (in: hFindFile=0x7e68ed8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.370] GetCurrentThreadId () returned 0x6f8 [0212.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.370] FindNextFileW (in: hFindFile=0x7e68ed8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sys", cAlternateFileName="")) returned 1 [0212.370] GetCurrentThreadId () returned 0x6f8 [0212.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.370] GetCurrentThreadId () returned 0x6f8 [0212.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.370] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68f18 [0212.371] GetCurrentThreadId () returned 0x6f8 [0212.371] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.371] FindNextFileW (in: hFindFile=0x7e68f18, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.371] GetCurrentThreadId () returned 0x6f8 [0212.371] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.372] FindNextFileW (in: hFindFile=0x7e68f18, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.sol", cAlternateFileName="")) returned 1 [0212.372] GetCurrentThreadId () returned 0x6f8 [0212.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e410 | out: lpSystemTimeAsFileTime=0x4e4e410*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.372] FindNextFileW (in: hFindFile=0x7e68f18, lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.sol", cAlternateFileName="")) returned 0 [0212.372] GetCurrentThreadId () returned 0x6f8 [0212.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.372] FindNextFileW (in: hFindFile=0x7e68ed8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sys", cAlternateFileName="")) returned 0 [0212.372] GetCurrentThreadId () returned 0x6f8 [0212.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.372] FindNextFileW (in: hFindFile=0x7e68e98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="flashplayer", cAlternateFileName="FLASHP~1")) returned 0 [0212.372] GetCurrentThreadId () returned 0x6f8 [0212.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.372] FindNextFileW (in: hFindFile=0x7e68e58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="support", cAlternateFileName="")) returned 0 [0212.372] GetCurrentThreadId () returned 0x6f8 [0212.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.372] FindNextFileW (in: hFindFile=0x7e68d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="macromedia.com", cAlternateFileName="MACROM~1.COM")) returned 0 [0212.372] GetCurrentThreadId () returned 0x6f8 [0212.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.372] FindNextFileW (in: hFindFile=0x7e68d58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 0 [0212.372] GetCurrentThreadId () returned 0x6f8 [0212.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.372] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0212.372] GetCurrentThreadId () returned 0x6f8 [0212.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.373] GetCurrentThreadId () returned 0x6f8 [0212.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.373] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68f58 [0212.373] GetCurrentThreadId () returned 0x6f8 [0212.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.373] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.373] GetCurrentThreadId () returned 0x6f8 [0212.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.373] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0212.373] GetCurrentThreadId () returned 0x6f8 [0212.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.373] GetCurrentThreadId () returned 0x6f8 [0212.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.373] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68f98 [0212.374] GetCurrentThreadId () returned 0x6f8 [0212.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.374] FindNextFileW (in: hFindFile=0x7e68f98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.374] GetCurrentThreadId () returned 0x6f8 [0212.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.374] FindNextFileW (in: hFindFile=0x7e68f98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.374] GetCurrentThreadId () returned 0x6f8 [0212.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.374] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0212.375] GetCurrentThreadId () returned 0x6f8 [0212.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.375] GetCurrentThreadId () returned 0x6f8 [0212.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.375] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e68fd8 [0212.375] GetCurrentThreadId () returned 0x6f8 [0212.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.375] FindNextFileW (in: hFindFile=0x7e68fd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.375] GetCurrentThreadId () returned 0x6f8 [0212.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.375] FindNextFileW (in: hFindFile=0x7e68fd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.375] GetCurrentThreadId () returned 0x6f8 [0212.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.375] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0212.375] GetCurrentThreadId () returned 0x6f8 [0212.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.375] GetCurrentThreadId () returned 0x6f8 [0212.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.375] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69018 [0212.376] GetCurrentThreadId () returned 0x6f8 [0212.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.376] FindNextFileW (in: hFindFile=0x7e69018, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.376] GetCurrentThreadId () returned 0x6f8 [0212.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.376] FindNextFileW (in: hFindFile=0x7e69018, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0212.376] GetCurrentThreadId () returned 0x6f8 [0212.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.376] GetCurrentThreadId () returned 0x6f8 [0212.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.376] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69058 [0212.376] GetCurrentThreadId () returned 0x6f8 [0212.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.376] FindNextFileW (in: hFindFile=0x7e69058, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.377] GetCurrentThreadId () returned 0x6f8 [0212.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.377] FindNextFileW (in: hFindFile=0x7e69058, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0212.377] GetCurrentThreadId () returned 0x6f8 [0212.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.377] GetCurrentThreadId () returned 0x6f8 [0212.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x34036d0, dwHighDateTime=0x1d6076d)) [0212.377] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69098 [0212.480] GetCurrentThreadId () returned 0x6f8 [0212.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.480] FindNextFileW (in: hFindFile=0x7e69098, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.480] GetCurrentThreadId () returned 0x6f8 [0212.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.480] FindNextFileW (in: hFindFile=0x7e69098, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xa1e34990, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="83AA4C~1")) returned 1 [0212.480] GetCurrentThreadId () returned 0x6f8 [0212.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.480] FindNextFileW (in: hFindFile=0x7e69098, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x57, dwReserved0=0x0, dwReserved1=0x0, cFileName="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="932A2D~1")) returned 1 [0212.480] GetCurrentThreadId () returned 0x6f8 [0212.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.480] FindNextFileW (in: hFindFile=0x7e69098, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0aa1fc0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="FDA992~1")) returned 1 [0212.481] GetCurrentThreadId () returned 0x6f8 [0212.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.481] FindNextFileW (in: hFindFile=0x7e69098, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0aa1fc0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="FDA992~1")) returned 0 [0212.481] GetCurrentThreadId () returned 0x6f8 [0212.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.481] FindNextFileW (in: hFindFile=0x7e69058, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0212.481] GetCurrentThreadId () returned 0x6f8 [0212.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.481] FindNextFileW (in: hFindFile=0x7e69018, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0212.481] GetCurrentThreadId () returned 0x6f8 [0212.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.481] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0212.481] GetCurrentThreadId () returned 0x6f8 [0212.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.481] GetCurrentThreadId () returned 0x6f8 [0212.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.482] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e690d8 [0212.482] GetCurrentThreadId () returned 0x6f8 [0212.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.482] FindNextFileW (in: hFindFile=0x7e690d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.482] GetCurrentThreadId () returned 0x6f8 [0212.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.482] FindNextFileW (in: hFindFile=0x7e690d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0212.483] GetCurrentThreadId () returned 0x6f8 [0212.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.483] GetCurrentThreadId () returned 0x6f8 [0212.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.483] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69118 [0212.483] GetCurrentThreadId () returned 0x6f8 [0212.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.483] FindNextFileW (in: hFindFile=0x7e69118, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.484] GetCurrentThreadId () returned 0x6f8 [0212.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.484] FindNextFileW (in: hFindFile=0x7e69118, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14", cAlternateFileName="")) returned 1 [0212.484] GetCurrentThreadId () returned 0x6f8 [0212.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.484] GetCurrentThreadId () returned 0x6f8 [0212.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.484] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69158 [0212.485] GetCurrentThreadId () returned 0x6f8 [0212.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.486] FindNextFileW (in: hFindFile=0x7e69158, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.486] GetCurrentThreadId () returned 0x6f8 [0212.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.486] FindNextFileW (in: hFindFile=0x7e69158, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4e2b7e00, ftLastWriteTime.dwHighDateTime=0x1ca911e, nFileSizeHigh=0x0, nFileSizeLow=0x3fe4ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 1 [0212.486] GetCurrentThreadId () returned 0x6f8 [0212.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.486] FindNextFileW (in: hFindFile=0x7e69158, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4e2b7e00, ftLastWriteTime.dwHighDateTime=0x1ca911e, nFileSizeHigh=0x0, nFileSizeLow=0x3fe4ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 0 [0212.486] GetCurrentThreadId () returned 0x6f8 [0212.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.486] FindNextFileW (in: hFindFile=0x7e69118, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14", cAlternateFileName="")) returned 0 [0212.486] GetCurrentThreadId () returned 0x6f8 [0212.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x350e070, dwHighDateTime=0x1d6076d)) [0212.486] FindNextFileW (in: hFindFile=0x7e690d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0212.487] GetCurrentThreadId () returned 0x6f8 [0212.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.487] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0212.487] GetCurrentThreadId () returned 0x6f8 [0212.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.487] GetCurrentThreadId () returned 0x6f8 [0212.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69198 [0212.488] GetCurrentThreadId () returned 0x6f8 [0212.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.488] FindNextFileW (in: hFindFile=0x7e69198, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.488] GetCurrentThreadId () returned 0x6f8 [0212.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.488] FindNextFileW (in: hFindFile=0x7e69198, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0212.488] GetCurrentThreadId () returned 0x6f8 [0212.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.488] GetCurrentThreadId () returned 0x6f8 [0212.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.488] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e691d8 [0212.489] GetCurrentThreadId () returned 0x6f8 [0212.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.489] FindNextFileW (in: hFindFile=0x7e691d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.489] GetCurrentThreadId () returned 0x6f8 [0212.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.489] FindNextFileW (in: hFindFile=0x7e691d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.489] GetCurrentThreadId () returned 0x6f8 [0212.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.489] FindNextFileW (in: hFindFile=0x7e69198, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0212.489] GetCurrentThreadId () returned 0x6f8 [0212.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.489] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IME12", cAlternateFileName="")) returned 1 [0212.489] GetCurrentThreadId () returned 0x6f8 [0212.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.489] GetCurrentThreadId () returned 0x6f8 [0212.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69218 [0212.490] GetCurrentThreadId () returned 0x6f8 [0212.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.490] FindNextFileW (in: hFindFile=0x7e69218, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.490] GetCurrentThreadId () returned 0x6f8 [0212.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.490] FindNextFileW (in: hFindFile=0x7e69218, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.490] GetCurrentThreadId () returned 0x6f8 [0212.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.491] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0212.491] GetCurrentThreadId () returned 0x6f8 [0212.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.491] GetCurrentThreadId () returned 0x6f8 [0212.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69258 [0212.491] GetCurrentThreadId () returned 0x6f8 [0212.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.491] FindNextFileW (in: hFindFile=0x7e69258, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.492] GetCurrentThreadId () returned 0x6f8 [0212.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.492] FindNextFileW (in: hFindFile=0x7e69258, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.492] GetCurrentThreadId () returned 0x6f8 [0212.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.492] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0212.492] GetCurrentThreadId () returned 0x6f8 [0212.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.492] GetCurrentThreadId () returned 0x6f8 [0212.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.492] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69298 [0212.493] GetCurrentThreadId () returned 0x6f8 [0212.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.493] FindNextFileW (in: hFindFile=0x7e69298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.493] GetCurrentThreadId () returned 0x6f8 [0212.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.493] FindNextFileW (in: hFindFile=0x7e69298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.493] GetCurrentThreadId () returned 0x6f8 [0212.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.493] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0212.493] GetCurrentThreadId () returned 0x6f8 [0212.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.493] GetCurrentThreadId () returned 0x6f8 [0212.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.494] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e692d8 [0212.494] GetCurrentThreadId () returned 0x6f8 [0212.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.494] FindNextFileW (in: hFindFile=0x7e692d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.494] GetCurrentThreadId () returned 0x6f8 [0212.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.494] FindNextFileW (in: hFindFile=0x7e692d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.494] GetCurrentThreadId () returned 0x6f8 [0212.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.494] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0212.495] GetCurrentThreadId () returned 0x6f8 [0212.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.495] GetCurrentThreadId () returned 0x6f8 [0212.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69318 [0212.495] GetCurrentThreadId () returned 0x6f8 [0212.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.495] FindNextFileW (in: hFindFile=0x7e69318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.495] GetCurrentThreadId () returned 0x6f8 [0212.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.495] FindNextFileW (in: hFindFile=0x7e69318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0212.495] GetCurrentThreadId () returned 0x6f8 [0212.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.495] GetCurrentThreadId () returned 0x6f8 [0212.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69358 [0212.496] GetCurrentThreadId () returned 0x6f8 [0212.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.496] FindNextFileW (in: hFindFile=0x7e69358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.496] GetCurrentThreadId () returned 0x6f8 [0212.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.496] FindNextFileW (in: hFindFile=0x7e69358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4eb35ad0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.496] GetCurrentThreadId () returned 0x6f8 [0212.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.496] FindNextFileW (in: hFindFile=0x7e69358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df47e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df47e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a683760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x8e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0212.496] GetCurrentThreadId () returned 0x6f8 [0212.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.496] FindNextFileW (in: hFindFile=0x7e69358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eb0f970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb0f970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4eb0f970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Launch Internet Explorer Browser.lnk", cAlternateFileName="LAUNCH~1.LNK")) returned 1 [0212.496] GetCurrentThreadId () returned 0x6f8 [0212.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.496] FindNextFileW (in: hFindFile=0x7e69358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0212.496] GetCurrentThreadId () returned 0x6f8 [0212.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.496] FindNextFileW (in: hFindFile=0x7e69358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0212.497] GetCurrentThreadId () returned 0x6f8 [0212.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.497] GetCurrentThreadId () returned 0x6f8 [0212.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69398 [0212.497] GetCurrentThreadId () returned 0x6f8 [0212.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.497] FindNextFileW (in: hFindFile=0x7e69398, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.497] GetCurrentThreadId () returned 0x6f8 [0212.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.497] FindNextFileW (in: hFindFile=0x7e69398, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0212.497] GetCurrentThreadId () returned 0x6f8 [0212.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.497] GetCurrentThreadId () returned 0x6f8 [0212.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e693d8 [0212.498] GetCurrentThreadId () returned 0x6f8 [0212.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.498] FindNextFileW (in: hFindFile=0x7e693d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.498] GetCurrentThreadId () returned 0x6f8 [0212.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.498] FindNextFileW (in: hFindFile=0x7e693d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.499] GetCurrentThreadId () returned 0x6f8 [0212.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.499] FindNextFileW (in: hFindFile=0x7e69398, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0212.499] GetCurrentThreadId () returned 0x6f8 [0212.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.499] GetCurrentThreadId () returned 0x6f8 [0212.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.499] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69418 [0212.499] GetCurrentThreadId () returned 0x6f8 [0212.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.499] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.499] GetCurrentThreadId () returned 0x6f8 [0212.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.500] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc4b320, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.500] GetCurrentThreadId () returned 0x6f8 [0212.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.500] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e02c640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7e02c640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df47e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0212.500] GetCurrentThreadId () returned 0x6f8 [0212.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.500] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc251c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc251c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (2).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0212.500] GetCurrentThreadId () returned 0x6f8 [0212.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.500] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0212.500] GetCurrentThreadId () returned 0x6f8 [0212.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.500] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0de7e00, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x491, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0212.500] GetCurrentThreadId () returned 0x6f8 [0212.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.500] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer (2).lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0212.501] GetCurrentThreadId () returned 0x6f8 [0212.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.501] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0212.501] GetCurrentThreadId () returned 0x6f8 [0212.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.501] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player (2).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0212.501] GetCurrentThreadId () returned 0x6f8 [0212.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.501] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0212.501] GetCurrentThreadId () returned 0x6f8 [0212.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.501] FindNextFileW (in: hFindFile=0x7e69418, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0212.501] GetCurrentThreadId () returned 0x6f8 [0212.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.501] FindNextFileW (in: hFindFile=0x7e69398, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0212.501] GetCurrentThreadId () returned 0x6f8 [0212.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.502] FindNextFileW (in: hFindFile=0x7e69358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0212.502] GetCurrentThreadId () returned 0x6f8 [0212.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.502] FindNextFileW (in: hFindFile=0x7e69358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0212.502] GetCurrentThreadId () returned 0x6f8 [0212.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35341d0, dwHighDateTime=0x1d6076d)) [0212.502] FindNextFileW (in: hFindFile=0x7e69318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0212.502] GetCurrentThreadId () returned 0x6f8 [0212.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.502] GetCurrentThreadId () returned 0x6f8 [0212.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.503] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69458 [0212.504] GetCurrentThreadId () returned 0x6f8 [0212.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.504] FindNextFileW (in: hFindFile=0x7e69458, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.504] GetCurrentThreadId () returned 0x6f8 [0212.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.505] FindNextFileW (in: hFindFile=0x7e69458, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0212.505] GetCurrentThreadId () returned 0x6f8 [0212.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.505] GetCurrentThreadId () returned 0x6f8 [0212.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.505] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69498 [0212.505] GetCurrentThreadId () returned 0x6f8 [0212.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.505] FindNextFileW (in: hFindFile=0x7e69498, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.506] GetCurrentThreadId () returned 0x6f8 [0212.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.506] FindNextFileW (in: hFindFile=0x7e69498, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="65UX3YG0", cAlternateFileName="")) returned 1 [0212.506] GetCurrentThreadId () returned 0x6f8 [0212.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.506] GetCurrentThreadId () returned 0x6f8 [0212.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.506] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e694d8 [0212.508] GetCurrentThreadId () returned 0x6f8 [0212.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.508] FindNextFileW (in: hFindFile=0x7e694d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.508] GetCurrentThreadId () returned 0x6f8 [0212.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.508] FindNextFileW (in: hFindFile=0x7e694d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.508] GetCurrentThreadId () returned 0x6f8 [0212.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.508] FindNextFileW (in: hFindFile=0x7e69498, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AY721QDR", cAlternateFileName="")) returned 1 [0212.508] GetCurrentThreadId () returned 0x6f8 [0212.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.508] GetCurrentThreadId () returned 0x6f8 [0212.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.508] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69518 [0212.509] GetCurrentThreadId () returned 0x6f8 [0212.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.509] FindNextFileW (in: hFindFile=0x7e69518, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.509] GetCurrentThreadId () returned 0x6f8 [0212.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.509] FindNextFileW (in: hFindFile=0x7e69518, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.509] GetCurrentThreadId () returned 0x6f8 [0212.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.509] FindNextFileW (in: hFindFile=0x7e69498, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZBKZBIC", cAlternateFileName="")) returned 1 [0212.509] GetCurrentThreadId () returned 0x6f8 [0212.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.509] GetCurrentThreadId () returned 0x6f8 [0212.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69558 [0212.510] GetCurrentThreadId () returned 0x6f8 [0212.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.510] FindNextFileW (in: hFindFile=0x7e69558, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.510] GetCurrentThreadId () returned 0x6f8 [0212.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.510] FindNextFileW (in: hFindFile=0x7e69558, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.510] GetCurrentThreadId () returned 0x6f8 [0212.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.511] FindNextFileW (in: hFindFile=0x7e69498, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0212.511] GetCurrentThreadId () returned 0x6f8 [0212.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.511] FindNextFileW (in: hFindFile=0x7e69498, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VRLZOZ0E", cAlternateFileName="")) returned 1 [0212.511] GetCurrentThreadId () returned 0x6f8 [0212.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.511] GetCurrentThreadId () returned 0x6f8 [0212.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.511] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69598 [0212.511] GetCurrentThreadId () returned 0x6f8 [0212.512] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.512] FindNextFileW (in: hFindFile=0x7e69598, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.512] GetCurrentThreadId () returned 0x6f8 [0212.512] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.512] FindNextFileW (in: hFindFile=0x7e69598, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.512] GetCurrentThreadId () returned 0x6f8 [0212.512] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.512] FindNextFileW (in: hFindFile=0x7e69498, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VRLZOZ0E", cAlternateFileName="")) returned 0 [0212.512] GetCurrentThreadId () returned 0x6f8 [0212.512] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.512] FindNextFileW (in: hFindFile=0x7e69458, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0 [0212.512] GetCurrentThreadId () returned 0x6f8 [0212.512] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.512] FindNextFileW (in: hFindFile=0x7e69318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 0 [0212.512] GetCurrentThreadId () returned 0x6f8 [0212.512] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.512] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMC", cAlternateFileName="")) returned 1 [0212.513] GetCurrentThreadId () returned 0x6f8 [0212.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.513] GetCurrentThreadId () returned 0x6f8 [0212.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.513] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e695d8 [0212.513] GetCurrentThreadId () returned 0x6f8 [0212.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.513] FindNextFileW (in: hFindFile=0x7e695d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.513] GetCurrentThreadId () returned 0x6f8 [0212.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.514] FindNextFileW (in: hFindFile=0x7e695d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.514] GetCurrentThreadId () returned 0x6f8 [0212.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.514] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS Project", cAlternateFileName="MSPROJ~1")) returned 1 [0212.514] GetCurrentThreadId () returned 0x6f8 [0212.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.514] GetCurrentThreadId () returned 0x6f8 [0212.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x355a330, dwHighDateTime=0x1d6076d)) [0212.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69618 [0212.544] GetCurrentThreadId () returned 0x6f8 [0212.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x3580490, dwHighDateTime=0x1d6076d)) [0212.544] FindNextFileW (in: hFindFile=0x7e69618, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.544] GetCurrentThreadId () returned 0x6f8 [0212.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x3580490, dwHighDateTime=0x1d6076d)) [0212.544] FindNextFileW (in: hFindFile=0x7e69618, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14", cAlternateFileName="")) returned 1 [0212.544] GetCurrentThreadId () returned 0x6f8 [0212.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x3580490, dwHighDateTime=0x1d6076d)) [0212.544] GetCurrentThreadId () returned 0x6f8 [0212.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x3580490, dwHighDateTime=0x1d6076d)) [0212.544] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69658 [0212.547] GetCurrentThreadId () returned 0x6f8 [0212.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x3580490, dwHighDateTime=0x1d6076d)) [0212.547] FindNextFileW (in: hFindFile=0x7e69658, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.547] GetCurrentThreadId () returned 0x6f8 [0212.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x3580490, dwHighDateTime=0x1d6076d)) [0212.547] FindNextFileW (in: hFindFile=0x7e69658, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0212.548] GetCurrentThreadId () returned 0x6f8 [0212.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x3580490, dwHighDateTime=0x1d6076d)) [0212.548] GetCurrentThreadId () returned 0x6f8 [0212.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x3580490, dwHighDateTime=0x1d6076d)) [0212.548] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69698 [0212.552] GetCurrentThreadId () returned 0x6f8 [0212.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.552] FindNextFileW (in: hFindFile=0x7e69698, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.552] GetCurrentThreadId () returned 0x6f8 [0212.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.552] FindNextFileW (in: hFindFile=0x7e69698, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xfee79d60, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x5f600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Global.MPT", cAlternateFileName="")) returned 1 [0212.552] GetCurrentThreadId () returned 0x6f8 [0212.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.552] FindNextFileW (in: hFindFile=0x7e69698, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xfee79d60, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x5f600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Global.MPT", cAlternateFileName="")) returned 0 [0212.552] GetCurrentThreadId () returned 0x6f8 [0212.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.552] FindNextFileW (in: hFindFile=0x7e69658, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0212.552] GetCurrentThreadId () returned 0x6f8 [0212.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.553] FindNextFileW (in: hFindFile=0x7e69618, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14", cAlternateFileName="")) returned 0 [0212.553] GetCurrentThreadId () returned 0x6f8 [0212.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.553] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0212.553] GetCurrentThreadId () returned 0x6f8 [0212.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.553] GetCurrentThreadId () returned 0x6f8 [0212.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.553] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e696d8 [0212.554] GetCurrentThreadId () returned 0x6f8 [0212.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.554] FindNextFileW (in: hFindFile=0x7e696d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.554] GetCurrentThreadId () returned 0x6f8 [0212.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.554] FindNextFileW (in: hFindFile=0x7e696d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0212.554] GetCurrentThreadId () returned 0x6f8 [0212.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.554] GetCurrentThreadId () returned 0x6f8 [0212.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.554] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69718 [0212.555] GetCurrentThreadId () returned 0x6f8 [0212.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.555] FindNextFileW (in: hFindFile=0x7e69718, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.555] GetCurrentThreadId () returned 0x6f8 [0212.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.555] FindNextFileW (in: hFindFile=0x7e69718, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 1 [0212.555] GetCurrentThreadId () returned 0x6f8 [0212.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.555] GetCurrentThreadId () returned 0x6f8 [0212.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.555] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e69758 [0212.556] GetCurrentThreadId () returned 0x6f8 [0212.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.556] FindNextFileW (in: hFindFile=0x7e69758, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.556] GetCurrentThreadId () returned 0x6f8 [0212.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.556] FindNextFileW (in: hFindFile=0x7e69758, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0212.556] GetCurrentThreadId () returned 0x6f8 [0212.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.556] GetCurrentThreadId () returned 0x6f8 [0212.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.556] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6dfd8 [0212.556] GetCurrentThreadId () returned 0x6f8 [0212.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.556] FindNextFileW (in: hFindFile=0x7e6dfd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.557] GetCurrentThreadId () returned 0x6f8 [0212.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.557] FindNextFileW (in: hFindFile=0x7e6dfd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0212.557] GetCurrentThreadId () returned 0x6f8 [0212.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.557] FindNextFileW (in: hFindFile=0x7e6dfd8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 0 [0212.557] GetCurrentThreadId () returned 0x6f8 [0212.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.557] FindNextFileW (in: hFindFile=0x7e69758, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 0 [0212.557] GetCurrentThreadId () returned 0x6f8 [0212.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.557] FindNextFileW (in: hFindFile=0x7e69718, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 0 [0212.557] GetCurrentThreadId () returned 0x6f8 [0212.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.557] FindNextFileW (in: hFindFile=0x7e696d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0212.557] GetCurrentThreadId () returned 0x6f8 [0212.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.558] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0212.558] GetCurrentThreadId () returned 0x6f8 [0212.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.558] GetCurrentThreadId () returned 0x6f8 [0212.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e018 [0212.590] GetCurrentThreadId () returned 0x6f8 [0212.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.590] FindNextFileW (in: hFindFile=0x7e6e018, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.590] GetCurrentThreadId () returned 0x6f8 [0212.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.590] FindNextFileW (in: hFindFile=0x7e6e018, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f6ce7b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f6ce7b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f6ce7b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x9382, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0212.591] GetCurrentThreadId () returned 0x6f8 [0212.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.591] FindNextFileW (in: hFindFile=0x7e6e018, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0212.591] GetCurrentThreadId () returned 0x6f8 [0212.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.591] GetCurrentThreadId () returned 0x6f8 [0212.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.591] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e058 [0212.593] GetCurrentThreadId () returned 0x6f8 [0212.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.593] FindNextFileW (in: hFindFile=0x7e6e058, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.593] GetCurrentThreadId () returned 0x6f8 [0212.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.593] FindNextFileW (in: hFindFile=0x7e6e058, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90b3d80, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x59a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Global.LNK", cAlternateFileName="")) returned 1 [0212.593] GetCurrentThreadId () returned 0x6f8 [0212.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.593] FindNextFileW (in: hFindFile=0x7e6e058, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x34, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0212.593] GetCurrentThreadId () returned 0x6f8 [0212.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.594] FindNextFileW (in: hFindFile=0x7e6e058, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0212.594] GetCurrentThreadId () returned 0x6f8 [0212.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.594] FindNextFileW (in: hFindFile=0x7e6e058, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 0 [0212.594] GetCurrentThreadId () returned 0x6f8 [0212.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.594] FindNextFileW (in: hFindFile=0x7e6e018, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 0 [0212.594] GetCurrentThreadId () returned 0x6f8 [0212.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.594] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0212.594] GetCurrentThreadId () returned 0x6f8 [0212.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x35f28b0, dwHighDateTime=0x1d6076d)) [0212.594] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e098 [0212.596] FindNextFileW (in: hFindFile=0x7e6e098, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.596] FindNextFileW (in: hFindFile=0x7e6e098, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5de69980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5de69980, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5e0c9040, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0212.597] FindNextFileW (in: hFindFile=0x7e6e098, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0212.597] FindNextFileW (in: hFindFile=0x7e6e098, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 0 [0212.597] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPoint", cAlternateFileName="POWERP~1")) returned 1 [0212.597] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e0d8 [0212.598] FindNextFileW (in: hFindFile=0x7e6e0d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.599] FindNextFileW (in: hFindFile=0x7e6e0d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.599] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0212.599] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e118 [0212.666] FindNextFileW (in: hFindFile=0x7e6e118, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.666] FindNextFileW (in: hFindFile=0x7e6e118, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.666] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0212.666] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e158 [0212.669] FindNextFileW (in: hFindFile=0x7e6e158, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.669] FindNextFileW (in: hFindFile=0x7e6e158, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0212.669] FindNextFileW (in: hFindFile=0x7e6e158, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0212.669] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e198 [0212.843] FindNextFileW (in: hFindFile=0x7e6e198, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.843] FindNextFileW (in: hFindFile=0x7e6e198, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0212.844] FindNextFileW (in: hFindFile=0x7e6e198, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0212.844] FindNextFileW (in: hFindFile=0x7e6e198, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0212.844] FindNextFileW (in: hFindFile=0x7e6e158, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0212.844] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e1d8 [0212.847] FindNextFileW (in: hFindFile=0x7e6e1d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.847] FindNextFileW (in: hFindFile=0x7e6e1d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf923e050, ftCreationTime.dwHighDateTime=0x1d3aab9, ftLastAccessTime.dwLowDateTime=0xf923e050, ftLastAccessTime.dwHighDateTime=0x1d3aab9, ftLastWriteTime.dwLowDateTime=0xf923e050, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="02540a10-7eb7-4b20-a8c7-470f8986389c", cAlternateFileName="02540A~1")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x7e6e1d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xdc5ea830, ftCreationTime.dwHighDateTime=0x1d41fce, ftLastAccessTime.dwLowDateTime=0xdc5ea830, ftLastAccessTime.dwHighDateTime=0x1d41fce, ftLastWriteTime.dwLowDateTime=0xdc5ea830, ftLastWriteTime.dwHighDateTime=0x1d41fce, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="0e15476d-d8fe-46ca-8099-ebdcf80f637c", cAlternateFileName="0E1547~1")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x7e6e1d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf6409280, ftCreationTime.dwHighDateTime=0x1d4ae2c, ftLastAccessTime.dwLowDateTime=0xf6409280, ftLastAccessTime.dwHighDateTime=0x1d4ae2c, ftLastWriteTime.dwLowDateTime=0xf6409280, ftLastWriteTime.dwHighDateTime=0x1d4ae2c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="102a7bc8-3f85-4bb4-840a-38257d2965d2", cAlternateFileName="102A7B~1")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x7e6e1d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542b0350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542b0350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x542b0350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="2be989a0-16a1-424b-9211-51aa3bb43e5d", cAlternateFileName="2BE989~1")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x7e6e1d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x89f07f80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", cAlternateFileName="915F9E~1")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x7e6e1d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x17ffec90, ftCreationTime.dwHighDateTime=0x1d3373c, ftLastAccessTime.dwLowDateTime=0x17ffec90, ftLastAccessTime.dwHighDateTime=0x1d3373c, ftLastWriteTime.dwLowDateTime=0x18024df0, ftLastWriteTime.dwHighDateTime=0x1d3373c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="fbbe72db-afd8-443b-88dd-64b20388700d", cAlternateFileName="FBBE72~1")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x7e6e1d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x89f54240, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x7e6e1d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x89f54240, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0212.848] FindNextFileW (in: hFindFile=0x7e6e158, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36031920, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x7e6e158, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36031920, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0212.848] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 1 [0212.848] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e218 [0213.284] FindNextFileW (in: hFindFile=0x7e6e218, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.284] FindNextFileW (in: hFindFile=0x7e6e218, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0213.285] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publisher Building Blocks", cAlternateFileName="PUBLIS~2")) returned 1 [0213.285] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e258 [0213.327] FindNextFileW (in: hFindFile=0x7e6e258, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.327] FindNextFileW (in: hFindFile=0x7e6e258, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0xa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ContentStore.xml", cAlternateFileName="CONTEN~1.XML")) returned 1 [0213.327] FindNextFileW (in: hFindFile=0x7e6e258, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0xa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ContentStore.xml", cAlternateFileName="CONTEN~1.XML")) returned 0 [0213.327] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech", cAlternateFileName="")) returned 1 [0213.327] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e298 [0213.328] FindNextFileW (in: hFindFile=0x7e6e298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.328] FindNextFileW (in: hFindFile=0x7e6e298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0213.328] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0213.328] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e2d8 [0213.328] FindNextFileW (in: hFindFile=0x7e6e2d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.329] FindNextFileW (in: hFindFile=0x7e6e2d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0213.329] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e318 [0213.329] FindNextFileW (in: hFindFile=0x7e6e318, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.329] FindNextFileW (in: hFindFile=0x7e6e318, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0213.329] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e358 [0213.329] FindNextFileW (in: hFindFile=0x7e6e358, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.329] FindNextFileW (in: hFindFile=0x7e6e358, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0213.330] FindNextFileW (in: hFindFile=0x7e6e318, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0213.330] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e398 [0213.330] FindNextFileW (in: hFindFile=0x7e6e398, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.330] FindNextFileW (in: hFindFile=0x7e6e398, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0213.330] FindNextFileW (in: hFindFile=0x7e6e318, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0213.330] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e3d8 [0213.331] FindNextFileW (in: hFindFile=0x7e6e3d8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.331] FindNextFileW (in: hFindFile=0x7e6e3d8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0213.331] FindNextFileW (in: hFindFile=0x7e6e318, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 0 [0213.331] FindNextFileW (in: hFindFile=0x7e6e2d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0 [0213.331] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0213.331] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0213.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e418 [0213.333] FindNextFileW (in: hFindFile=0x7e6e418, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.336] FindNextFileW (in: hFindFile=0x7e6e418, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 1 [0213.336] FindNextFileW (in: hFindFile=0x7e6e418, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 0 [0213.336] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0213.336] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0213.336] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e458 [0213.340] FindNextFileW (in: hFindFile=0x7e6e458, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.340] FindNextFileW (in: hFindFile=0x7e6e458, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 1 [0213.340] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e498 [0213.342] FindNextFileW (in: hFindFile=0x7e6e498, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.342] FindNextFileW (in: hFindFile=0x7e6e498, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0213.342] FindNextFileW (in: hFindFile=0x7e6e458, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 0 [0213.342] FindNextFileW (in: hFindFile=0x7e68f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 0 [0213.342] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0213.342] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e4d8 [0213.343] FindNextFileW (in: hFindFile=0x7e6e4d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.343] FindNextFileW (in: hFindFile=0x7e6e4d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0213.344] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e518 [0213.345] FindNextFileW (in: hFindFile=0x7e6e518, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.345] FindNextFileW (in: hFindFile=0x7e6e518, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0213.345] FindNextFileW (in: hFindFile=0x7e6e4d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Firefox", cAlternateFileName="")) returned 1 [0213.345] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e558 [0213.346] FindNextFileW (in: hFindFile=0x7e6e558, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.346] FindNextFileW (in: hFindFile=0x7e6e558, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crash Reports", cAlternateFileName="CRASHR~1")) returned 1 [0213.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e598 [0213.347] FindNextFileW (in: hFindFile=0x7e6e598, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.347] FindNextFileW (in: hFindFile=0x7e6e598, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 1 [0213.348] FindNextFileW (in: hFindFile=0x7e6e598, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 0 [0213.348] FindNextFileW (in: hFindFile=0x7e6e558, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0213.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e5d8 [0213.349] FindNextFileW (in: hFindFile=0x7e6e5d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.349] FindNextFileW (in: hFindFile=0x7e6e5d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0213.349] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e618 [0213.352] FindNextFileW (in: hFindFile=0x7e6e618, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.353] FindNextFileW (in: hFindFile=0x7e6e618, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb76a6d10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="addons.json", cAlternateFileName="ADDONS~1.JSO")) returned 1 [0213.354] FindNextFileW (in: hFindFile=0x7e6e618, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarkbackups", cAlternateFileName="BOOKMA~1")) returned 1 [0213.354] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e658 [0213.356] FindNextFileW (in: hFindFile=0x7e6e658, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.356] FindNextFileW (in: hFindFile=0x7e6e658, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc37df2c0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-05_5.json", cAlternateFileName="BOOKMA~1.JSO")) returned 1 [0213.356] FindNextFileW (in: hFindFile=0x7e6e658, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 1 [0213.356] FindNextFileW (in: hFindFile=0x7e6e658, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 0 [0213.356] FindNextFileW (in: hFindFile=0x7e6e618, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cert8.db", cAlternateFileName="")) returned 1 [0213.356] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e698 [0213.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*", lpFindFileData=0x4e4e444 | out: lpFindFileData=0x4e4e444*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e6d8 [0213.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*", lpFindFileData=0x4e4e1d0 | out: lpFindFileData=0x4e4e1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e718 [0213.360] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*", lpFindFileData=0x4e4df5c | out: lpFindFileData=0x4e4df5c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e758 [0213.361] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e798 [0213.362] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e7d8 [0213.366] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nTJeTyZOCSW507E.gif", dwFileAttributes=0x80) returned 1 [0213.366] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nTJeTyZOCSW507E.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ntjetyzocsw507e.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0213.367] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10574 [0213.374] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nTJeTyZOCSW507E.gif", dwFileAttributes=0x2020) returned 1 [0213.375] GetCurrentThreadId () returned 0x6f8 [0213.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x3d62d70, dwHighDateTime=0x1d6076d)) [0213.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x3d62d70, dwHighDateTime=0x1d6076d)) [0213.375] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nTJeTyZOCSW507E.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nTJeTyZOCSW507E.gif", piIcon=0x4e4efc4) returned 0x29008b [0213.387] GetIconInfo (in: hIcon=0x29008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0213.387] CreateFileW (lpFileName="YOsg.ico" (normalized: "c:\\windows\\system32\\yosg.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d8 [0213.388] GetObjectA (in: h=0x730501fa, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0213.388] GetObjectA (in: h=0x9b050776, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0213.388] CreateCompatibleDC (hdc=0x0) returned 0x93010772 [0213.388] GetDIBits (in: hdc=0x93010772, hbm=0x730501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0213.388] GetDIBits (in: hdc=0x93010772, hbm=0x730501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0213.388] GetDIBits (in: hdc=0x93010772, hbm=0x730501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0213.388] GetDIBits (in: hdc=0x93010772, hbm=0x9b050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0213.388] WriteFile (in: hFile=0x10d8, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0213.389] WriteFile (in: hFile=0x10d8, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0213.390] WriteFile (in: hFile=0x10d8, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0213.390] WriteFile (in: hFile=0x10d8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0213.390] WriteFile (in: hFile=0x10d8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0213.390] DeleteDC (hdc=0x93010772) returned 1 [0213.390] CloseHandle (hObject=0x10d8) returned 1 [0213.390] DeleteObject (ho=0x730501fa) returned 1 [0213.390] DeleteObject (ho=0x9b050776) returned 1 [0213.390] DestroyCursor (hCursor=0x29008b) returned 1 [0213.390] GetCurrentThreadId () returned 0x6f8 [0213.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nTJeTyZOCSW507E.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ntjetyzocsw507e.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d8 [0213.391] GetFileSize (in: hFile=0x10d8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10574 [0213.396] ReadFile (in: hFile=0x10d8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x10574, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x10574, lpOverlapped=0x0) returned 1 [0213.396] CloseHandle (hObject=0x10d8) returned 1 [0213.396] GetCurrentThreadId () returned 0x6f8 [0213.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x3daf030, dwHighDateTime=0x1d6076d)) [0213.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x3daf030, dwHighDateTime=0x1d6076d)) [0213.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x3daf030, dwHighDateTime=0x1d6076d)) [0213.579] GetCurrentThreadId () returned 0x6f8 [0213.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x3f51f50, dwHighDateTime=0x1d6076d)) [0213.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x3f51f50, dwHighDateTime=0x1d6076d)) [0213.579] GetCurrentThreadId () returned 0x6f8 [0213.579] CreateFileW (lpFileName="EcIS.exe" (normalized: "c:\\windows\\system32\\ecis.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.580] CreateFileW (lpFileName="EcIS.exe" (normalized: "c:\\windows\\system32\\ecis.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.580] GetCurrentThreadId () returned 0x6f8 [0213.580] GetCurrentThreadId () returned 0x6f8 [0213.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x3f51f50, dwHighDateTime=0x1d6076d)) [0213.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x3f51f50, dwHighDateTime=0x1d6076d)) [0213.580] CreateFileW (lpFileName="EcIS.exe" (normalized: "c:\\windows\\system32\\ecis.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.580] GetCurrentThreadId () returned 0x6f8 [0213.580] BeginUpdateResourceW (pFileName="EcIS.exe" (normalized: "c:\\windows\\system32\\ecis.exe"), bDeleteExistingResources=0) returned 0x0 [0213.580] CreateFileW (lpFileName="YOsg.ico" (normalized: "c:\\windows\\system32\\yosg.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d8 [0213.581] GetFileSize (in: hFile=0x10d8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0213.581] ReadFile (in: hFile=0x10d8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0213.582] CloseHandle (hObject=0x10d8) returned 1 [0213.583] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0213.583] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0213.583] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0213.583] CopyFileW (lpExistingFileName="EcIS.exe" (normalized: "c:\\windows\\system32\\ecis.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nTJeTyZOCSW507E.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ntjetyzocsw507e.gif.exe"), bFailIfExists=0) returned 0 [0213.583] SetNamedSecurityInfoW () returned 0x2 [0213.583] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nTJeTyZOCSW507E.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ntjetyzocsw507e.gif")) returned 1 [0213.584] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x82, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x82, lpOverlapped=0x0) returned 1 [0213.584] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0213.585] DeleteFileW (lpFileName="YOsg.ico" (normalized: "c:\\windows\\system32\\yosg.ico")) returned 1 [0213.586] DeleteFileW (lpFileName="EcIS.exe" (normalized: "c:\\windows\\system32\\ecis.exe")) returned 0 [0213.586] GetCurrentThreadId () returned 0x6f8 [0213.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x3f780b0, dwHighDateTime=0x1d6076d)) [0213.586] GetCurrentThreadId () returned 0x6f8 [0213.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x3f780b0, dwHighDateTime=0x1d6076d)) [0213.586] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf69bd450, ftCreationTime.dwHighDateTime=0x1d5da64, ftLastAccessTime.dwLowDateTime=0x61df4030, ftLastAccessTime.dwHighDateTime=0x1d5db82, ftLastWriteTime.dwLowDateTime=0x61df4030, ftLastWriteTime.dwHighDateTime=0x1d5db82, nFileSizeHigh=0x0, nFileSizeLow=0x29e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="qhPPT9FD2g0WnPk.m4a", cAlternateFileName="QHPPT9~1.M4A")) returned 1 [0213.586] GetCurrentThreadId () returned 0x6f8 [0213.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x3f780b0, dwHighDateTime=0x1d6076d)) [0213.586] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc94c4510, ftCreationTime.dwHighDateTime=0x1d5dfd3, ftLastAccessTime.dwLowDateTime=0xf1ffaa00, ftLastAccessTime.dwHighDateTime=0x1d5da2f, ftLastWriteTime.dwLowDateTime=0xf1ffaa00, ftLastWriteTime.dwHighDateTime=0x1d5da2f, nFileSizeHigh=0x0, nFileSizeLow=0xe3f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="rxNR.swf", cAlternateFileName="")) returned 1 [0213.586] GetCurrentThreadId () returned 0x6f8 [0213.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x3f780b0, dwHighDateTime=0x1d6076d)) [0213.587] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45be8c00, ftCreationTime.dwHighDateTime=0x1d5d7ac, ftLastAccessTime.dwLowDateTime=0x2bc77db0, ftLastAccessTime.dwHighDateTime=0x1d5e2c0, ftLastWriteTime.dwLowDateTime=0x2bc77db0, ftLastWriteTime.dwHighDateTime=0x1d5e2c0, nFileSizeHigh=0x0, nFileSizeLow=0x13784, dwReserved0=0x0, dwReserved1=0x0, cFileName="sTl.jpg", cAlternateFileName="")) returned 1 [0213.587] GetCurrentThreadId () returned 0x6f8 [0213.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x3f780b0, dwHighDateTime=0x1d6076d)) [0213.587] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sTl.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\stl.jpg")) returned 0x2020 [0213.587] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sTl.jpg", dwFileAttributes=0x80) returned 1 [0213.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sTl.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\stl.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d8 [0213.587] GetFileSize (in: hFile=0x10d8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13784 [0213.592] ReadFile (in: hFile=0x10d8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x13784, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x13784, lpOverlapped=0x0) returned 1 [0213.595] GetCurrentThreadId () returned 0x6f8 [0213.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x3f9e210, dwHighDateTime=0x1d6076d)) [0213.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x3f9e210, dwHighDateTime=0x1d6076d)) [0213.595] GetCurrentThreadId () returned 0x6f8 [0213.595] CloseHandle (hObject=0x10d8) returned 1 [0213.595] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sTl.jpg", dwFileAttributes=0x2020) returned 1 [0213.596] GetCurrentThreadId () returned 0x6f8 [0213.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x3f9e210, dwHighDateTime=0x1d6076d)) [0213.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x3f9e210, dwHighDateTime=0x1d6076d)) [0213.596] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sTl.jpg", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sTl.jpg", piIcon=0x4e4efc4) returned 0x2b008b [0213.628] GetIconInfo (in: hIcon=0x2b008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0213.628] CreateFileW (lpFileName="UmUk.ico" (normalized: "c:\\windows\\system32\\umuk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d8 [0213.629] GetObjectA (in: h=0x8a050770, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0213.629] GetObjectA (in: h=0xf40501ca, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0213.629] CreateCompatibleDC (hdc=0x0) returned 0xc601076f [0213.629] GetDIBits (in: hdc=0xc601076f, hbm=0x8a050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0213.629] GetDIBits (in: hdc=0xc601076f, hbm=0x8a050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0213.629] GetDIBits (in: hdc=0xc601076f, hbm=0x8a050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0213.629] GetDIBits (in: hdc=0xc601076f, hbm=0xf40501ca, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0213.629] WriteFile (in: hFile=0x10d8, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0213.631] WriteFile (in: hFile=0x10d8, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0213.631] WriteFile (in: hFile=0x10d8, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0213.631] WriteFile (in: hFile=0x10d8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0213.631] WriteFile (in: hFile=0x10d8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0213.632] DeleteDC (hdc=0xc601076f) returned 1 [0213.632] CloseHandle (hObject=0x10d8) returned 1 [0213.636] DeleteObject (ho=0x8a050770) returned 1 [0213.636] DeleteObject (ho=0xf40501ca) returned 1 [0213.636] DestroyCursor (hCursor=0x2b008b) returned 1 [0213.636] GetCurrentThreadId () returned 0x6f8 [0213.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sTl.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\stl.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d8 [0213.636] GetFileSize (in: hFile=0x10d8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13784 [0213.641] ReadFile (in: hFile=0x10d8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x13784, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x13784, lpOverlapped=0x0) returned 1 [0213.642] CloseHandle (hObject=0x10d8) returned 1 [0213.642] GetCurrentThreadId () returned 0x6f8 [0213.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x4010630, dwHighDateTime=0x1d6076d)) [0213.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x4010630, dwHighDateTime=0x1d6076d)) [0213.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x4010630, dwHighDateTime=0x1d6076d)) [0213.803] GetCurrentThreadId () returned 0x6f8 [0213.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x418d3f0, dwHighDateTime=0x1d6076d)) [0213.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x418d3f0, dwHighDateTime=0x1d6076d)) [0213.803] GetCurrentThreadId () returned 0x6f8 [0213.803] CreateFileW (lpFileName="isAm.exe" (normalized: "c:\\windows\\system32\\isam.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.804] CreateFileW (lpFileName="isAm.exe" (normalized: "c:\\windows\\system32\\isam.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.805] GetCurrentThreadId () returned 0x6f8 [0213.805] GetCurrentThreadId () returned 0x6f8 [0213.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x418d3f0, dwHighDateTime=0x1d6076d)) [0213.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x418d3f0, dwHighDateTime=0x1d6076d)) [0213.805] CreateFileW (lpFileName="isAm.exe" (normalized: "c:\\windows\\system32\\isam.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.805] GetCurrentThreadId () returned 0x6f8 [0213.805] BeginUpdateResourceW (pFileName="isAm.exe" (normalized: "c:\\windows\\system32\\isam.exe"), bDeleteExistingResources=0) returned 0x0 [0213.805] CreateFileW (lpFileName="UmUk.ico" (normalized: "c:\\windows\\system32\\umuk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d8 [0213.805] GetFileSize (in: hFile=0x10d8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0213.806] ReadFile (in: hFile=0x10d8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0213.806] CloseHandle (hObject=0x10d8) returned 1 [0213.806] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0213.806] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0213.806] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0213.806] CopyFileW (lpExistingFileName="isAm.exe" (normalized: "c:\\windows\\system32\\isam.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sTl.jpg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\stl.jpg.exe"), bFailIfExists=0) returned 0 [0213.806] SetNamedSecurityInfoW () returned 0x2 [0213.806] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sTl.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\stl.jpg")) returned 1 [0213.809] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6a, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x6a, lpOverlapped=0x0) returned 1 [0213.809] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0213.809] DeleteFileW (lpFileName="UmUk.ico" (normalized: "c:\\windows\\system32\\umuk.ico")) returned 1 [0213.811] DeleteFileW (lpFileName="isAm.exe" (normalized: "c:\\windows\\system32\\isam.exe")) returned 0 [0213.811] GetCurrentThreadId () returned 0x6f8 [0213.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x418d3f0, dwHighDateTime=0x1d6076d)) [0213.811] GetCurrentThreadId () returned 0x6f8 [0213.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x418d3f0, dwHighDateTime=0x1d6076d)) [0213.811] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24de1f90, ftCreationTime.dwHighDateTime=0x1d5df8c, ftLastAccessTime.dwLowDateTime=0xa5129420, ftLastAccessTime.dwHighDateTime=0x1d5d910, ftLastWriteTime.dwLowDateTime=0xa5129420, ftLastWriteTime.dwHighDateTime=0x1d5d910, nFileSizeHigh=0x0, nFileSizeLow=0x155e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="vs0ug152FAzJBeX2r.avi", cAlternateFileName="VS0UG1~1.AVI")) returned 1 [0213.811] GetCurrentThreadId () returned 0x6f8 [0213.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x418d3f0, dwHighDateTime=0x1d6076d)) [0213.811] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b65ee0, ftCreationTime.dwHighDateTime=0x1d5e5c9, ftLastAccessTime.dwLowDateTime=0xdf051840, ftLastAccessTime.dwHighDateTime=0x1d5d903, ftLastWriteTime.dwLowDateTime=0xdf051840, ftLastWriteTime.dwHighDateTime=0x1d5d903, nFileSizeHigh=0x0, nFileSizeLow=0x3fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="wIlYNc.gif", cAlternateFileName="")) returned 1 [0213.811] GetCurrentThreadId () returned 0x6f8 [0213.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x418d3f0, dwHighDateTime=0x1d6076d)) [0213.811] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wIlYNc.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wilync.gif")) returned 0x2020 [0213.811] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wIlYNc.gif", dwFileAttributes=0x80) returned 1 [0213.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wIlYNc.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wilync.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d8 [0213.812] GetFileSize (in: hFile=0x10d8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fb4 [0213.817] ReadFile (in: hFile=0x10d8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x3fb4, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x3fb4, lpOverlapped=0x0) returned 1 [0213.823] GetCurrentThreadId () returned 0x6f8 [0213.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x41b3550, dwHighDateTime=0x1d6076d)) [0213.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x41b3550, dwHighDateTime=0x1d6076d)) [0213.823] GetCurrentThreadId () returned 0x6f8 [0213.823] CloseHandle (hObject=0x10d8) returned 1 [0213.823] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wIlYNc.gif", dwFileAttributes=0x2020) returned 1 [0213.824] GetCurrentThreadId () returned 0x6f8 [0213.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x41b3550, dwHighDateTime=0x1d6076d)) [0213.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x41b3550, dwHighDateTime=0x1d6076d)) [0213.824] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wIlYNc.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wIlYNc.gif", piIcon=0x4e4efc4) returned 0x2c008b [0213.835] GetIconInfo (in: hIcon=0x2c008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0213.836] CreateFileW (lpFileName="YKUI.ico" (normalized: "c:\\windows\\system32\\ykui.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10dc [0213.836] GetObjectA (in: h=0xbe0501fe, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0213.836] GetObjectA (in: h=0x79050771, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0213.837] CreateCompatibleDC (hdc=0x0) returned 0xa4010776 [0213.837] GetDIBits (in: hdc=0xa4010776, hbm=0xbe0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0213.837] GetDIBits (in: hdc=0xa4010776, hbm=0xbe0501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0213.837] GetDIBits (in: hdc=0xa4010776, hbm=0xbe0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0213.837] GetDIBits (in: hdc=0xa4010776, hbm=0x79050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0213.837] WriteFile (in: hFile=0x10dc, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0213.838] WriteFile (in: hFile=0x10dc, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0213.838] WriteFile (in: hFile=0x10dc, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0213.838] WriteFile (in: hFile=0x10dc, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0213.839] WriteFile (in: hFile=0x10dc, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0213.839] DeleteDC (hdc=0xa4010776) returned 1 [0213.839] CloseHandle (hObject=0x10dc) returned 1 [0213.839] DeleteObject (ho=0xbe0501fe) returned 1 [0213.839] DeleteObject (ho=0x79050771) returned 1 [0213.839] DestroyCursor (hCursor=0x2c008b) returned 1 [0213.839] GetCurrentThreadId () returned 0x6f8 [0213.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wIlYNc.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wilync.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10dc [0213.840] GetFileSize (in: hFile=0x10dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fb4 [0213.844] ReadFile (in: hFile=0x10dc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x3fb4, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x3fb4, lpOverlapped=0x0) returned 1 [0213.845] CloseHandle (hObject=0x10dc) returned 1 [0213.845] GetCurrentThreadId () returned 0x6f8 [0213.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x41ff810, dwHighDateTime=0x1d6076d)) [0213.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x41ff810, dwHighDateTime=0x1d6076d)) [0213.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x41ff810, dwHighDateTime=0x1d6076d)) [0213.923] GetCurrentThreadId () returned 0x6f8 [0213.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x42bdef0, dwHighDateTime=0x1d6076d)) [0213.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x42bdef0, dwHighDateTime=0x1d6076d)) [0213.923] GetCurrentThreadId () returned 0x6f8 [0213.923] CreateFileW (lpFileName="EoMq.exe" (normalized: "c:\\windows\\system32\\eomq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.923] CreateFileW (lpFileName="EoMq.exe" (normalized: "c:\\windows\\system32\\eomq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.924] GetCurrentThreadId () returned 0x6f8 [0213.924] GetCurrentThreadId () returned 0x6f8 [0213.924] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x42bdef0, dwHighDateTime=0x1d6076d)) [0213.924] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x42bdef0, dwHighDateTime=0x1d6076d)) [0213.924] CreateFileW (lpFileName="EoMq.exe" (normalized: "c:\\windows\\system32\\eomq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.924] GetCurrentThreadId () returned 0x6f8 [0213.924] BeginUpdateResourceW (pFileName="EoMq.exe" (normalized: "c:\\windows\\system32\\eomq.exe"), bDeleteExistingResources=0) returned 0x0 [0213.924] CreateFileW (lpFileName="YKUI.ico" (normalized: "c:\\windows\\system32\\ykui.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10dc [0213.924] GetFileSize (in: hFile=0x10dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0213.925] ReadFile (in: hFile=0x10dc, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0213.925] CloseHandle (hObject=0x10dc) returned 1 [0213.925] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0213.925] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0213.925] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0213.925] CopyFileW (lpExistingFileName="EoMq.exe" (normalized: "c:\\windows\\system32\\eomq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wIlYNc.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wilync.gif.exe"), bFailIfExists=0) returned 0 [0213.925] SetNamedSecurityInfoW () returned 0x2 [0213.925] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wIlYNc.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wilync.gif")) returned 1 [0213.927] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x70, lpOverlapped=0x0) returned 1 [0213.927] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0213.928] DeleteFileW (lpFileName="YKUI.ico" (normalized: "c:\\windows\\system32\\ykui.ico")) returned 1 [0213.929] DeleteFileW (lpFileName="EoMq.exe" (normalized: "c:\\windows\\system32\\eomq.exe")) returned 0 [0213.929] GetCurrentThreadId () returned 0x6f8 [0213.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x42bdef0, dwHighDateTime=0x1d6076d)) [0213.929] GetCurrentThreadId () returned 0x6f8 [0213.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x42bdef0, dwHighDateTime=0x1d6076d)) [0213.929] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x38f8da10, ftCreationTime.dwHighDateTime=0x1d5e086, ftLastAccessTime.dwLowDateTime=0x6aa71c80, ftLastAccessTime.dwHighDateTime=0x1d5e18e, ftLastWriteTime.dwLowDateTime=0x6aa71c80, ftLastWriteTime.dwHighDateTime=0x1d5e18e, nFileSizeHigh=0x0, nFileSizeLow=0x11886, dwReserved0=0x0, dwReserved1=0x0, cFileName="XaAsLYDJsFXx7IQhvgc.mp3", cAlternateFileName="XAASLY~1.MP3")) returned 1 [0213.929] GetCurrentThreadId () returned 0x6f8 [0213.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x42bdef0, dwHighDateTime=0x1d6076d)) [0213.929] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XaAsLYDJsFXx7IQhvgc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xaaslydjsfxx7iqhvgc.mp3")) returned 0x2020 [0213.930] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XaAsLYDJsFXx7IQhvgc.mp3", dwFileAttributes=0x80) returned 1 [0213.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XaAsLYDJsFXx7IQhvgc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xaaslydjsfxx7iqhvgc.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10dc [0213.930] GetFileSize (in: hFile=0x10dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11886 [0213.935] ReadFile (in: hFile=0x10dc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x11886, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x11886, lpOverlapped=0x0) returned 1 [0213.937] GetCurrentThreadId () returned 0x6f8 [0213.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x42bdef0, dwHighDateTime=0x1d6076d)) [0213.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x42bdef0, dwHighDateTime=0x1d6076d)) [0213.937] GetCurrentThreadId () returned 0x6f8 [0213.938] CloseHandle (hObject=0x10dc) returned 1 [0213.938] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XaAsLYDJsFXx7IQhvgc.mp3", dwFileAttributes=0x2020) returned 1 [0213.938] GetCurrentThreadId () returned 0x6f8 [0213.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x42e4050, dwHighDateTime=0x1d6076d)) [0213.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x42e4050, dwHighDateTime=0x1d6076d)) [0213.938] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XaAsLYDJsFXx7IQhvgc.mp3", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XaAsLYDJsFXx7IQhvgc.mp3", piIcon=0x4e4efc4) returned 0x2d008b [0213.950] GetIconInfo (in: hIcon=0x2d008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0213.950] CreateFileW (lpFileName="GCsk.ico" (normalized: "c:\\windows\\system32\\gcsk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d8 [0213.951] GetObjectA (in: h=0xf70501ca, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0213.951] GetObjectA (in: h=0x8f050770, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0213.951] CreateCompatibleDC (hdc=0x0) returned 0x7e0101fa [0213.951] GetDIBits (in: hdc=0x7e0101fa, hbm=0xf70501ca, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0213.951] GetDIBits (in: hdc=0x7e0101fa, hbm=0xf70501ca, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0213.951] GetDIBits (in: hdc=0x7e0101fa, hbm=0xf70501ca, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0213.952] GetDIBits (in: hdc=0x7e0101fa, hbm=0x8f050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0213.952] WriteFile (in: hFile=0x10d8, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0213.953] WriteFile (in: hFile=0x10d8, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0213.953] WriteFile (in: hFile=0x10d8, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0213.953] WriteFile (in: hFile=0x10d8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0213.953] WriteFile (in: hFile=0x10d8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0213.954] DeleteDC (hdc=0x7e0101fa) returned 1 [0213.954] CloseHandle (hObject=0x10d8) returned 1 [0213.954] DeleteObject (ho=0xf70501ca) returned 1 [0213.954] DeleteObject (ho=0x8f050770) returned 1 [0213.954] DestroyCursor (hCursor=0x2d008b) returned 1 [0213.954] GetCurrentThreadId () returned 0x6f8 [0213.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XaAsLYDJsFXx7IQhvgc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xaaslydjsfxx7iqhvgc.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d8 [0213.954] GetFileSize (in: hFile=0x10d8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11886 [0213.959] ReadFile (in: hFile=0x10d8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x11886, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x11886, lpOverlapped=0x0) returned 1 [0213.959] CloseHandle (hObject=0x10d8) returned 1 [0213.959] GetCurrentThreadId () returned 0x6f8 [0213.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x430a1b0, dwHighDateTime=0x1d6076d)) [0213.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x430a1b0, dwHighDateTime=0x1d6076d)) [0213.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x430a1b0, dwHighDateTime=0x1d6076d)) [0214.019] GetCurrentThreadId () returned 0x6f8 [0214.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.019] GetCurrentThreadId () returned 0x6f8 [0214.020] CreateFileW (lpFileName="UMoW.exe" (normalized: "c:\\windows\\system32\\umow.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.020] CreateFileW (lpFileName="UMoW.exe" (normalized: "c:\\windows\\system32\\umow.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.021] GetCurrentThreadId () returned 0x6f8 [0214.021] GetCurrentThreadId () returned 0x6f8 [0214.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.021] CreateFileW (lpFileName="UMoW.exe" (normalized: "c:\\windows\\system32\\umow.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.022] GetCurrentThreadId () returned 0x6f8 [0214.022] BeginUpdateResourceW (pFileName="UMoW.exe" (normalized: "c:\\windows\\system32\\umow.exe"), bDeleteExistingResources=0) returned 0x0 [0214.022] CreateFileW (lpFileName="GCsk.ico" (normalized: "c:\\windows\\system32\\gcsk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d8 [0214.022] GetFileSize (in: hFile=0x10d8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0214.022] ReadFile (in: hFile=0x10d8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0214.022] CloseHandle (hObject=0x10d8) returned 1 [0214.022] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0214.022] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0214.022] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0214.022] CopyFileW (lpExistingFileName="UMoW.exe" (normalized: "c:\\windows\\system32\\umow.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XaAsLYDJsFXx7IQhvgc.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xaaslydjsfxx7iqhvgc.mp3.exe"), bFailIfExists=0) returned 0 [0214.023] SetNamedSecurityInfoW () returned 0x2 [0214.023] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XaAsLYDJsFXx7IQhvgc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xaaslydjsfxx7iqhvgc.mp3")) returned 1 [0214.025] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x8a, lpOverlapped=0x0) returned 1 [0214.025] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0214.025] DeleteFileW (lpFileName="GCsk.ico" (normalized: "c:\\windows\\system32\\gcsk.ico")) returned 1 [0214.026] DeleteFileW (lpFileName="UMoW.exe" (normalized: "c:\\windows\\system32\\umow.exe")) returned 0 [0214.026] GetCurrentThreadId () returned 0x6f8 [0214.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.026] GetCurrentThreadId () returned 0x6f8 [0214.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.026] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d5dec0, ftCreationTime.dwHighDateTime=0x1d5da8e, ftLastAccessTime.dwLowDateTime=0x5b0c7230, ftLastAccessTime.dwHighDateTime=0x1d5da0d, ftLastWriteTime.dwLowDateTime=0x5b0c7230, ftLastWriteTime.dwHighDateTime=0x1d5da0d, nFileSizeHigh=0x0, nFileSizeLow=0x146d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="XONMTUS38E8xM.avi", cAlternateFileName="XONMTU~1.AVI")) returned 1 [0214.027] GetCurrentThreadId () returned 0x6f8 [0214.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.027] FindNextFileW (in: hFindFile=0x7e688d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d5dec0, ftCreationTime.dwHighDateTime=0x1d5da8e, ftLastAccessTime.dwLowDateTime=0x5b0c7230, ftLastAccessTime.dwHighDateTime=0x1d5da0d, ftLastWriteTime.dwLowDateTime=0x5b0c7230, ftLastWriteTime.dwHighDateTime=0x1d5da0d, nFileSizeHigh=0x0, nFileSizeLow=0x146d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="XONMTUS38E8xM.avi", cAlternateFileName="XONMTU~1.AVI")) returned 0 [0214.027] GetCurrentThreadId () returned 0x6f8 [0214.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.027] FindNextFileW (in: hFindFile=0x6a8b08, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda3b1fe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda3b1fe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0 [0214.027] GetCurrentThreadId () returned 0x6f8 [0214.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.027] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0214.027] GetCurrentThreadId () returned 0x6f8 [0214.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.027] GetCurrentThreadId () returned 0x6f8 [0214.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.027] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0214.027] GetCurrentThreadId () returned 0x6f8 [0214.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.027] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0214.027] GetCurrentThreadId () returned 0x6f8 [0214.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.028] GetCurrentThreadId () returned 0x6f8 [0214.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.028] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e818 [0214.028] GetCurrentThreadId () returned 0x6f8 [0214.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.028] FindNextFileW (in: hFindFile=0x7e6e818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0214.028] GetCurrentThreadId () returned 0x6f8 [0214.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.028] FindNextFileW (in: hFindFile=0x7e6e818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0214.028] GetCurrentThreadId () returned 0x6f8 [0214.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.028] FindNextFileW (in: hFindFile=0x7e6e818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0214.028] GetCurrentThreadId () returned 0x6f8 [0214.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.028] FindNextFileW (in: hFindFile=0x7e6e818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0x0, dwReserved1=0x0, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0214.028] GetCurrentThreadId () returned 0x6f8 [0214.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.028] FindNextFileW (in: hFindFile=0x7e6e818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0x0, dwReserved1=0x0, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0214.028] GetCurrentThreadId () returned 0x6f8 [0214.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.029] FindNextFileW (in: hFindFile=0x7e6e818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0214.029] GetCurrentThreadId () returned 0x6f8 [0214.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.029] FindNextFileW (in: hFindFile=0x7e6e818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0x0, dwReserved1=0x0, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0214.029] GetCurrentThreadId () returned 0x6f8 [0214.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.029] FindNextFileW (in: hFindFile=0x7e6e818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0214.029] GetCurrentThreadId () returned 0x6f8 [0214.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.029] FindNextFileW (in: hFindFile=0x7e6e818, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0 [0214.029] GetCurrentThreadId () returned 0x6f8 [0214.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.029] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0214.029] GetCurrentThreadId () returned 0x6f8 [0214.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.029] GetCurrentThreadId () returned 0x6f8 [0214.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.029] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0214.030] GetCurrentThreadId () returned 0x6f8 [0214.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.030] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa99fa250, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa99fa250, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0214.030] GetCurrentThreadId () returned 0x6f8 [0214.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.030] GetCurrentThreadId () returned 0x6f8 [0214.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.030] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa99fa250, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa99fa250, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e858 [0214.030] GetCurrentThreadId () returned 0x6f8 [0214.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.030] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa99fa250, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa99fa250, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0214.030] GetCurrentThreadId () returned 0x6f8 [0214.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.030] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed0aafa0, ftCreationTime.dwHighDateTime=0x1d5e753, ftLastAccessTime.dwLowDateTime=0x30688b70, ftLastAccessTime.dwHighDateTime=0x1d5e4e1, ftLastWriteTime.dwLowDateTime=0x30688b70, ftLastWriteTime.dwHighDateTime=0x1d5e4e1, nFileSizeHigh=0x0, nFileSizeLow=0xd4bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="-8a792ko18OvUhzmFur.wav", cAlternateFileName="-8A792~1.WAV")) returned 1 [0214.030] GetCurrentThreadId () returned 0x6f8 [0214.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.030] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9de0e10, ftCreationTime.dwHighDateTime=0x1d5e736, ftLastAccessTime.dwLowDateTime=0x726b2a20, ftLastAccessTime.dwHighDateTime=0x1d5e539, ftLastWriteTime.dwLowDateTime=0x726b2a20, ftLastWriteTime.dwHighDateTime=0x1d5e539, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="-a7-.csv", cAlternateFileName="")) returned 1 [0214.030] GetCurrentThreadId () returned 0x6f8 [0214.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.030] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8526e7f0, ftCreationTime.dwHighDateTime=0x1d5d99d, ftLastAccessTime.dwLowDateTime=0x1e2637e0, ftLastAccessTime.dwHighDateTime=0x1d5e5ff, ftLastWriteTime.dwLowDateTime=0x1e2637e0, ftLastWriteTime.dwHighDateTime=0x1d5e5ff, nFileSizeHigh=0x0, nFileSizeLow=0x13a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="-SNv_.wav", cAlternateFileName="")) returned 1 [0214.031] GetCurrentThreadId () returned 0x6f8 [0214.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.031] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d4fe350, ftCreationTime.dwHighDateTime=0x1d5e7ac, ftLastAccessTime.dwLowDateTime=0x7df09f70, ftLastAccessTime.dwHighDateTime=0x1d5e137, ftLastWriteTime.dwLowDateTime=0x7df09f70, ftLastWriteTime.dwHighDateTime=0x1d5e137, nFileSizeHigh=0x0, nFileSizeLow=0x22fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="1PKtjDbenf.bmp", cAlternateFileName="1PKTJD~1.BMP")) returned 1 [0214.031] GetCurrentThreadId () returned 0x6f8 [0214.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x43a2730, dwHighDateTime=0x1d6076d)) [0214.031] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1PKtjDbenf.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1pktjdbenf.bmp")) returned 0x20 [0214.031] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1PKtjDbenf.bmp", dwFileAttributes=0x80) returned 1 [0214.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1PKtjDbenf.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1pktjdbenf.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.032] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x22fe [0214.037] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x22fe, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x22fe, lpOverlapped=0x0) returned 1 [0214.038] GetCurrentThreadId () returned 0x6f8 [0214.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x43c8890, dwHighDateTime=0x1d6076d)) [0214.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x43c8890, dwHighDateTime=0x1d6076d)) [0214.038] GetCurrentThreadId () returned 0x6f8 [0214.038] CloseHandle (hObject=0x10d4) returned 1 [0214.038] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1PKtjDbenf.bmp", dwFileAttributes=0x20) returned 1 [0214.039] GetCurrentThreadId () returned 0x6f8 [0214.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x43c8890, dwHighDateTime=0x1d6076d)) [0214.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x43c8890, dwHighDateTime=0x1d6076d)) [0214.039] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1PKtjDbenf.bmp", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1PKtjDbenf.bmp", piIcon=0x4e4f238) returned 0x13014d [0214.051] GetIconInfo (in: hIcon=0x13014d, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0214.051] CreateFileW (lpFileName="sIIA.ico" (normalized: "c:\\windows\\system32\\siia.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.052] GetObjectA (in: h=0x7c050771, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0214.052] GetObjectA (in: h=0xc30501fe, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0214.052] CreateCompatibleDC (hdc=0x0) returned 0xa701016f [0214.052] GetDIBits (in: hdc=0xa701016f, hbm=0x7c050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0214.052] GetDIBits (in: hdc=0xa701016f, hbm=0x7c050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0214.052] GetDIBits (in: hdc=0xa701016f, hbm=0x7c050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0214.053] GetDIBits (in: hdc=0xa701016f, hbm=0xc30501fe, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0214.053] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0214.054] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0214.054] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0214.054] WriteFile (in: hFile=0x10e0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0214.054] WriteFile (in: hFile=0x10e0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0214.054] DeleteDC (hdc=0xa701016f) returned 1 [0214.054] CloseHandle (hObject=0x10e0) returned 1 [0214.055] DeleteObject (ho=0x7c050771) returned 1 [0214.055] DeleteObject (ho=0xc30501fe) returned 1 [0214.055] DestroyCursor (hCursor=0x13014d) returned 1 [0214.055] GetCurrentThreadId () returned 0x6f8 [0214.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1PKtjDbenf.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1pktjdbenf.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.055] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x22fe [0214.060] ReadFile (in: hFile=0x10e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x22fe, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x22fe, lpOverlapped=0x0) returned 1 [0214.060] CloseHandle (hObject=0x10e0) returned 1 [0214.060] GetCurrentThreadId () returned 0x6f8 [0214.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x43ee9f0, dwHighDateTime=0x1d6076d)) [0214.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x43ee9f0, dwHighDateTime=0x1d6076d)) [0214.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x43ee9f0, dwHighDateTime=0x1d6076d)) [0214.160] GetCurrentThreadId () returned 0x6f8 [0214.160] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.160] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.160] GetCurrentThreadId () returned 0x6f8 [0214.161] CreateFileW (lpFileName="aYgs.exe" (normalized: "c:\\windows\\system32\\aygs.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.161] CreateFileW (lpFileName="aYgs.exe" (normalized: "c:\\windows\\system32\\aygs.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.161] GetCurrentThreadId () returned 0x6f8 [0214.162] GetCurrentThreadId () returned 0x6f8 [0214.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.162] CreateFileW (lpFileName="aYgs.exe" (normalized: "c:\\windows\\system32\\aygs.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.162] GetCurrentThreadId () returned 0x6f8 [0214.162] BeginUpdateResourceW (pFileName="aYgs.exe" (normalized: "c:\\windows\\system32\\aygs.exe"), bDeleteExistingResources=0) returned 0x0 [0214.162] CreateFileW (lpFileName="sIIA.ico" (normalized: "c:\\windows\\system32\\siia.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e0 [0214.162] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0214.162] ReadFile (in: hFile=0x10e0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0214.162] CloseHandle (hObject=0x10e0) returned 1 [0214.163] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0214.163] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0214.163] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0214.163] CopyFileW (lpExistingFileName="aYgs.exe" (normalized: "c:\\windows\\system32\\aygs.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1PKtjDbenf.bmp.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1pktjdbenf.bmp.exe"), bFailIfExists=0) returned 0 [0214.163] SetNamedSecurityInfoW () returned 0x2 [0214.163] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1PKtjDbenf.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1pktjdbenf.bmp")) returned 1 [0214.165] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x68, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x68, lpOverlapped=0x0) returned 1 [0214.166] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0214.166] DeleteFileW (lpFileName="sIIA.ico" (normalized: "c:\\windows\\system32\\siia.ico")) returned 1 [0214.167] DeleteFileW (lpFileName="aYgs.exe" (normalized: "c:\\windows\\system32\\aygs.exe")) returned 0 [0214.167] GetCurrentThreadId () returned 0x6f8 [0214.167] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.167] GetCurrentThreadId () returned 0x6f8 [0214.167] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.167] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9282570, ftCreationTime.dwHighDateTime=0x1d5e1fb, ftLastAccessTime.dwLowDateTime=0xb2a0db0, ftLastAccessTime.dwHighDateTime=0x1d5de6b, ftLastWriteTime.dwLowDateTime=0xb2a0db0, ftLastWriteTime.dwHighDateTime=0x1d5de6b, nFileSizeHigh=0x0, nFileSizeLow=0x10d33, dwReserved0=0x0, dwReserved1=0x0, cFileName="a6tpbU9.m4a", cAlternateFileName="")) returned 1 [0214.168] GetCurrentThreadId () returned 0x6f8 [0214.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.168] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cb50f60, ftCreationTime.dwHighDateTime=0x1d5e80d, ftLastAccessTime.dwLowDateTime=0x30faf120, ftLastAccessTime.dwHighDateTime=0x1d5dfe3, ftLastWriteTime.dwLowDateTime=0x30faf120, ftLastWriteTime.dwHighDateTime=0x1d5dfe3, nFileSizeHigh=0x0, nFileSizeLow=0x11bd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="C0sVTVTaEm6q8.wav", cAlternateFileName="C0SVTV~1.WAV")) returned 1 [0214.168] GetCurrentThreadId () returned 0x6f8 [0214.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.168] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58cbf7f0, ftCreationTime.dwHighDateTime=0x1d5e077, ftLastAccessTime.dwLowDateTime=0x6c356d0, ftLastAccessTime.dwHighDateTime=0x1d5de2c, ftLastWriteTime.dwLowDateTime=0x6c356d0, ftLastWriteTime.dwHighDateTime=0x1d5de2c, nFileSizeHigh=0x0, nFileSizeLow=0x10c57, dwReserved0=0x0, dwReserved1=0x0, cFileName="COOC_j.swf", cAlternateFileName="")) returned 1 [0214.168] GetCurrentThreadId () returned 0x6f8 [0214.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.168] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0214.168] GetCurrentThreadId () returned 0x6f8 [0214.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.168] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d15c770, ftCreationTime.dwHighDateTime=0x1d5d9a4, ftLastAccessTime.dwLowDateTime=0x10c164d0, ftLastAccessTime.dwHighDateTime=0x1d5e68b, ftLastWriteTime.dwLowDateTime=0x10c164d0, ftLastWriteTime.dwHighDateTime=0x1d5e68b, nFileSizeHigh=0x0, nFileSizeLow=0x158ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnKRl.mkv", cAlternateFileName="")) returned 1 [0214.168] GetCurrentThreadId () returned 0x6f8 [0214.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.168] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe081490, ftCreationTime.dwHighDateTime=0x1d5e443, ftLastAccessTime.dwLowDateTime=0x28aea8d0, ftLastAccessTime.dwHighDateTime=0x1d5df3a, ftLastWriteTime.dwLowDateTime=0x28aea8d0, ftLastWriteTime.dwHighDateTime=0x1d5df3a, nFileSizeHigh=0x0, nFileSizeLow=0x134bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="e1 oWsSGdFjinV0PAl3y.wav", cAlternateFileName="E1OWSS~1.WAV")) returned 1 [0214.168] GetCurrentThreadId () returned 0x6f8 [0214.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.168] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2e13500, ftCreationTime.dwHighDateTime=0x1d5d939, ftLastAccessTime.dwLowDateTime=0xdbfc5a0, ftLastAccessTime.dwHighDateTime=0x1d5e2fe, ftLastWriteTime.dwLowDateTime=0xdbfc5a0, ftLastWriteTime.dwHighDateTime=0x1d5e2fe, nFileSizeHigh=0x0, nFileSizeLow=0x138e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="FSaq62DdiuRd4Sb.m4a", cAlternateFileName="FSAQ62~1.M4A")) returned 1 [0214.168] GetCurrentThreadId () returned 0x6f8 [0214.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.168] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26692f0, ftCreationTime.dwHighDateTime=0x1d5d977, ftLastAccessTime.dwLowDateTime=0xb0dd1c60, ftLastAccessTime.dwHighDateTime=0x1d5e3ee, ftLastWriteTime.dwLowDateTime=0xb0dd1c60, ftLastWriteTime.dwHighDateTime=0x1d5e3ee, nFileSizeHigh=0x0, nFileSizeLow=0x5193, dwReserved0=0x0, dwReserved1=0x0, cFileName="IADcQgA2vzv_FJer-q5.gif", cAlternateFileName="IADCQG~1.GIF")) returned 1 [0214.168] GetCurrentThreadId () returned 0x6f8 [0214.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x44f9390, dwHighDateTime=0x1d6076d)) [0214.169] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IADcQgA2vzv_FJer-q5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iadcqga2vzv_fjer-q5.gif")) returned 0x20 [0214.169] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IADcQgA2vzv_FJer-q5.gif", dwFileAttributes=0x80) returned 1 [0214.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IADcQgA2vzv_FJer-q5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iadcqga2vzv_fjer-q5.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.170] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5193 [0214.174] ReadFile (in: hFile=0x10e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x5193, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x5193, lpOverlapped=0x0) returned 1 [0214.176] GetCurrentThreadId () returned 0x6f8 [0214.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x451f4f0, dwHighDateTime=0x1d6076d)) [0214.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x451f4f0, dwHighDateTime=0x1d6076d)) [0214.176] GetCurrentThreadId () returned 0x6f8 [0214.176] CloseHandle (hObject=0x10e0) returned 1 [0214.176] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IADcQgA2vzv_FJer-q5.gif", dwFileAttributes=0x20) returned 1 [0214.177] GetCurrentThreadId () returned 0x6f8 [0214.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x451f4f0, dwHighDateTime=0x1d6076d)) [0214.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x451f4f0, dwHighDateTime=0x1d6076d)) [0214.177] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IADcQgA2vzv_FJer-q5.gif", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IADcQgA2vzv_FJer-q5.gif", piIcon=0x4e4f238) returned 0x14014d [0214.183] GetIconInfo (in: hIcon=0x14014d, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0214.183] CreateFileW (lpFileName="cawM.ico" (normalized: "c:\\windows\\system32\\cawm.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.184] GetObjectA (in: h=0x92050770, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0214.184] GetObjectA (in: h=0xfc0501ca, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0214.184] CreateCompatibleDC (hdc=0x0) returned 0xa1010772 [0214.184] GetDIBits (in: hdc=0xa1010772, hbm=0x92050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0214.184] GetDIBits (in: hdc=0xa1010772, hbm=0x92050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0214.184] GetDIBits (in: hdc=0xa1010772, hbm=0x92050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0214.184] GetDIBits (in: hdc=0xa1010772, hbm=0xfc0501ca, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0214.184] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0214.185] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0214.186] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0214.186] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0214.186] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0214.186] DeleteDC (hdc=0xa1010772) returned 1 [0214.186] CloseHandle (hObject=0x10d4) returned 1 [0214.186] DeleteObject (ho=0x92050770) returned 1 [0214.186] DeleteObject (ho=0xfc0501ca) returned 1 [0214.186] DestroyCursor (hCursor=0x14014d) returned 1 [0214.187] GetCurrentThreadId () returned 0x6f8 [0214.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IADcQgA2vzv_FJer-q5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iadcqga2vzv_fjer-q5.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.187] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5193 [0214.193] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x5193, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x5193, lpOverlapped=0x0) returned 1 [0214.193] CloseHandle (hObject=0x10d4) returned 1 [0214.193] GetCurrentThreadId () returned 0x6f8 [0214.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4545650, dwHighDateTime=0x1d6076d)) [0214.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4545650, dwHighDateTime=0x1d6076d)) [0214.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x4545650, dwHighDateTime=0x1d6076d)) [0214.273] GetCurrentThreadId () returned 0x6f8 [0214.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4603d30, dwHighDateTime=0x1d6076d)) [0214.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4603d30, dwHighDateTime=0x1d6076d)) [0214.273] GetCurrentThreadId () returned 0x6f8 [0214.274] CreateFileW (lpFileName="eUIM.exe" (normalized: "c:\\windows\\system32\\euim.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.274] CreateFileW (lpFileName="eUIM.exe" (normalized: "c:\\windows\\system32\\euim.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.275] GetCurrentThreadId () returned 0x6f8 [0214.275] GetCurrentThreadId () returned 0x6f8 [0214.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4603d30, dwHighDateTime=0x1d6076d)) [0214.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4603d30, dwHighDateTime=0x1d6076d)) [0214.275] CreateFileW (lpFileName="eUIM.exe" (normalized: "c:\\windows\\system32\\euim.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.275] GetCurrentThreadId () returned 0x6f8 [0214.275] BeginUpdateResourceW (pFileName="eUIM.exe" (normalized: "c:\\windows\\system32\\euim.exe"), bDeleteExistingResources=0) returned 0x0 [0214.275] CreateFileW (lpFileName="cawM.ico" (normalized: "c:\\windows\\system32\\cawm.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0214.275] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0214.276] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0214.276] CloseHandle (hObject=0x10d4) returned 1 [0214.276] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0214.276] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0214.276] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0214.276] CopyFileW (lpExistingFileName="eUIM.exe" (normalized: "c:\\windows\\system32\\euim.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IADcQgA2vzv_FJer-q5.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iadcqga2vzv_fjer-q5.gif.exe"), bFailIfExists=0) returned 0 [0214.276] SetNamedSecurityInfoW () returned 0x2 [0214.277] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IADcQgA2vzv_FJer-q5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iadcqga2vzv_fjer-q5.gif")) returned 1 [0214.280] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7a, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x7a, lpOverlapped=0x0) returned 1 [0214.280] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0214.280] DeleteFileW (lpFileName="cawM.ico" (normalized: "c:\\windows\\system32\\cawm.ico")) returned 1 [0214.281] DeleteFileW (lpFileName="eUIM.exe" (normalized: "c:\\windows\\system32\\euim.exe")) returned 0 [0214.281] GetCurrentThreadId () returned 0x6f8 [0214.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x4629e90, dwHighDateTime=0x1d6076d)) [0214.281] GetCurrentThreadId () returned 0x6f8 [0214.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4629e90, dwHighDateTime=0x1d6076d)) [0214.281] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa99fa250, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0xa99fa250, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa9a203b0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x10be, dwReserved0=0x0, dwReserved1=0x0, cFileName="iaks.ico", cAlternateFileName="")) returned 1 [0214.281] GetCurrentThreadId () returned 0x6f8 [0214.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4629e90, dwHighDateTime=0x1d6076d)) [0214.281] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f2dac10, ftCreationTime.dwHighDateTime=0x1d5daa9, ftLastAccessTime.dwLowDateTime=0x92f18530, ftLastAccessTime.dwHighDateTime=0x1d5d7b2, ftLastWriteTime.dwLowDateTime=0x92f18530, ftLastWriteTime.dwHighDateTime=0x1d5d7b2, nFileSizeHigh=0x0, nFileSizeLow=0x5b1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iIRkonOxQwBgUeekd.mkv", cAlternateFileName="IIRKON~1.MKV")) returned 1 [0214.281] GetCurrentThreadId () returned 0x6f8 [0214.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4629e90, dwHighDateTime=0x1d6076d)) [0214.282] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b3badf0, ftCreationTime.dwHighDateTime=0x1d5e7c7, ftLastAccessTime.dwLowDateTime=0x2a1601a0, ftLastAccessTime.dwHighDateTime=0x1d5dc74, ftLastWriteTime.dwLowDateTime=0x2a1601a0, ftLastWriteTime.dwHighDateTime=0x1d5dc74, nFileSizeHigh=0x0, nFileSizeLow=0x614e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kh-2MWWlh.swf", cAlternateFileName="KH-2MW~1.SWF")) returned 1 [0214.282] GetCurrentThreadId () returned 0x6f8 [0214.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4629e90, dwHighDateTime=0x1d6076d)) [0214.282] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8730e800, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0x8730e800, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x36b48d00, ftLastWriteTime.dwHighDateTime=0x1d60762, nFileSizeHigh=0x0, nFileSizeLow=0x84e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lef9NVBNY3Gqm5dX.exe", cAlternateFileName="LEF9NV~1.EXE")) returned 1 [0214.282] GetCurrentThreadId () returned 0x6f8 [0214.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x4629e90, dwHighDateTime=0x1d6076d)) [0214.282] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lef9NVBNY3Gqm5dX.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lef9nvbny3gqm5dx.exe")) returned 0x20 [0214.282] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lef9NVBNY3Gqm5dX.exe", dwFileAttributes=0x80) returned 1 [0214.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lef9NVBNY3Gqm5dX.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lef9nvbny3gqm5dx.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.283] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x84e00 [0214.287] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x84e00, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x84e00, lpOverlapped=0x0) returned 1 [0214.296] GetCurrentThreadId () returned 0x6f8 [0214.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x464fff0, dwHighDateTime=0x1d6076d)) [0214.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x464fff0, dwHighDateTime=0x1d6076d)) [0214.296] GetCurrentThreadId () returned 0x6f8 [0214.298] CloseHandle (hObject=0x10d4) returned 1 [0214.299] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lef9NVBNY3Gqm5dX.exe", dwFileAttributes=0x20) returned 1 [0214.299] CloseHandle (hObject=0x4e4f554) returned 0 [0214.299] GetCurrentThreadId () returned 0x6f8 [0214.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x464fff0, dwHighDateTime=0x1d6076d)) [0214.299] GetCurrentThreadId () returned 0x6f8 [0214.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x464fff0, dwHighDateTime=0x1d6076d)) [0214.299] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14572e40, ftCreationTime.dwHighDateTime=0x1d5de52, ftLastAccessTime.dwLowDateTime=0x540f04f0, ftLastAccessTime.dwHighDateTime=0x1d5dbbd, ftLastWriteTime.dwLowDateTime=0x540f04f0, ftLastWriteTime.dwHighDateTime=0x1d5dbbd, nFileSizeHigh=0x0, nFileSizeLow=0x9d8c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MpNQfZpBM1FrUpL8Srd.swf", cAlternateFileName="MPNQFZ~1.SWF")) returned 1 [0214.299] GetCurrentThreadId () returned 0x6f8 [0214.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x464fff0, dwHighDateTime=0x1d6076d)) [0214.299] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d578390, ftCreationTime.dwHighDateTime=0x1d5e19b, ftLastAccessTime.dwLowDateTime=0xd2683720, ftLastAccessTime.dwHighDateTime=0x1d5df84, ftLastWriteTime.dwLowDateTime=0xd2683720, ftLastWriteTime.dwHighDateTime=0x1d5df84, nFileSizeHigh=0x0, nFileSizeLow=0xb3a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="NJF5kV5.png", cAlternateFileName="")) returned 1 [0214.300] GetCurrentThreadId () returned 0x6f8 [0214.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x464fff0, dwHighDateTime=0x1d6076d)) [0214.300] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NJF5kV5.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\njf5kv5.png")) returned 0x20 [0214.300] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NJF5kV5.png", dwFileAttributes=0x80) returned 1 [0214.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NJF5kV5.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\njf5kv5.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.300] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3a7 [0214.305] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xb3a7, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xb3a7, lpOverlapped=0x0) returned 1 [0214.306] GetCurrentThreadId () returned 0x6f8 [0214.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x464fff0, dwHighDateTime=0x1d6076d)) [0214.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x464fff0, dwHighDateTime=0x1d6076d)) [0214.306] GetCurrentThreadId () returned 0x6f8 [0214.306] CloseHandle (hObject=0x10d4) returned 1 [0214.306] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NJF5kV5.png", dwFileAttributes=0x20) returned 1 [0214.307] GetCurrentThreadId () returned 0x6f8 [0214.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x464fff0, dwHighDateTime=0x1d6076d)) [0214.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x464fff0, dwHighDateTime=0x1d6076d)) [0214.307] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NJF5kV5.png", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NJF5kV5.png", piIcon=0x4e4f238) returned 0x15014d [0214.312] GetIconInfo (in: hIcon=0x15014d, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0214.312] CreateFileW (lpFileName="QQoM.ico" (normalized: "c:\\windows\\system32\\qqom.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.312] GetObjectA (in: h=0xc60501fe, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0214.312] GetObjectA (in: h=0x81050771, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0214.312] CreateCompatibleDC (hdc=0x0) returned 0xd301076f [0214.312] GetDIBits (in: hdc=0xd301076f, hbm=0xc60501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0214.313] GetDIBits (in: hdc=0xd301076f, hbm=0xc60501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0214.313] GetDIBits (in: hdc=0xd301076f, hbm=0xc60501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0214.313] GetDIBits (in: hdc=0xd301076f, hbm=0x81050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0214.313] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0214.314] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0214.314] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0214.314] WriteFile (in: hFile=0x10e0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0214.314] WriteFile (in: hFile=0x10e0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0214.314] DeleteDC (hdc=0xd301076f) returned 1 [0214.314] CloseHandle (hObject=0x10e0) returned 1 [0214.315] DeleteObject (ho=0xc60501fe) returned 1 [0214.315] DeleteObject (ho=0x81050771) returned 1 [0214.315] DestroyCursor (hCursor=0x15014d) returned 1 [0214.315] GetCurrentThreadId () returned 0x6f8 [0214.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NJF5kV5.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\njf5kv5.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.315] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3a7 [0214.319] ReadFile (in: hFile=0x10e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xb3a7, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xb3a7, lpOverlapped=0x0) returned 1 [0214.320] CloseHandle (hObject=0x10e0) returned 1 [0214.320] GetCurrentThreadId () returned 0x6f8 [0214.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4676150, dwHighDateTime=0x1d6076d)) [0214.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4676150, dwHighDateTime=0x1d6076d)) [0214.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x4676150, dwHighDateTime=0x1d6076d)) [0214.385] GetCurrentThreadId () returned 0x6f8 [0214.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x470e6d0, dwHighDateTime=0x1d6076d)) [0214.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x470e6d0, dwHighDateTime=0x1d6076d)) [0214.385] GetCurrentThreadId () returned 0x6f8 [0214.385] CreateFileW (lpFileName="WwAI.exe" (normalized: "c:\\windows\\system32\\wwai.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.386] CreateFileW (lpFileName="WwAI.exe" (normalized: "c:\\windows\\system32\\wwai.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.386] GetCurrentThreadId () returned 0x6f8 [0214.386] GetCurrentThreadId () returned 0x6f8 [0214.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x470e6d0, dwHighDateTime=0x1d6076d)) [0214.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x470e6d0, dwHighDateTime=0x1d6076d)) [0214.386] CreateFileW (lpFileName="WwAI.exe" (normalized: "c:\\windows\\system32\\wwai.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.386] GetCurrentThreadId () returned 0x6f8 [0214.386] BeginUpdateResourceW (pFileName="WwAI.exe" (normalized: "c:\\windows\\system32\\wwai.exe"), bDeleteExistingResources=0) returned 0x0 [0214.387] CreateFileW (lpFileName="QQoM.ico" (normalized: "c:\\windows\\system32\\qqom.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e0 [0214.387] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0214.387] ReadFile (in: hFile=0x10e0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0214.387] CloseHandle (hObject=0x10e0) returned 1 [0214.387] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0214.387] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0214.387] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0214.387] CopyFileW (lpExistingFileName="WwAI.exe" (normalized: "c:\\windows\\system32\\wwai.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NJF5kV5.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\njf5kv5.png.exe"), bFailIfExists=0) returned 0 [0214.388] SetNamedSecurityInfoW () returned 0x2 [0214.388] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NJF5kV5.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\njf5kv5.png")) returned 1 [0214.390] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x62, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x62, lpOverlapped=0x0) returned 1 [0214.391] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0214.391] DeleteFileW (lpFileName="QQoM.ico" (normalized: "c:\\windows\\system32\\qqom.ico")) returned 1 [0214.392] DeleteFileW (lpFileName="WwAI.exe" (normalized: "c:\\windows\\system32\\wwai.exe")) returned 0 [0214.392] GetCurrentThreadId () returned 0x6f8 [0214.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x4734830, dwHighDateTime=0x1d6076d)) [0214.392] GetCurrentThreadId () returned 0x6f8 [0214.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4734830, dwHighDateTime=0x1d6076d)) [0214.392] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a4fd730, ftCreationTime.dwHighDateTime=0x1d5da20, ftLastAccessTime.dwLowDateTime=0xc55830b0, ftLastAccessTime.dwHighDateTime=0x1d5df95, ftLastWriteTime.dwLowDateTime=0xc55830b0, ftLastWriteTime.dwHighDateTime=0x1d5df95, nFileSizeHigh=0x0, nFileSizeLow=0x12726, dwReserved0=0x0, dwReserved1=0x0, cFileName="O9Mg5g.png", cAlternateFileName="")) returned 1 [0214.392] GetCurrentThreadId () returned 0x6f8 [0214.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x4734830, dwHighDateTime=0x1d6076d)) [0214.392] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\O9Mg5g.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o9mg5g.png")) returned 0x20 [0214.392] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\O9Mg5g.png", dwFileAttributes=0x80) returned 1 [0214.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\O9Mg5g.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o9mg5g.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.393] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12726 [0214.398] ReadFile (in: hFile=0x10e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x12726, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x12726, lpOverlapped=0x0) returned 1 [0214.399] GetCurrentThreadId () returned 0x6f8 [0214.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4734830, dwHighDateTime=0x1d6076d)) [0214.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4734830, dwHighDateTime=0x1d6076d)) [0214.399] GetCurrentThreadId () returned 0x6f8 [0214.399] CloseHandle (hObject=0x10e0) returned 1 [0214.399] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\O9Mg5g.png", dwFileAttributes=0x20) returned 1 [0214.400] GetCurrentThreadId () returned 0x6f8 [0214.400] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x4734830, dwHighDateTime=0x1d6076d)) [0214.400] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x4734830, dwHighDateTime=0x1d6076d)) [0214.400] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\O9Mg5g.png", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\O9Mg5g.png", piIcon=0x4e4f238) returned 0x16014d [0214.405] GetIconInfo (in: hIcon=0x16014d, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0214.408] CreateFileW (lpFileName="GuME.ico" (normalized: "c:\\windows\\system32\\gume.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.409] GetObjectA (in: h=0xff0501ca, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0214.409] GetObjectA (in: h=0x97050770, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0214.409] CreateCompatibleDC (hdc=0x0) returned 0xb1010776 [0214.409] GetDIBits (in: hdc=0xb1010776, hbm=0xff0501ca, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0214.409] GetDIBits (in: hdc=0xb1010776, hbm=0xff0501ca, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0214.409] GetDIBits (in: hdc=0xb1010776, hbm=0xff0501ca, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0214.409] GetDIBits (in: hdc=0xb1010776, hbm=0x97050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0214.410] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0214.411] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0214.411] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0214.411] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0214.411] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0214.411] DeleteDC (hdc=0xb1010776) returned 1 [0214.411] CloseHandle (hObject=0x10d4) returned 1 [0214.412] DeleteObject (ho=0xff0501ca) returned 1 [0214.412] DeleteObject (ho=0x97050770) returned 1 [0214.412] DestroyCursor (hCursor=0x16014d) returned 1 [0214.412] GetCurrentThreadId () returned 0x6f8 [0214.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\O9Mg5g.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o9mg5g.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.412] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12726 [0214.416] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x12726, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x12726, lpOverlapped=0x0) returned 1 [0214.417] CloseHandle (hObject=0x10d4) returned 1 [0214.417] GetCurrentThreadId () returned 0x6f8 [0214.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x475a990, dwHighDateTime=0x1d6076d)) [0214.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x475a990, dwHighDateTime=0x1d6076d)) [0214.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x475a990, dwHighDateTime=0x1d6076d)) [0214.482] GetCurrentThreadId () returned 0x6f8 [0214.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x47f2f10, dwHighDateTime=0x1d6076d)) [0214.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x47f2f10, dwHighDateTime=0x1d6076d)) [0214.482] GetCurrentThreadId () returned 0x6f8 [0214.482] CreateFileW (lpFileName="cIIk.exe" (normalized: "c:\\windows\\system32\\ciik.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.483] CreateFileW (lpFileName="cIIk.exe" (normalized: "c:\\windows\\system32\\ciik.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.483] GetCurrentThreadId () returned 0x6f8 [0214.483] GetCurrentThreadId () returned 0x6f8 [0214.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x47f2f10, dwHighDateTime=0x1d6076d)) [0214.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x47f2f10, dwHighDateTime=0x1d6076d)) [0214.483] CreateFileW (lpFileName="cIIk.exe" (normalized: "c:\\windows\\system32\\ciik.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.483] GetCurrentThreadId () returned 0x6f8 [0214.483] BeginUpdateResourceW (pFileName="cIIk.exe" (normalized: "c:\\windows\\system32\\ciik.exe"), bDeleteExistingResources=0) returned 0x0 [0214.483] CreateFileW (lpFileName="GuME.ico" (normalized: "c:\\windows\\system32\\gume.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0214.483] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0214.484] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0214.484] CloseHandle (hObject=0x10d4) returned 1 [0214.484] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0214.484] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0214.484] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0214.484] CopyFileW (lpExistingFileName="cIIk.exe" (normalized: "c:\\windows\\system32\\ciik.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\O9Mg5g.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o9mg5g.png.exe"), bFailIfExists=0) returned 0 [0214.484] SetNamedSecurityInfoW () returned 0x2 [0214.484] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\O9Mg5g.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o9mg5g.png")) returned 1 [0214.488] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x60, lpOverlapped=0x0) returned 1 [0214.488] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0214.488] DeleteFileW (lpFileName="GuME.ico" (normalized: "c:\\windows\\system32\\gume.ico")) returned 1 [0214.489] DeleteFileW (lpFileName="cIIk.exe" (normalized: "c:\\windows\\system32\\ciik.exe")) returned 0 [0214.490] GetCurrentThreadId () returned 0x6f8 [0214.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x4819070, dwHighDateTime=0x1d6076d)) [0214.490] GetCurrentThreadId () returned 0x6f8 [0214.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4819070, dwHighDateTime=0x1d6076d)) [0214.490] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef01b0c0, ftCreationTime.dwHighDateTime=0x1d5d8c5, ftLastAccessTime.dwLowDateTime=0x790f8d80, ftLastAccessTime.dwHighDateTime=0x1d5d8aa, ftLastWriteTime.dwLowDateTime=0x790f8d80, ftLastWriteTime.dwHighDateTime=0x1d5d8aa, nFileSizeHigh=0x0, nFileSizeLow=0x118c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="pVsiR.bmp", cAlternateFileName="")) returned 1 [0214.490] GetCurrentThreadId () returned 0x6f8 [0214.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x4819070, dwHighDateTime=0x1d6076d)) [0214.490] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pVsiR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pvsir.bmp")) returned 0x20 [0214.490] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pVsiR.bmp", dwFileAttributes=0x80) returned 1 [0214.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pVsiR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pvsir.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.491] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x118c7 [0214.495] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x118c7, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x118c7, lpOverlapped=0x0) returned 1 [0214.496] GetCurrentThreadId () returned 0x6f8 [0214.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4819070, dwHighDateTime=0x1d6076d)) [0214.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4819070, dwHighDateTime=0x1d6076d)) [0214.496] GetCurrentThreadId () returned 0x6f8 [0214.497] CloseHandle (hObject=0x10d4) returned 1 [0214.497] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pVsiR.bmp", dwFileAttributes=0x20) returned 1 [0214.500] GetCurrentThreadId () returned 0x6f8 [0214.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x483f1d0, dwHighDateTime=0x1d6076d)) [0214.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x483f1d0, dwHighDateTime=0x1d6076d)) [0214.500] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pVsiR.bmp", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pVsiR.bmp", piIcon=0x4e4f238) returned 0x17014d [0214.505] GetIconInfo (in: hIcon=0x17014d, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0214.505] CreateFileW (lpFileName="OMgY.ico" (normalized: "c:\\windows\\system32\\omgy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.506] GetObjectA (in: h=0xcb0501fe, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0214.506] GetObjectA (in: h=0xd805076f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0214.506] CreateCompatibleDC (hdc=0x0) returned 0x8c0101fa [0214.506] GetDIBits (in: hdc=0x8c0101fa, hbm=0xcb0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0214.506] GetDIBits (in: hdc=0x8c0101fa, hbm=0xcb0501fe, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0214.506] GetDIBits (in: hdc=0x8c0101fa, hbm=0xcb0501fe, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0214.506] GetDIBits (in: hdc=0x8c0101fa, hbm=0xd805076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0214.506] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0214.507] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0214.507] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0214.507] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0214.508] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0214.508] DeleteDC (hdc=0x8c0101fa) returned 1 [0214.508] CloseHandle (hObject=0x10d4) returned 1 [0214.512] DeleteObject (ho=0xcb0501fe) returned 1 [0214.512] DeleteObject (ho=0xd805076f) returned 1 [0214.512] DestroyCursor (hCursor=0x17014d) returned 1 [0214.512] GetCurrentThreadId () returned 0x6f8 [0214.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pVsiR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pvsir.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.512] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x118c7 [0214.517] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x118c7, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x118c7, lpOverlapped=0x0) returned 1 [0214.518] CloseHandle (hObject=0x10d4) returned 1 [0214.518] GetCurrentThreadId () returned 0x6f8 [0214.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4865330, dwHighDateTime=0x1d6076d)) [0214.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4865330, dwHighDateTime=0x1d6076d)) [0214.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x4865330, dwHighDateTime=0x1d6076d)) [0214.611] GetCurrentThreadId () returned 0x6f8 [0214.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4949b70, dwHighDateTime=0x1d6076d)) [0214.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4949b70, dwHighDateTime=0x1d6076d)) [0214.611] GetCurrentThreadId () returned 0x6f8 [0214.611] CreateFileW (lpFileName="kwsC.exe" (normalized: "c:\\windows\\system32\\kwsc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.612] CreateFileW (lpFileName="kwsC.exe" (normalized: "c:\\windows\\system32\\kwsc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.612] GetCurrentThreadId () returned 0x6f8 [0214.612] GetCurrentThreadId () returned 0x6f8 [0214.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4949b70, dwHighDateTime=0x1d6076d)) [0214.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4949b70, dwHighDateTime=0x1d6076d)) [0214.612] CreateFileW (lpFileName="kwsC.exe" (normalized: "c:\\windows\\system32\\kwsc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.613] GetCurrentThreadId () returned 0x6f8 [0214.613] BeginUpdateResourceW (pFileName="kwsC.exe" (normalized: "c:\\windows\\system32\\kwsc.exe"), bDeleteExistingResources=0) returned 0x0 [0214.613] CreateFileW (lpFileName="OMgY.ico" (normalized: "c:\\windows\\system32\\omgy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0214.613] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0214.613] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0214.613] CloseHandle (hObject=0x10d4) returned 1 [0214.613] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0214.613] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0214.614] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0214.614] CopyFileW (lpExistingFileName="kwsC.exe" (normalized: "c:\\windows\\system32\\kwsc.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pVsiR.bmp.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pvsir.bmp.exe"), bFailIfExists=0) returned 0 [0214.614] SetNamedSecurityInfoW () returned 0x2 [0214.614] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pVsiR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pvsir.bmp")) returned 1 [0214.617] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x5e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x5e, lpOverlapped=0x0) returned 1 [0214.617] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0214.617] DeleteFileW (lpFileName="OMgY.ico" (normalized: "c:\\windows\\system32\\omgy.ico")) returned 1 [0214.618] DeleteFileW (lpFileName="kwsC.exe" (normalized: "c:\\windows\\system32\\kwsc.exe")) returned 0 [0214.618] GetCurrentThreadId () returned 0x6f8 [0214.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x4949b70, dwHighDateTime=0x1d6076d)) [0214.618] GetCurrentThreadId () returned 0x6f8 [0214.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4949b70, dwHighDateTime=0x1d6076d)) [0214.618] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6acdb9e0, ftCreationTime.dwHighDateTime=0x1d5dd05, ftLastAccessTime.dwLowDateTime=0xf9680ca0, ftLastAccessTime.dwHighDateTime=0x1d5e7aa, ftLastWriteTime.dwLowDateTime=0xf9680ca0, ftLastWriteTime.dwHighDateTime=0x1d5e7aa, nFileSizeHigh=0x0, nFileSizeLow=0x14d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="QJcq9GpDqe4-VG.mp3", cAlternateFileName="QJCQ9G~1.MP3")) returned 1 [0214.619] GetCurrentThreadId () returned 0x6f8 [0214.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x4949b70, dwHighDateTime=0x1d6076d)) [0214.619] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QJcq9GpDqe4-VG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qjcq9gpdqe4-vg.mp3")) returned 0x20 [0214.619] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QJcq9GpDqe4-VG.mp3", dwFileAttributes=0x80) returned 1 [0214.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QJcq9GpDqe4-VG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qjcq9gpdqe4-vg.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0214.620] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14d69 [0214.624] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x14d69, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x14d69, lpOverlapped=0x0) returned 1 [0214.626] GetCurrentThreadId () returned 0x6f8 [0214.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x496fcd0, dwHighDateTime=0x1d6076d)) [0214.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x496fcd0, dwHighDateTime=0x1d6076d)) [0214.626] GetCurrentThreadId () returned 0x6f8 [0214.626] CloseHandle (hObject=0x10d4) returned 1 [0214.626] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QJcq9GpDqe4-VG.mp3", dwFileAttributes=0x20) returned 1 [0214.627] GetCurrentThreadId () returned 0x6f8 [0214.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x496fcd0, dwHighDateTime=0x1d6076d)) [0214.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x496fcd0, dwHighDateTime=0x1d6076d)) [0214.627] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QJcq9GpDqe4-VG.mp3", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QJcq9GpDqe4-VG.mp3", piIcon=0x4e4f238) returned 0x18014d [0214.634] GetIconInfo (in: hIcon=0x18014d, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0214.634] CreateFileW (lpFileName="esIw.ico" (normalized: "c:\\windows\\system32\\esiw.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.634] GetObjectA (in: h=0x9a050770, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0214.634] GetObjectA (in: h=0x40501ca, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0214.634] CreateCompatibleDC (hdc=0x0) returned 0xb201016f [0214.634] GetDIBits (in: hdc=0xb201016f, hbm=0x9a050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0214.634] GetDIBits (in: hdc=0xb201016f, hbm=0x9a050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0214.634] GetDIBits (in: hdc=0xb201016f, hbm=0x9a050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0214.635] GetDIBits (in: hdc=0xb201016f, hbm=0x40501ca, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0214.635] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0214.636] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0214.636] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0214.636] WriteFile (in: hFile=0x10e0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0214.636] WriteFile (in: hFile=0x10e0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0214.636] DeleteDC (hdc=0xb201016f) returned 1 [0214.636] CloseHandle (hObject=0x10e0) returned 1 [0214.637] DeleteObject (ho=0x9a050770) returned 1 [0214.637] DeleteObject (ho=0x40501ca) returned 1 [0214.637] DestroyCursor (hCursor=0x18014d) returned 1 [0214.637] GetCurrentThreadId () returned 0x6f8 [0214.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QJcq9GpDqe4-VG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qjcq9gpdqe4-vg.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.637] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14d69 [0214.642] ReadFile (in: hFile=0x10e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x14d69, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x14d69, lpOverlapped=0x0) returned 1 [0214.642] CloseHandle (hObject=0x10e0) returned 1 [0214.642] GetCurrentThreadId () returned 0x6f8 [0214.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4995e30, dwHighDateTime=0x1d6076d)) [0214.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4995e30, dwHighDateTime=0x1d6076d)) [0214.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x4995e30, dwHighDateTime=0x1d6076d)) [0214.810] GetCurrentThreadId () returned 0x6f8 [0214.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4b12bf0, dwHighDateTime=0x1d6076d)) [0214.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4b12bf0, dwHighDateTime=0x1d6076d)) [0214.810] GetCurrentThreadId () returned 0x6f8 [0214.810] CreateFileW (lpFileName="yowi.exe" (normalized: "c:\\windows\\system32\\yowi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.811] CreateFileW (lpFileName="yowi.exe" (normalized: "c:\\windows\\system32\\yowi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.813] GetCurrentThreadId () returned 0x6f8 [0214.813] GetCurrentThreadId () returned 0x6f8 [0214.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4b38d50, dwHighDateTime=0x1d6076d)) [0214.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4b38d50, dwHighDateTime=0x1d6076d)) [0214.814] CreateFileW (lpFileName="yowi.exe" (normalized: "c:\\windows\\system32\\yowi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.814] GetCurrentThreadId () returned 0x6f8 [0214.814] BeginUpdateResourceW (pFileName="yowi.exe" (normalized: "c:\\windows\\system32\\yowi.exe"), bDeleteExistingResources=0) returned 0x0 [0214.814] CreateFileW (lpFileName="esIw.ico" (normalized: "c:\\windows\\system32\\esiw.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e0 [0214.814] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0214.814] ReadFile (in: hFile=0x10e0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0214.814] CloseHandle (hObject=0x10e0) returned 1 [0214.815] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0214.815] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0214.815] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0214.815] CopyFileW (lpExistingFileName="yowi.exe" (normalized: "c:\\windows\\system32\\yowi.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QJcq9GpDqe4-VG.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qjcq9gpdqe4-vg.mp3.exe"), bFailIfExists=0) returned 0 [0214.815] SetNamedSecurityInfoW () returned 0x2 [0214.815] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QJcq9GpDqe4-VG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qjcq9gpdqe4-vg.mp3")) returned 1 [0214.817] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x70, lpOverlapped=0x0) returned 1 [0214.817] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0214.817] DeleteFileW (lpFileName="esIw.ico" (normalized: "c:\\windows\\system32\\esiw.ico")) returned 1 [0214.818] DeleteFileW (lpFileName="yowi.exe" (normalized: "c:\\windows\\system32\\yowi.exe")) returned 0 [0214.818] GetCurrentThreadId () returned 0x6f8 [0214.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x4b38d50, dwHighDateTime=0x1d6076d)) [0214.818] GetCurrentThreadId () returned 0x6f8 [0214.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4b38d50, dwHighDateTime=0x1d6076d)) [0214.818] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb63bcb0, ftCreationTime.dwHighDateTime=0x1d5e5d5, ftLastAccessTime.dwLowDateTime=0x79f79110, ftLastAccessTime.dwHighDateTime=0x1d5d83d, ftLastWriteTime.dwLowDateTime=0x79f79110, ftLastWriteTime.dwHighDateTime=0x1d5d83d, nFileSizeHigh=0x0, nFileSizeLow=0x7e8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="qm6pwnSlzaybvZ1vQHM.xls", cAlternateFileName="QM6PWN~1.XLS")) returned 1 [0214.819] GetCurrentThreadId () returned 0x6f8 [0214.819] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x4b38d50, dwHighDateTime=0x1d6076d)) [0214.819] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qm6pwnSlzaybvZ1vQHM.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qm6pwnslzaybvz1vqhm.xls")) returned 0x20 [0214.819] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qm6pwnSlzaybvZ1vQHM.xls", dwFileAttributes=0x80) returned 1 [0214.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qm6pwnSlzaybvZ1vQHM.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qm6pwnslzaybvz1vqhm.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.819] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7e8a [0214.824] ReadFile (in: hFile=0x10e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x7e8a, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x7e8a, lpOverlapped=0x0) returned 1 [0214.825] GetCurrentThreadId () returned 0x6f8 [0214.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4b38d50, dwHighDateTime=0x1d6076d)) [0214.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4b38d50, dwHighDateTime=0x1d6076d)) [0214.825] GetCurrentThreadId () returned 0x6f8 [0214.826] CloseHandle (hObject=0x10e0) returned 1 [0214.826] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qm6pwnSlzaybvZ1vQHM.xls", dwFileAttributes=0x20) returned 1 [0214.826] GetCurrentThreadId () returned 0x6f8 [0214.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x4b38d50, dwHighDateTime=0x1d6076d)) [0214.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x4b38d50, dwHighDateTime=0x1d6076d)) [0214.826] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qm6pwnSlzaybvZ1vQHM.xls", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qm6pwnSlzaybvZ1vQHM.xls", piIcon=0x4e4f238) returned 0x1a014d [0214.841] GetIconInfo (in: hIcon=0x1a014d, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0214.841] CreateFileW (lpFileName="YmAA.ico" (normalized: "c:\\windows\\system32\\ymaa.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.842] GetObjectA (in: h=0x910501fa, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0214.842] GetObjectA (in: h=0x8c050771, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0214.842] CreateCompatibleDC (hdc=0x0) returned 0xd10101fe [0214.842] GetDIBits (in: hdc=0xd10101fe, hbm=0x910501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0214.842] GetDIBits (in: hdc=0xd10101fe, hbm=0x910501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0214.842] GetDIBits (in: hdc=0xd10101fe, hbm=0x910501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0214.843] GetDIBits (in: hdc=0xd10101fe, hbm=0x8c050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0214.843] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0214.844] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0214.844] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0214.844] WriteFile (in: hFile=0x10e0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0214.844] WriteFile (in: hFile=0x10e0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0214.844] DeleteDC (hdc=0xd10101fe) returned 1 [0214.844] CloseHandle (hObject=0x10e0) returned 1 [0214.849] DeleteObject (ho=0x910501fa) returned 1 [0214.849] DeleteObject (ho=0x8c050771) returned 1 [0214.849] DestroyCursor (hCursor=0x1a014d) returned 1 [0214.849] GetCurrentThreadId () returned 0x6f8 [0214.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qm6pwnSlzaybvZ1vQHM.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qm6pwnslzaybvz1vqhm.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.849] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7e8a [0214.854] ReadFile (in: hFile=0x10e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x7e8a, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x7e8a, lpOverlapped=0x0) returned 1 [0214.854] CloseHandle (hObject=0x10e0) returned 1 [0214.855] GetCurrentThreadId () returned 0x6f8 [0214.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4b85010, dwHighDateTime=0x1d6076d)) [0214.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4b85010, dwHighDateTime=0x1d6076d)) [0214.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x4b85010, dwHighDateTime=0x1d6076d)) [0214.932] GetCurrentThreadId () returned 0x6f8 [0214.932] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4c436f0, dwHighDateTime=0x1d6076d)) [0214.932] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4c436f0, dwHighDateTime=0x1d6076d)) [0214.932] GetCurrentThreadId () returned 0x6f8 [0214.932] CreateFileW (lpFileName="yAgm.exe" (normalized: "c:\\windows\\system32\\yagm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.933] CreateFileW (lpFileName="yAgm.exe" (normalized: "c:\\windows\\system32\\yagm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.933] GetCurrentThreadId () returned 0x6f8 [0214.933] GetCurrentThreadId () returned 0x6f8 [0214.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4c436f0, dwHighDateTime=0x1d6076d)) [0214.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4c436f0, dwHighDateTime=0x1d6076d)) [0214.933] CreateFileW (lpFileName="yAgm.exe" (normalized: "c:\\windows\\system32\\yagm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0214.933] GetCurrentThreadId () returned 0x6f8 [0214.933] BeginUpdateResourceW (pFileName="yAgm.exe" (normalized: "c:\\windows\\system32\\yagm.exe"), bDeleteExistingResources=0) returned 0x0 [0214.933] CreateFileW (lpFileName="YmAA.ico" (normalized: "c:\\windows\\system32\\ymaa.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e0 [0214.934] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0214.934] ReadFile (in: hFile=0x10e0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0214.934] CloseHandle (hObject=0x10e0) returned 1 [0214.934] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0214.934] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0214.934] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0214.934] CopyFileW (lpExistingFileName="yAgm.exe" (normalized: "c:\\windows\\system32\\yagm.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qm6pwnSlzaybvZ1vQHM.xls.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qm6pwnslzaybvz1vqhm.xls.exe"), bFailIfExists=0) returned 0 [0214.935] SetNamedSecurityInfoW () returned 0x2 [0214.935] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qm6pwnSlzaybvZ1vQHM.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qm6pwnslzaybvz1vqhm.xls")) returned 1 [0214.938] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7a, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x7a, lpOverlapped=0x0) returned 1 [0214.938] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0214.938] DeleteFileW (lpFileName="YmAA.ico" (normalized: "c:\\windows\\system32\\ymaa.ico")) returned 1 [0214.940] DeleteFileW (lpFileName="yAgm.exe" (normalized: "c:\\windows\\system32\\yagm.exe")) returned 0 [0214.940] GetCurrentThreadId () returned 0x6f8 [0214.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x4c69850, dwHighDateTime=0x1d6076d)) [0214.940] GetCurrentThreadId () returned 0x6f8 [0214.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4c69850, dwHighDateTime=0x1d6076d)) [0214.940] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x869f5190, ftCreationTime.dwHighDateTime=0x1d5de47, ftLastAccessTime.dwLowDateTime=0x8907f5c0, ftLastAccessTime.dwHighDateTime=0x1d5e27c, ftLastWriteTime.dwLowDateTime=0x8907f5c0, ftLastWriteTime.dwHighDateTime=0x1d5e27c, nFileSizeHigh=0x0, nFileSizeLow=0xaef0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rpbpm-of9LEXhud.swf", cAlternateFileName="RPBPM-~1.SWF")) returned 1 [0214.940] GetCurrentThreadId () returned 0x6f8 [0214.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4c69850, dwHighDateTime=0x1d6076d)) [0214.940] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4813a370, ftCreationTime.dwHighDateTime=0x1d5db79, ftLastAccessTime.dwLowDateTime=0xf5c3c9b0, ftLastAccessTime.dwHighDateTime=0x1d5e2fd, ftLastWriteTime.dwLowDateTime=0xf5c3c9b0, ftLastWriteTime.dwHighDateTime=0x1d5e2fd, nFileSizeHigh=0x0, nFileSizeLow=0x17fdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="s7gIH4.xls", cAlternateFileName="")) returned 1 [0214.940] GetCurrentThreadId () returned 0x6f8 [0214.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x4c69850, dwHighDateTime=0x1d6076d)) [0214.941] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s7gIH4.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s7gih4.xls")) returned 0x20 [0214.941] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s7gIH4.xls", dwFileAttributes=0x80) returned 1 [0214.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s7gIH4.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s7gih4.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0214.942] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17fdb [0214.947] ReadFile (in: hFile=0x10e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x17fdb, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x17fdb, lpOverlapped=0x0) returned 1 [0214.948] GetCurrentThreadId () returned 0x6f8 [0214.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4c69850, dwHighDateTime=0x1d6076d)) [0214.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4c69850, dwHighDateTime=0x1d6076d)) [0214.948] GetCurrentThreadId () returned 0x6f8 [0214.949] CloseHandle (hObject=0x10e0) returned 1 [0214.949] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s7gIH4.xls", dwFileAttributes=0x20) returned 1 [0214.950] GetCurrentThreadId () returned 0x6f8 [0214.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x4c69850, dwHighDateTime=0x1d6076d)) [0214.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x4c69850, dwHighDateTime=0x1d6076d)) [0214.950] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s7gIH4.xls", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s7gIH4.xls", piIcon=0x4e4f238) returned 0x1b014d [0214.957] GetIconInfo (in: hIcon=0x1b014d, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0214.957] CreateFileW (lpFileName="eKcQ.ico" (normalized: "c:\\windows\\system32\\ekcq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e4 [0214.960] GetObjectA (in: h=0xbb050776, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0214.960] GetObjectA (in: h=0xe305076f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0214.960] CreateCompatibleDC (hdc=0x0) returned 0xd0101ca [0214.960] GetDIBits (in: hdc=0xd0101ca, hbm=0xbb050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0214.960] GetDIBits (in: hdc=0xd0101ca, hbm=0xbb050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0214.961] GetDIBits (in: hdc=0xd0101ca, hbm=0xbb050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0214.961] GetDIBits (in: hdc=0xd0101ca, hbm=0xe305076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0214.961] WriteFile (in: hFile=0x10e4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0214.962] WriteFile (in: hFile=0x10e4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0214.962] WriteFile (in: hFile=0x10e4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0214.962] WriteFile (in: hFile=0x10e4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0214.963] WriteFile (in: hFile=0x10e4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0214.963] DeleteDC (hdc=0xd0101ca) returned 1 [0214.963] CloseHandle (hObject=0x10e4) returned 1 [0214.963] DeleteObject (ho=0xbb050776) returned 1 [0214.963] DeleteObject (ho=0xe305076f) returned 1 [0214.963] DestroyCursor (hCursor=0x1b014d) returned 1 [0214.963] GetCurrentThreadId () returned 0x6f8 [0214.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s7gIH4.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s7gih4.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e4 [0214.964] GetFileSize (in: hFile=0x10e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17fdb [0214.969] ReadFile (in: hFile=0x10e4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x17fdb, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x17fdb, lpOverlapped=0x0) returned 1 [0214.970] CloseHandle (hObject=0x10e4) returned 1 [0214.970] GetCurrentThreadId () returned 0x6f8 [0214.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4cb5b10, dwHighDateTime=0x1d6076d)) [0214.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4cb5b10, dwHighDateTime=0x1d6076d)) [0214.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x4cb5b10, dwHighDateTime=0x1d6076d)) [0215.104] GetCurrentThreadId () returned 0x6f8 [0215.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4de6610, dwHighDateTime=0x1d6076d)) [0215.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4de6610, dwHighDateTime=0x1d6076d)) [0215.104] GetCurrentThreadId () returned 0x6f8 [0215.104] CreateFileW (lpFileName="CYUY.exe" (normalized: "c:\\windows\\system32\\cyuy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.105] CreateFileW (lpFileName="CYUY.exe" (normalized: "c:\\windows\\system32\\cyuy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.105] GetCurrentThreadId () returned 0x6f8 [0215.105] GetCurrentThreadId () returned 0x6f8 [0215.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4de6610, dwHighDateTime=0x1d6076d)) [0215.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4de6610, dwHighDateTime=0x1d6076d)) [0215.105] CreateFileW (lpFileName="CYUY.exe" (normalized: "c:\\windows\\system32\\cyuy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.106] GetCurrentThreadId () returned 0x6f8 [0215.106] BeginUpdateResourceW (pFileName="CYUY.exe" (normalized: "c:\\windows\\system32\\cyuy.exe"), bDeleteExistingResources=0) returned 0x0 [0215.106] CreateFileW (lpFileName="eKcQ.ico" (normalized: "c:\\windows\\system32\\ekcq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e4 [0215.106] GetFileSize (in: hFile=0x10e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0215.106] ReadFile (in: hFile=0x10e4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0215.106] CloseHandle (hObject=0x10e4) returned 1 [0215.106] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0215.107] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0215.107] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0215.107] CopyFileW (lpExistingFileName="CYUY.exe" (normalized: "c:\\windows\\system32\\cyuy.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s7gIH4.xls.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s7gih4.xls.exe"), bFailIfExists=0) returned 0 [0215.107] SetNamedSecurityInfoW () returned 0x2 [0215.107] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s7gIH4.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s7gih4.xls")) returned 1 [0215.111] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x60, lpOverlapped=0x0) returned 1 [0215.112] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0215.112] DeleteFileW (lpFileName="eKcQ.ico" (normalized: "c:\\windows\\system32\\ekcq.ico")) returned 1 [0215.113] DeleteFileW (lpFileName="CYUY.exe" (normalized: "c:\\windows\\system32\\cyuy.exe")) returned 0 [0215.113] GetCurrentThreadId () returned 0x6f8 [0215.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.113] GetCurrentThreadId () returned 0x6f8 [0215.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.113] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x178daa10, ftCreationTime.dwHighDateTime=0x1d5e606, ftLastAccessTime.dwLowDateTime=0x4297cc00, ftLastAccessTime.dwHighDateTime=0x1d5e12d, ftLastWriteTime.dwLowDateTime=0x4297cc00, ftLastWriteTime.dwHighDateTime=0x1d5e12d, nFileSizeHigh=0x0, nFileSizeLow=0x98f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="TeCOHlb0VO.rtf", cAlternateFileName="TECOHL~1.RTF")) returned 1 [0215.113] GetCurrentThreadId () returned 0x6f8 [0215.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.113] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29228860, ftCreationTime.dwHighDateTime=0x1d5e1ef, ftLastAccessTime.dwLowDateTime=0x6f410c50, ftLastAccessTime.dwHighDateTime=0x1d5e586, ftLastWriteTime.dwLowDateTime=0x6f410c50, ftLastWriteTime.dwHighDateTime=0x1d5e586, nFileSizeHigh=0x0, nFileSizeLow=0x8879, dwReserved0=0x0, dwReserved1=0x0, cFileName="trt0yxdNkG.avi", cAlternateFileName="TRT0YX~1.AVI")) returned 1 [0215.114] GetCurrentThreadId () returned 0x6f8 [0215.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.114] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b5459e0, ftCreationTime.dwHighDateTime=0x1d5e715, ftLastAccessTime.dwLowDateTime=0xe2e282b0, ftLastAccessTime.dwHighDateTime=0x1d5dda7, ftLastWriteTime.dwLowDateTime=0xe2e282b0, ftLastWriteTime.dwHighDateTime=0x1d5dda7, nFileSizeHigh=0x0, nFileSizeLow=0x5b04, dwReserved0=0x0, dwReserved1=0x0, cFileName="uZfMGV4TAhy.pps", cAlternateFileName="UZFMGV~1.PPS")) returned 1 [0215.114] GetCurrentThreadId () returned 0x6f8 [0215.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.114] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9c88800, ftCreationTime.dwHighDateTime=0x1d5de9c, ftLastAccessTime.dwLowDateTime=0x1d30bb20, ftLastAccessTime.dwHighDateTime=0x1d5dbc9, ftLastWriteTime.dwLowDateTime=0x1d30bb20, ftLastWriteTime.dwHighDateTime=0x1d5dbc9, nFileSizeHigh=0x0, nFileSizeLow=0x18c36, dwReserved0=0x0, dwReserved1=0x0, cFileName="vEpnkbcxsB4EeH.mp4", cAlternateFileName="VEPNKB~1.MP4")) returned 1 [0215.114] GetCurrentThreadId () returned 0x6f8 [0215.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.114] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc2875f0, ftCreationTime.dwHighDateTime=0x1d5e173, ftLastAccessTime.dwLowDateTime=0xa174a980, ftLastAccessTime.dwHighDateTime=0x1d5e78d, ftLastWriteTime.dwLowDateTime=0xa174a980, ftLastWriteTime.dwHighDateTime=0x1d5e78d, nFileSizeHigh=0x0, nFileSizeLow=0x14c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="vqc0QrajQ9aopXCURut.avi", cAlternateFileName="VQC0QR~1.AVI")) returned 1 [0215.114] GetCurrentThreadId () returned 0x6f8 [0215.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.114] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4892660, ftCreationTime.dwHighDateTime=0x1d5e350, ftLastAccessTime.dwLowDateTime=0x3ef1fb30, ftLastAccessTime.dwHighDateTime=0x1d5dd6c, ftLastWriteTime.dwLowDateTime=0x3ef1fb30, ftLastWriteTime.dwHighDateTime=0x1d5dd6c, nFileSizeHigh=0x0, nFileSizeLow=0xe931, dwReserved0=0x0, dwReserved1=0x0, cFileName="vx7KIl8e6gjjL_1mSr.mp3", cAlternateFileName="VX7KIL~1.MP3")) returned 1 [0215.114] GetCurrentThreadId () returned 0x6f8 [0215.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.114] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vx7KIl8e6gjjL_1mSr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vx7kil8e6gjjl_1msr.mp3")) returned 0x20 [0215.114] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vx7KIl8e6gjjL_1mSr.mp3", dwFileAttributes=0x80) returned 1 [0215.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vx7KIl8e6gjjL_1mSr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vx7kil8e6gjjl_1msr.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e4 [0215.115] GetFileSize (in: hFile=0x10e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe931 [0215.120] ReadFile (in: hFile=0x10e4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xe931, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xe931, lpOverlapped=0x0) returned 1 [0215.121] GetCurrentThreadId () returned 0x6f8 [0215.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.121] GetCurrentThreadId () returned 0x6f8 [0215.121] CloseHandle (hObject=0x10e4) returned 1 [0215.121] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vx7KIl8e6gjjL_1mSr.mp3", dwFileAttributes=0x20) returned 1 [0215.121] GetCurrentThreadId () returned 0x6f8 [0215.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.122] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.122] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vx7KIl8e6gjjL_1mSr.mp3", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vx7KIl8e6gjjL_1mSr.mp3", piIcon=0x4e4f238) returned 0xc010f [0215.127] GetIconInfo (in: hIcon=0xc010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0215.127] CreateFileW (lpFileName="WwYs.ico" (normalized: "c:\\windows\\system32\\wwys.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0215.128] GetObjectA (in: h=0x8f050771, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0215.128] GetObjectA (in: h=0x960501fa, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0215.128] CreateCompatibleDC (hdc=0x0) returned 0xa5010770 [0215.128] GetDIBits (in: hdc=0xa5010770, hbm=0x8f050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0215.128] GetDIBits (in: hdc=0xa5010770, hbm=0x8f050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0215.128] GetDIBits (in: hdc=0xa5010770, hbm=0x8f050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0215.128] GetDIBits (in: hdc=0xa5010770, hbm=0x960501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0215.128] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0215.129] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0215.129] WriteFile (in: hFile=0x10e0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0215.129] WriteFile (in: hFile=0x10e0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0215.130] WriteFile (in: hFile=0x10e0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0215.130] DeleteDC (hdc=0xa5010770) returned 1 [0215.130] CloseHandle (hObject=0x10e0) returned 1 [0215.130] DeleteObject (ho=0x8f050771) returned 1 [0215.130] DeleteObject (ho=0x960501fa) returned 1 [0215.130] DestroyCursor (hCursor=0xc010f) returned 1 [0215.130] GetCurrentThreadId () returned 0x6f8 [0215.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vx7KIl8e6gjjL_1mSr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vx7kil8e6gjjl_1msr.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e0 [0215.130] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe931 [0215.135] ReadFile (in: hFile=0x10e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xe931, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xe931, lpOverlapped=0x0) returned 1 [0215.135] CloseHandle (hObject=0x10e0) returned 1 [0215.135] GetCurrentThreadId () returned 0x6f8 [0215.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4e328d0, dwHighDateTime=0x1d6076d)) [0215.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x4e328d0, dwHighDateTime=0x1d6076d)) [0215.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x4e328d0, dwHighDateTime=0x1d6076d)) [0215.238] GetCurrentThreadId () returned 0x6f8 [0215.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.238] GetCurrentThreadId () returned 0x6f8 [0215.238] CreateFileW (lpFileName="ewAm.exe" (normalized: "c:\\windows\\system32\\ewam.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.239] CreateFileW (lpFileName="ewAm.exe" (normalized: "c:\\windows\\system32\\ewam.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.239] GetCurrentThreadId () returned 0x6f8 [0215.239] GetCurrentThreadId () returned 0x6f8 [0215.239] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.239] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.239] CreateFileW (lpFileName="ewAm.exe" (normalized: "c:\\windows\\system32\\ewam.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.239] GetCurrentThreadId () returned 0x6f8 [0215.239] BeginUpdateResourceW (pFileName="ewAm.exe" (normalized: "c:\\windows\\system32\\ewam.exe"), bDeleteExistingResources=0) returned 0x0 [0215.239] CreateFileW (lpFileName="WwYs.ico" (normalized: "c:\\windows\\system32\\wwys.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e0 [0215.240] GetFileSize (in: hFile=0x10e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0215.240] ReadFile (in: hFile=0x10e0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0215.240] CloseHandle (hObject=0x10e0) returned 1 [0215.240] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0215.240] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0215.240] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0215.240] CopyFileW (lpExistingFileName="ewAm.exe" (normalized: "c:\\windows\\system32\\ewam.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vx7KIl8e6gjjL_1mSr.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vx7kil8e6gjjl_1msr.mp3.exe"), bFailIfExists=0) returned 0 [0215.241] SetNamedSecurityInfoW () returned 0x2 [0215.241] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vx7KIl8e6gjjL_1mSr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vx7kil8e6gjjl_1msr.mp3")) returned 1 [0215.242] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x78, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x78, lpOverlapped=0x0) returned 1 [0215.242] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0215.242] DeleteFileW (lpFileName="WwYs.ico" (normalized: "c:\\windows\\system32\\wwys.ico")) returned 1 [0215.244] DeleteFileW (lpFileName="ewAm.exe" (normalized: "c:\\windows\\system32\\ewam.exe")) returned 0 [0215.244] GetCurrentThreadId () returned 0x6f8 [0215.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.244] GetCurrentThreadId () returned 0x6f8 [0215.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.244] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x860950d0, ftCreationTime.dwHighDateTime=0x1d5dd4f, ftLastAccessTime.dwLowDateTime=0x83fd9f40, ftLastAccessTime.dwHighDateTime=0x1d5d952, ftLastWriteTime.dwLowDateTime=0x83fd9f40, ftLastWriteTime.dwHighDateTime=0x1d5d952, nFileSizeHigh=0x0, nFileSizeLow=0x11866, dwReserved0=0x0, dwReserved1=0x0, cFileName="wG88y8tp-.mkv", cAlternateFileName="WG88Y8~1.MKV")) returned 1 [0215.244] GetCurrentThreadId () returned 0x6f8 [0215.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.244] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48aa450, ftCreationTime.dwHighDateTime=0x1d5e781, ftLastAccessTime.dwLowDateTime=0xb077d5a0, ftLastAccessTime.dwHighDateTime=0x1d5dcc1, ftLastWriteTime.dwLowDateTime=0xb077d5a0, ftLastWriteTime.dwHighDateTime=0x1d5dcc1, nFileSizeHigh=0x0, nFileSizeLow=0xba64, dwReserved0=0x0, dwReserved1=0x0, cFileName="x8WnlklswucdSIOR_5In.flv", cAlternateFileName="X8WNLK~1.FLV")) returned 1 [0215.244] GetCurrentThreadId () returned 0x6f8 [0215.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.244] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73129400, ftCreationTime.dwHighDateTime=0x1d5dc41, ftLastAccessTime.dwLowDateTime=0x73271a40, ftLastAccessTime.dwHighDateTime=0x1d5e440, ftLastWriteTime.dwLowDateTime=0x73271a40, ftLastWriteTime.dwHighDateTime=0x1d5e440, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="z0rZGN2v9LG", cAlternateFileName="Z0RZGN~1")) returned 1 [0215.244] GetCurrentThreadId () returned 0x6f8 [0215.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.245] GetCurrentThreadId () returned 0x6f8 [0215.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.245] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\z0rZGN2v9LG\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73129400, ftCreationTime.dwHighDateTime=0x1d5dc41, ftLastAccessTime.dwLowDateTime=0x73271a40, ftLastAccessTime.dwHighDateTime=0x1d5e440, ftLastWriteTime.dwLowDateTime=0x73271a40, ftLastWriteTime.dwHighDateTime=0x1d5e440, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5ff128 [0215.245] GetCurrentThreadId () returned 0x6f8 [0215.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.245] FindNextFileW (in: hFindFile=0x5ff128, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73129400, ftCreationTime.dwHighDateTime=0x1d5dc41, ftLastAccessTime.dwLowDateTime=0x73271a40, ftLastAccessTime.dwHighDateTime=0x1d5e440, ftLastWriteTime.dwLowDateTime=0x73271a40, ftLastWriteTime.dwHighDateTime=0x1d5e440, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0215.245] GetCurrentThreadId () returned 0x6f8 [0215.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.245] FindNextFileW (in: hFindFile=0x5ff128, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc47aa80, ftCreationTime.dwHighDateTime=0x1d5e57b, ftLastAccessTime.dwLowDateTime=0x64ad2db0, ftLastAccessTime.dwHighDateTime=0x1d5dd79, ftLastWriteTime.dwLowDateTime=0x64ad2db0, ftLastWriteTime.dwHighDateTime=0x1d5dd79, nFileSizeHigh=0x0, nFileSizeLow=0xb5a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="ASmqnU1ocXtA9Amp.mkv", cAlternateFileName="ASMQNU~1.MKV")) returned 1 [0215.245] GetCurrentThreadId () returned 0x6f8 [0215.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.245] FindNextFileW (in: hFindFile=0x5ff128, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81944b90, ftCreationTime.dwHighDateTime=0x1d5e2c2, ftLastAccessTime.dwLowDateTime=0xdb970a00, ftLastAccessTime.dwHighDateTime=0x1d5dc79, ftLastWriteTime.dwLowDateTime=0xdb970a00, ftLastWriteTime.dwHighDateTime=0x1d5dc79, nFileSizeHigh=0x0, nFileSizeLow=0x2c1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="CSXxDN3EhOLei0R.m4a", cAlternateFileName="CSXXDN~1.M4A")) returned 1 [0215.245] GetCurrentThreadId () returned 0x6f8 [0215.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.245] FindNextFileW (in: hFindFile=0x5ff128, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebb69fd0, ftCreationTime.dwHighDateTime=0x1d5de28, ftLastAccessTime.dwLowDateTime=0xf4ba36d0, ftLastAccessTime.dwHighDateTime=0x1d5e54b, ftLastWriteTime.dwLowDateTime=0xf4ba36d0, ftLastWriteTime.dwHighDateTime=0x1d5e54b, nFileSizeHigh=0x0, nFileSizeLow=0x3e58, dwReserved0=0x0, dwReserved1=0x0, cFileName="g1oWGLnWRSfk8W4BIv.odp", cAlternateFileName="G1OWGL~1.ODP")) returned 1 [0215.245] GetCurrentThreadId () returned 0x6f8 [0215.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.245] FindNextFileW (in: hFindFile=0x5ff128, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13ec7380, ftCreationTime.dwHighDateTime=0x1d5dafa, ftLastAccessTime.dwLowDateTime=0x155329c0, ftLastAccessTime.dwHighDateTime=0x1d5d9d9, ftLastWriteTime.dwLowDateTime=0x155329c0, ftLastWriteTime.dwHighDateTime=0x1d5d9d9, nFileSizeHigh=0x0, nFileSizeLow=0x15672, dwReserved0=0x0, dwReserved1=0x0, cFileName="TGZORO0wk.avi", cAlternateFileName="TGZORO~1.AVI")) returned 1 [0215.246] GetCurrentThreadId () returned 0x6f8 [0215.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.246] FindNextFileW (in: hFindFile=0x5ff128, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd0e63e0, ftCreationTime.dwHighDateTime=0x1d5d8ac, ftLastAccessTime.dwLowDateTime=0x99a5270, ftLastAccessTime.dwHighDateTime=0x1d5da38, ftLastWriteTime.dwLowDateTime=0x99a5270, ftLastWriteTime.dwHighDateTime=0x1d5da38, nFileSizeHigh=0x0, nFileSizeLow=0x7973, dwReserved0=0x0, dwReserved1=0x0, cFileName="wEa7.mkv", cAlternateFileName="")) returned 1 [0215.246] GetCurrentThreadId () returned 0x6f8 [0215.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.246] FindNextFileW (in: hFindFile=0x5ff128, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3bf9e0, ftCreationTime.dwHighDateTime=0x1d5e680, ftLastAccessTime.dwLowDateTime=0xf6ced490, ftLastAccessTime.dwHighDateTime=0x1d5e40f, ftLastWriteTime.dwLowDateTime=0xf6ced490, ftLastWriteTime.dwHighDateTime=0x1d5e40f, nFileSizeHigh=0x0, nFileSizeLow=0x182d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="y_df.m4a", cAlternateFileName="")) returned 1 [0215.246] GetCurrentThreadId () returned 0x6f8 [0215.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.246] FindNextFileW (in: hFindFile=0x5ff128, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49f16e70, ftCreationTime.dwHighDateTime=0x1d5e36c, ftLastAccessTime.dwLowDateTime=0x8492e070, ftLastAccessTime.dwHighDateTime=0x1d5e481, ftLastWriteTime.dwLowDateTime=0x8492e070, ftLastWriteTime.dwHighDateTime=0x1d5e481, nFileSizeHigh=0x0, nFileSizeLow=0xf59d, dwReserved0=0x0, dwReserved1=0x0, cFileName="_FSC.m4a", cAlternateFileName="")) returned 1 [0215.246] GetCurrentThreadId () returned 0x6f8 [0215.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.246] FindNextFileW (in: hFindFile=0x5ff128, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49f16e70, ftCreationTime.dwHighDateTime=0x1d5e36c, ftLastAccessTime.dwLowDateTime=0x8492e070, ftLastAccessTime.dwHighDateTime=0x1d5e481, ftLastWriteTime.dwLowDateTime=0x8492e070, ftLastWriteTime.dwHighDateTime=0x1d5e481, nFileSizeHigh=0x0, nFileSizeLow=0xf59d, dwReserved0=0x0, dwReserved1=0x0, cFileName="_FSC.m4a", cAlternateFileName="")) returned 0 [0215.246] GetCurrentThreadId () returned 0x6f8 [0215.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.246] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c3618f0, ftCreationTime.dwHighDateTime=0x1d5dd2b, ftLastAccessTime.dwLowDateTime=0x409d9560, ftLastAccessTime.dwHighDateTime=0x1d5e5dd, ftLastWriteTime.dwLowDateTime=0x409d9560, ftLastWriteTime.dwHighDateTime=0x1d5e5dd, nFileSizeHigh=0x0, nFileSizeLow=0x14e5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="_upc_F0zKy.mp4", cAlternateFileName="_UPC_F~1.MP4")) returned 1 [0215.246] GetCurrentThreadId () returned 0x6f8 [0215.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.246] FindNextFileW (in: hFindFile=0x7e6e858, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c3618f0, ftCreationTime.dwHighDateTime=0x1d5dd2b, ftLastAccessTime.dwLowDateTime=0x409d9560, ftLastAccessTime.dwHighDateTime=0x1d5e5dd, ftLastWriteTime.dwLowDateTime=0x409d9560, ftLastWriteTime.dwHighDateTime=0x1d5e5dd, nFileSizeHigh=0x0, nFileSizeLow=0x14e5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="_upc_F0zKy.mp4", cAlternateFileName="_UPC_F~1.MP4")) returned 0 [0215.246] GetCurrentThreadId () returned 0x6f8 [0215.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.246] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd932e740, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd932e740, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0215.246] GetCurrentThreadId () returned 0x6f8 [0215.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.247] GetCurrentThreadId () returned 0x6f8 [0215.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.247] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd932e740, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd932e740, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e898 [0215.247] GetCurrentThreadId () returned 0x6f8 [0215.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.247] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd932e740, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd932e740, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0215.248] GetCurrentThreadId () returned 0x6f8 [0215.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.248] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6e0ac80, ftCreationTime.dwHighDateTime=0x1d5e625, ftLastAccessTime.dwLowDateTime=0x3be7f590, ftLastAccessTime.dwHighDateTime=0x1d5d9f5, ftLastWriteTime.dwLowDateTime=0x3be7f590, ftLastWriteTime.dwHighDateTime=0x1d5d9f5, nFileSizeHigh=0x0, nFileSizeLow=0x12d37, dwReserved0=0x0, dwReserved1=0x0, cFileName="-6j0PXaCZe.doc", cAlternateFileName="-6J0PX~1.DOC")) returned 1 [0215.248] GetCurrentThreadId () returned 0x6f8 [0215.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x4f3d270, dwHighDateTime=0x1d6076d)) [0215.248] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-6j0PXaCZe.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-6j0pxacze.doc")) returned 0x20 [0215.258] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-6j0PXaCZe.doc", dwFileAttributes=0x80) returned 1 [0215.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-6j0PXaCZe.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-6j0pxacze.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0215.259] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12d37 [0215.264] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x12d37, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x12d37, lpOverlapped=0x0) returned 1 [0215.267] GetCurrentThreadId () returned 0x6f8 [0215.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4f89530, dwHighDateTime=0x1d6076d)) [0215.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x4f89530, dwHighDateTime=0x1d6076d)) [0215.267] GetCurrentThreadId () returned 0x6f8 [0215.267] CloseHandle (hObject=0x10d4) returned 1 [0215.267] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-6j0PXaCZe.doc", dwFileAttributes=0x20) returned 1 [0215.268] GetCurrentThreadId () returned 0x6f8 [0215.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x4f89530, dwHighDateTime=0x1d6076d)) [0215.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x4f89530, dwHighDateTime=0x1d6076d)) [0215.268] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-6j0PXaCZe.doc", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-6j0PXaCZe.doc", piIcon=0x4e4f238) returned 0xe010f [0215.335] GetIconInfo (in: hIcon=0xe010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0215.335] CreateFileW (lpFileName="EkIs.ico" (normalized: "c:\\windows\\system32\\ekis.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0215.336] GetObjectA (in: h=0x120501ca, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0215.336] GetObjectA (in: h=0xbf05016f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0215.336] CreateCompatibleDC (hdc=0x0) returned 0xc1010776 [0215.336] GetDIBits (in: hdc=0xc1010776, hbm=0x120501ca, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0215.336] GetDIBits (in: hdc=0xc1010776, hbm=0x120501ca, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0215.336] GetDIBits (in: hdc=0xc1010776, hbm=0x120501ca, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0215.337] GetDIBits (in: hdc=0xc1010776, hbm=0xbf05016f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0215.337] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0215.338] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0215.338] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0215.338] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0215.338] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0215.338] DeleteDC (hdc=0xc1010776) returned 1 [0215.338] CloseHandle (hObject=0x10d4) returned 1 [0215.339] DeleteObject (ho=0x120501ca) returned 1 [0215.339] DeleteObject (ho=0xbf05016f) returned 1 [0215.339] DestroyCursor (hCursor=0xe010f) returned 1 [0215.339] GetCurrentThreadId () returned 0x6f8 [0215.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-6j0PXaCZe.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-6j0pxacze.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0215.339] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12d37 [0215.345] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x12d37, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x12d37, lpOverlapped=0x0) returned 1 [0215.345] CloseHandle (hObject=0x10d4) returned 1 [0215.346] GetCurrentThreadId () returned 0x6f8 [0215.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x5047c10, dwHighDateTime=0x1d6076d)) [0215.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x5047c10, dwHighDateTime=0x1d6076d)) [0215.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x5047c10, dwHighDateTime=0x1d6076d)) [0215.476] GetCurrentThreadId () returned 0x6f8 [0215.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x5178710, dwHighDateTime=0x1d6076d)) [0215.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x5178710, dwHighDateTime=0x1d6076d)) [0215.476] GetCurrentThreadId () returned 0x6f8 [0215.476] CreateFileW (lpFileName="iIUK.exe" (normalized: "c:\\windows\\system32\\iiuk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.477] CreateFileW (lpFileName="iIUK.exe" (normalized: "c:\\windows\\system32\\iiuk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.477] GetCurrentThreadId () returned 0x6f8 [0215.477] GetCurrentThreadId () returned 0x6f8 [0215.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x5178710, dwHighDateTime=0x1d6076d)) [0215.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x5178710, dwHighDateTime=0x1d6076d)) [0215.477] CreateFileW (lpFileName="iIUK.exe" (normalized: "c:\\windows\\system32\\iiuk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.477] GetCurrentThreadId () returned 0x6f8 [0215.477] BeginUpdateResourceW (pFileName="iIUK.exe" (normalized: "c:\\windows\\system32\\iiuk.exe"), bDeleteExistingResources=0) returned 0x0 [0215.477] CreateFileW (lpFileName="EkIs.ico" (normalized: "c:\\windows\\system32\\ekis.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0215.477] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0215.478] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0215.478] CloseHandle (hObject=0x10d4) returned 1 [0215.478] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0215.479] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0215.479] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0215.479] CopyFileW (lpExistingFileName="iIUK.exe" (normalized: "c:\\windows\\system32\\iiuk.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-6j0PXaCZe.doc.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-6j0pxacze.doc.exe"), bFailIfExists=0) returned 0 [0215.479] SetNamedSecurityInfoW () returned 0x2 [0215.479] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-6j0PXaCZe.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-6j0pxacze.doc")) returned 1 [0215.480] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6c, lpOverlapped=0x0) returned 1 [0215.480] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0215.480] DeleteFileW (lpFileName="EkIs.ico" (normalized: "c:\\windows\\system32\\ekis.ico")) returned 1 [0215.481] DeleteFileW (lpFileName="iIUK.exe" (normalized: "c:\\windows\\system32\\iiuk.exe")) returned 0 [0215.482] GetCurrentThreadId () returned 0x6f8 [0215.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x5178710, dwHighDateTime=0x1d6076d)) [0215.482] GetCurrentThreadId () returned 0x6f8 [0215.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x519e870, dwHighDateTime=0x1d6076d)) [0215.482] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc10b9df0, ftCreationTime.dwHighDateTime=0x1d5e33a, ftLastAccessTime.dwLowDateTime=0xa5c9c9a0, ftLastAccessTime.dwHighDateTime=0x1d5d925, ftLastWriteTime.dwLowDateTime=0xa5c9c9a0, ftLastWriteTime.dwHighDateTime=0x1d5d925, nFileSizeHigh=0x0, nFileSizeLow=0x114bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="-a3YKcNiLfX9s.rtf", cAlternateFileName="-A3YKC~1.RTF")) returned 1 [0215.482] GetCurrentThreadId () returned 0x6f8 [0215.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x519e870, dwHighDateTime=0x1d6076d)) [0215.482] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48e3a10, ftCreationTime.dwHighDateTime=0x1d56dac, ftLastAccessTime.dwLowDateTime=0x7883a880, ftLastAccessTime.dwHighDateTime=0x1d5643b, ftLastWriteTime.dwLowDateTime=0x7883a880, ftLastWriteTime.dwHighDateTime=0x1d5643b, nFileSizeHigh=0x0, nFileSizeLow=0x8286, dwReserved0=0x0, dwReserved1=0x0, cFileName="0lUIuXAlbkD5QUP.xlsx", cAlternateFileName="0LUIUX~1.XLS")) returned 1 [0215.482] GetCurrentThreadId () returned 0x6f8 [0215.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x519e870, dwHighDateTime=0x1d6076d)) [0215.482] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0lUIuXAlbkD5QUP.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0luiuxalbkd5qup.xlsx")) returned 0x20 [0215.482] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0lUIuXAlbkD5QUP.xlsx", dwFileAttributes=0x80) returned 1 [0215.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0lUIuXAlbkD5QUP.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0luiuxalbkd5qup.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0215.483] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8286 [0215.488] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x8286, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x8286, lpOverlapped=0x0) returned 1 [0215.489] GetCurrentThreadId () returned 0x6f8 [0215.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x519e870, dwHighDateTime=0x1d6076d)) [0215.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x519e870, dwHighDateTime=0x1d6076d)) [0215.490] GetCurrentThreadId () returned 0x6f8 [0215.490] CloseHandle (hObject=0x10d4) returned 1 [0215.490] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0lUIuXAlbkD5QUP.xlsx", dwFileAttributes=0x20) returned 1 [0215.490] GetCurrentThreadId () returned 0x6f8 [0215.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x519e870, dwHighDateTime=0x1d6076d)) [0215.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x519e870, dwHighDateTime=0x1d6076d)) [0215.490] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0lUIuXAlbkD5QUP.xlsx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0lUIuXAlbkD5QUP.xlsx", piIcon=0x4e4f238) returned 0x10010f [0215.511] GetIconInfo (in: hIcon=0x10010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0215.511] CreateFileW (lpFileName="cmkU.ico" (normalized: "c:\\windows\\system32\\cmku.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0215.512] GetObjectA (in: h=0xab050770, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0215.512] GetObjectA (in: h=0x99050771, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0215.512] CreateCompatibleDC (hdc=0x0) returned 0xef01076f [0215.512] GetDIBits (in: hdc=0xef01076f, hbm=0xab050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0215.513] GetDIBits (in: hdc=0xef01076f, hbm=0xab050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0215.513] GetDIBits (in: hdc=0xef01076f, hbm=0xab050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0215.513] GetDIBits (in: hdc=0xef01076f, hbm=0x99050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0215.513] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0215.514] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0215.514] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0215.514] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0215.514] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0215.515] DeleteDC (hdc=0xef01076f) returned 1 [0215.515] CloseHandle (hObject=0x10d4) returned 1 [0215.519] DeleteObject (ho=0xab050770) returned 1 [0215.519] DeleteObject (ho=0x99050771) returned 1 [0215.519] DestroyCursor (hCursor=0x10010f) returned 1 [0215.519] GetCurrentThreadId () returned 0x6f8 [0215.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0lUIuXAlbkD5QUP.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0luiuxalbkd5qup.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0215.519] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8286 [0215.524] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x8286, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x8286, lpOverlapped=0x0) returned 1 [0215.525] CloseHandle (hObject=0x10d4) returned 1 [0215.525] GetCurrentThreadId () returned 0x6f8 [0215.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x51eab30, dwHighDateTime=0x1d6076d)) [0215.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x51eab30, dwHighDateTime=0x1d6076d)) [0215.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x51eab30, dwHighDateTime=0x1d6076d)) [0215.929] GetCurrentThreadId () returned 0x6f8 [0215.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x55c8ef0, dwHighDateTime=0x1d6076d)) [0215.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x55c8ef0, dwHighDateTime=0x1d6076d)) [0215.930] GetCurrentThreadId () returned 0x6f8 [0215.930] CreateFileW (lpFileName="WEEU.exe" (normalized: "c:\\windows\\system32\\weeu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.930] CreateFileW (lpFileName="WEEU.exe" (normalized: "c:\\windows\\system32\\weeu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.931] GetCurrentThreadId () returned 0x6f8 [0215.931] GetCurrentThreadId () returned 0x6f8 [0215.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x55c8ef0, dwHighDateTime=0x1d6076d)) [0215.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x55c8ef0, dwHighDateTime=0x1d6076d)) [0215.931] CreateFileW (lpFileName="WEEU.exe" (normalized: "c:\\windows\\system32\\weeu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.931] GetCurrentThreadId () returned 0x6f8 [0215.931] BeginUpdateResourceW (pFileName="WEEU.exe" (normalized: "c:\\windows\\system32\\weeu.exe"), bDeleteExistingResources=0) returned 0x0 [0215.931] CreateFileW (lpFileName="cmkU.ico" (normalized: "c:\\windows\\system32\\cmku.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0215.931] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0215.932] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0215.932] CloseHandle (hObject=0x10d4) returned 1 [0215.932] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0215.932] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0215.932] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0215.932] CopyFileW (lpExistingFileName="WEEU.exe" (normalized: "c:\\windows\\system32\\weeu.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0lUIuXAlbkD5QUP.xlsx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0luiuxalbkd5qup.xlsx.exe"), bFailIfExists=0) returned 0 [0215.932] SetNamedSecurityInfoW () returned 0x2 [0215.932] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0lUIuXAlbkD5QUP.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0luiuxalbkd5qup.xlsx")) returned 1 [0215.936] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x78, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x78, lpOverlapped=0x0) returned 1 [0215.937] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0215.937] DeleteFileW (lpFileName="cmkU.ico" (normalized: "c:\\windows\\system32\\cmku.ico")) returned 1 [0215.938] DeleteFileW (lpFileName="WEEU.exe" (normalized: "c:\\windows\\system32\\weeu.exe")) returned 0 [0215.938] GetCurrentThreadId () returned 0x6f8 [0215.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x55ef050, dwHighDateTime=0x1d6076d)) [0215.938] GetCurrentThreadId () returned 0x6f8 [0215.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x55ef050, dwHighDateTime=0x1d6076d)) [0215.938] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x714a6a60, ftCreationTime.dwHighDateTime=0x1d5e495, ftLastAccessTime.dwLowDateTime=0x7a80be40, ftLastAccessTime.dwHighDateTime=0x1d5df90, ftLastWriteTime.dwLowDateTime=0x7a80be40, ftLastWriteTime.dwHighDateTime=0x1d5df90, nFileSizeHigh=0x0, nFileSizeLow=0x9d78, dwReserved0=0x0, dwReserved1=0x0, cFileName="4uyTJ2GkjeiEXeP.odt", cAlternateFileName="4UYTJ2~1.ODT")) returned 1 [0215.938] GetCurrentThreadId () returned 0x6f8 [0215.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x55ef050, dwHighDateTime=0x1d6076d)) [0215.939] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcecaad40, ftCreationTime.dwHighDateTime=0x1d5b9a1, ftLastAccessTime.dwLowDateTime=0x535a930, ftLastAccessTime.dwHighDateTime=0x1d58aee, ftLastWriteTime.dwLowDateTime=0x535a930, ftLastWriteTime.dwHighDateTime=0x1d58aee, nFileSizeHigh=0x0, nFileSizeLow=0x74eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="aeUZDcfwYaGG.pptx", cAlternateFileName="AEUZDC~1.PPT")) returned 1 [0215.939] GetCurrentThreadId () returned 0x6f8 [0215.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x55ef050, dwHighDateTime=0x1d6076d)) [0215.939] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aeUZDcfwYaGG.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aeuzdcfwyagg.pptx")) returned 0x20 [0215.948] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aeUZDcfwYaGG.pptx", dwFileAttributes=0x80) returned 1 [0215.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aeUZDcfwYaGG.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aeuzdcfwyagg.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0215.949] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x74eb [0215.998] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x74eb, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x74eb, lpOverlapped=0x0) returned 1 [0216.000] GetCurrentThreadId () returned 0x6f8 [0216.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x56875d0, dwHighDateTime=0x1d6076d)) [0216.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x56875d0, dwHighDateTime=0x1d6076d)) [0216.001] GetCurrentThreadId () returned 0x6f8 [0216.001] CloseHandle (hObject=0x10d4) returned 1 [0216.001] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aeUZDcfwYaGG.pptx", dwFileAttributes=0x20) returned 1 [0216.002] GetCurrentThreadId () returned 0x6f8 [0216.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x56875d0, dwHighDateTime=0x1d6076d)) [0216.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x56875d0, dwHighDateTime=0x1d6076d)) [0216.002] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aeUZDcfwYaGG.pptx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aeUZDcfwYaGG.pptx", piIcon=0x4e4f238) returned 0x70147 [0216.027] GetIconInfo (in: hIcon=0x70147, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0216.027] CreateFileW (lpFileName="gEME.ico" (normalized: "c:\\windows\\system32\\geme.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.028] GetObjectA (in: h=0xa60501fa, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0216.028] GetObjectA (in: h=0xf605076f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0216.028] CreateCompatibleDC (hdc=0x0) returned 0x9d010771 [0216.028] GetDIBits (in: hdc=0x9d010771, hbm=0xa60501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0216.028] GetDIBits (in: hdc=0x9d010771, hbm=0xa60501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0216.028] GetDIBits (in: hdc=0x9d010771, hbm=0xa60501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0216.028] GetDIBits (in: hdc=0x9d010771, hbm=0xf605076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0216.028] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0216.029] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0216.030] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0216.030] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0216.030] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0216.030] DeleteDC (hdc=0x9d010771) returned 1 [0216.030] CloseHandle (hObject=0x10d4) returned 1 [0216.036] DeleteObject (ho=0xa60501fa) returned 1 [0216.036] DeleteObject (ho=0xf605076f) returned 1 [0216.036] DestroyCursor (hCursor=0x70147) returned 1 [0216.036] GetCurrentThreadId () returned 0x6f8 [0216.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aeUZDcfwYaGG.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aeuzdcfwyagg.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.036] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x74eb [0216.041] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x74eb, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x74eb, lpOverlapped=0x0) returned 1 [0216.041] CloseHandle (hObject=0x10d4) returned 1 [0216.042] GetCurrentThreadId () returned 0x6f8 [0216.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x56d3890, dwHighDateTime=0x1d6076d)) [0216.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x56d3890, dwHighDateTime=0x1d6076d)) [0216.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x56d3890, dwHighDateTime=0x1d6076d)) [0216.223] GetCurrentThreadId () returned 0x6f8 [0216.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x589c910, dwHighDateTime=0x1d6076d)) [0216.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x589c910, dwHighDateTime=0x1d6076d)) [0216.223] GetCurrentThreadId () returned 0x6f8 [0216.223] CreateFileW (lpFileName="iMQO.exe" (normalized: "c:\\windows\\system32\\imqo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.224] CreateFileW (lpFileName="iMQO.exe" (normalized: "c:\\windows\\system32\\imqo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.224] GetCurrentThreadId () returned 0x6f8 [0216.224] GetCurrentThreadId () returned 0x6f8 [0216.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x589c910, dwHighDateTime=0x1d6076d)) [0216.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x589c910, dwHighDateTime=0x1d6076d)) [0216.224] CreateFileW (lpFileName="iMQO.exe" (normalized: "c:\\windows\\system32\\imqo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.225] GetCurrentThreadId () returned 0x6f8 [0216.225] BeginUpdateResourceW (pFileName="iMQO.exe" (normalized: "c:\\windows\\system32\\imqo.exe"), bDeleteExistingResources=0) returned 0x0 [0216.225] CreateFileW (lpFileName="gEME.ico" (normalized: "c:\\windows\\system32\\geme.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0216.225] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0216.225] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0216.225] CloseHandle (hObject=0x10d4) returned 1 [0216.226] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0216.226] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0216.226] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0216.226] CopyFileW (lpExistingFileName="iMQO.exe" (normalized: "c:\\windows\\system32\\imqo.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aeUZDcfwYaGG.pptx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aeuzdcfwyagg.pptx.exe"), bFailIfExists=0) returned 0 [0216.226] SetNamedSecurityInfoW () returned 0x2 [0216.226] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aeUZDcfwYaGG.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aeuzdcfwyagg.pptx")) returned 1 [0216.229] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x72, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x72, lpOverlapped=0x0) returned 1 [0216.229] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0216.230] DeleteFileW (lpFileName="gEME.ico" (normalized: "c:\\windows\\system32\\geme.ico")) returned 1 [0216.232] DeleteFileW (lpFileName="iMQO.exe" (normalized: "c:\\windows\\system32\\imqo.exe")) returned 0 [0216.232] GetCurrentThreadId () returned 0x6f8 [0216.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x58c2a70, dwHighDateTime=0x1d6076d)) [0216.232] GetCurrentThreadId () returned 0x6f8 [0216.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x58c2a70, dwHighDateTime=0x1d6076d)) [0216.233] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d118fc0, ftCreationTime.dwHighDateTime=0x1d5e406, ftLastAccessTime.dwLowDateTime=0x7baed910, ftLastAccessTime.dwHighDateTime=0x1d5dc92, ftLastWriteTime.dwLowDateTime=0x7baed910, ftLastWriteTime.dwHighDateTime=0x1d5dc92, nFileSizeHigh=0x0, nFileSizeLow=0xc8c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="B67gYXBWUXJnxj.xlsx", cAlternateFileName="B67GYX~1.XLS")) returned 1 [0216.233] GetCurrentThreadId () returned 0x6f8 [0216.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x58c2a70, dwHighDateTime=0x1d6076d)) [0216.233] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B67gYXBWUXJnxj.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b67gyxbwuxjnxj.xlsx")) returned 0x20 [0216.237] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B67gYXBWUXJnxj.xlsx", dwFileAttributes=0x80) returned 1 [0216.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B67gYXBWUXJnxj.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b67gyxbwuxjnxj.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.238] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc8c2 [0216.243] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc8c2, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xc8c2, lpOverlapped=0x0) returned 1 [0216.245] GetCurrentThreadId () returned 0x6f8 [0216.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x58c2a70, dwHighDateTime=0x1d6076d)) [0216.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x58c2a70, dwHighDateTime=0x1d6076d)) [0216.246] GetCurrentThreadId () returned 0x6f8 [0216.246] CloseHandle (hObject=0x10d4) returned 1 [0216.246] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B67gYXBWUXJnxj.xlsx", dwFileAttributes=0x20) returned 1 [0216.247] GetCurrentThreadId () returned 0x6f8 [0216.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x58e8bd0, dwHighDateTime=0x1d6076d)) [0216.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x58e8bd0, dwHighDateTime=0x1d6076d)) [0216.247] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B67gYXBWUXJnxj.xlsx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B67gYXBWUXJnxj.xlsx", piIcon=0x4e4f238) returned 0x1f014d [0216.259] GetIconInfo (in: hIcon=0x1f014d, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0216.259] CreateFileW (lpFileName="qqsI.ico" (normalized: "c:\\windows\\system32\\qqsi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0216.260] GetObjectA (in: h=0x9f050771, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0216.260] GetObjectA (in: h=0xf805076f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0216.260] CreateCompatibleDC (hdc=0x0) returned 0xa80101fa [0216.260] GetDIBits (in: hdc=0xa80101fa, hbm=0x9f050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0216.260] GetDIBits (in: hdc=0xa80101fa, hbm=0x9f050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0216.261] GetDIBits (in: hdc=0xa80101fa, hbm=0x9f050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0216.261] GetDIBits (in: hdc=0xa80101fa, hbm=0xf805076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0216.261] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0216.262] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0216.262] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0216.262] WriteFile (in: hFile=0x10e8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0216.263] WriteFile (in: hFile=0x10e8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0216.263] DeleteDC (hdc=0xa80101fa) returned 1 [0216.263] CloseHandle (hObject=0x10e8) returned 1 [0216.263] DeleteObject (ho=0x9f050771) returned 1 [0216.263] DeleteObject (ho=0xf805076f) returned 1 [0216.263] DestroyCursor (hCursor=0x1f014d) returned 1 [0216.263] GetCurrentThreadId () returned 0x6f8 [0216.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B67gYXBWUXJnxj.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b67gyxbwuxjnxj.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0216.263] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc8c2 [0216.269] ReadFile (in: hFile=0x10e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc8c2, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xc8c2, lpOverlapped=0x0) returned 1 [0216.269] CloseHandle (hObject=0x10e8) returned 1 [0216.269] GetCurrentThreadId () returned 0x6f8 [0216.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x590ed30, dwHighDateTime=0x1d6076d)) [0216.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x590ed30, dwHighDateTime=0x1d6076d)) [0216.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x590ed30, dwHighDateTime=0x1d6076d)) [0216.462] GetCurrentThreadId () returned 0x6f8 [0216.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x5ad7db0, dwHighDateTime=0x1d6076d)) [0216.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x5ad7db0, dwHighDateTime=0x1d6076d)) [0216.463] GetCurrentThreadId () returned 0x6f8 [0216.463] CreateFileW (lpFileName="MoMC.exe" (normalized: "c:\\windows\\system32\\momc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.464] CreateFileW (lpFileName="MoMC.exe" (normalized: "c:\\windows\\system32\\momc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.464] GetCurrentThreadId () returned 0x6f8 [0216.464] GetCurrentThreadId () returned 0x6f8 [0216.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x5ad7db0, dwHighDateTime=0x1d6076d)) [0216.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x5ad7db0, dwHighDateTime=0x1d6076d)) [0216.464] CreateFileW (lpFileName="MoMC.exe" (normalized: "c:\\windows\\system32\\momc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.464] GetCurrentThreadId () returned 0x6f8 [0216.465] BeginUpdateResourceW (pFileName="MoMC.exe" (normalized: "c:\\windows\\system32\\momc.exe"), bDeleteExistingResources=0) returned 0x0 [0216.465] CreateFileW (lpFileName="qqsI.ico" (normalized: "c:\\windows\\system32\\qqsi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e8 [0216.465] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0216.465] ReadFile (in: hFile=0x10e8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0216.465] CloseHandle (hObject=0x10e8) returned 1 [0216.466] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0216.466] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0216.466] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0216.466] CopyFileW (lpExistingFileName="MoMC.exe" (normalized: "c:\\windows\\system32\\momc.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B67gYXBWUXJnxj.xlsx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b67gyxbwuxjnxj.xlsx.exe"), bFailIfExists=0) returned 0 [0216.466] SetNamedSecurityInfoW () returned 0x2 [0216.466] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B67gYXBWUXJnxj.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b67gyxbwuxjnxj.xlsx")) returned 1 [0216.468] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x76, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x76, lpOverlapped=0x0) returned 1 [0216.468] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0216.469] DeleteFileW (lpFileName="qqsI.ico" (normalized: "c:\\windows\\system32\\qqsi.ico")) returned 1 [0216.470] DeleteFileW (lpFileName="MoMC.exe" (normalized: "c:\\windows\\system32\\momc.exe")) returned 0 [0216.470] GetCurrentThreadId () returned 0x6f8 [0216.470] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x5afdf10, dwHighDateTime=0x1d6076d)) [0216.470] GetCurrentThreadId () returned 0x6f8 [0216.470] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x5afdf10, dwHighDateTime=0x1d6076d)) [0216.470] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc644fe0, ftCreationTime.dwHighDateTime=0x1d5d1c9, ftLastAccessTime.dwLowDateTime=0x4dc2a900, ftLastAccessTime.dwHighDateTime=0x1d57ae5, ftLastWriteTime.dwLowDateTime=0x4dc2a900, ftLastWriteTime.dwHighDateTime=0x1d57ae5, nFileSizeHigh=0x0, nFileSizeLow=0x8f9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BEOhmrO5Yqwlk.xlsx", cAlternateFileName="BEOHMR~1.XLS")) returned 1 [0216.470] GetCurrentThreadId () returned 0x6f8 [0216.470] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x5afdf10, dwHighDateTime=0x1d6076d)) [0216.470] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BEOhmrO5Yqwlk.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\beohmro5yqwlk.xlsx")) returned 0x20 [0216.477] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BEOhmrO5Yqwlk.xlsx", dwFileAttributes=0x80) returned 1 [0216.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BEOhmrO5Yqwlk.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\beohmro5yqwlk.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0216.477] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8f9e [0216.482] ReadFile (in: hFile=0x10e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x8f9e, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x8f9e, lpOverlapped=0x0) returned 1 [0216.485] GetCurrentThreadId () returned 0x6f8 [0216.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x5b24070, dwHighDateTime=0x1d6076d)) [0216.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x5b24070, dwHighDateTime=0x1d6076d)) [0216.485] GetCurrentThreadId () returned 0x6f8 [0216.485] CloseHandle (hObject=0x10e8) returned 1 [0216.485] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BEOhmrO5Yqwlk.xlsx", dwFileAttributes=0x20) returned 1 [0216.486] GetCurrentThreadId () returned 0x6f8 [0216.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x5b24070, dwHighDateTime=0x1d6076d)) [0216.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x5b24070, dwHighDateTime=0x1d6076d)) [0216.486] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BEOhmrO5Yqwlk.xlsx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BEOhmrO5Yqwlk.xlsx", piIcon=0x4e4f238) returned 0x1100f3 [0216.501] GetIconInfo (in: hIcon=0x1100f3, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0216.501] CreateFileW (lpFileName="UeEQ.ico" (normalized: "c:\\windows\\system32\\ueeq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.502] GetObjectA (in: h=0x2a0507c3, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0216.502] GetObjectA (in: h=0x570501b3, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0216.502] CreateCompatibleDC (hdc=0x0) returned 0x2f0101a0 [0216.502] GetDIBits (in: hdc=0x2f0101a0, hbm=0x2a0507c3, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0216.503] GetDIBits (in: hdc=0x2f0101a0, hbm=0x2a0507c3, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0216.503] GetDIBits (in: hdc=0x2f0101a0, hbm=0x2a0507c3, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0216.503] GetDIBits (in: hdc=0x2f0101a0, hbm=0x570501b3, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0216.503] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0216.504] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0216.504] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0216.504] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0216.505] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0216.505] DeleteDC (hdc=0x2f0101a0) returned 1 [0216.505] CloseHandle (hObject=0x10d4) returned 1 [0216.505] DeleteObject (ho=0x2a0507c3) returned 1 [0216.505] DeleteObject (ho=0x570501b3) returned 1 [0216.505] DestroyCursor (hCursor=0x1100f3) returned 1 [0216.505] GetCurrentThreadId () returned 0x6f8 [0216.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BEOhmrO5Yqwlk.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\beohmro5yqwlk.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.505] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8f9e [0216.511] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x8f9e, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x8f9e, lpOverlapped=0x0) returned 1 [0216.511] CloseHandle (hObject=0x10d4) returned 1 [0216.511] GetCurrentThreadId () returned 0x6f8 [0216.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x5b4a1d0, dwHighDateTime=0x1d6076d)) [0216.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x5b4a1d0, dwHighDateTime=0x1d6076d)) [0216.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x5b4a1d0, dwHighDateTime=0x1d6076d)) [0216.626] GetCurrentThreadId () returned 0x6f8 [0216.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x5c7acd0, dwHighDateTime=0x1d6076d)) [0216.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x5c7acd0, dwHighDateTime=0x1d6076d)) [0216.626] GetCurrentThreadId () returned 0x6f8 [0216.626] CreateFileW (lpFileName="oosY.exe" (normalized: "c:\\windows\\system32\\oosy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.627] CreateFileW (lpFileName="oosY.exe" (normalized: "c:\\windows\\system32\\oosy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.627] GetCurrentThreadId () returned 0x6f8 [0216.627] GetCurrentThreadId () returned 0x6f8 [0216.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x5c7acd0, dwHighDateTime=0x1d6076d)) [0216.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x5c7acd0, dwHighDateTime=0x1d6076d)) [0216.627] CreateFileW (lpFileName="oosY.exe" (normalized: "c:\\windows\\system32\\oosy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.627] GetCurrentThreadId () returned 0x6f8 [0216.628] BeginUpdateResourceW (pFileName="oosY.exe" (normalized: "c:\\windows\\system32\\oosy.exe"), bDeleteExistingResources=0) returned 0x0 [0216.628] CreateFileW (lpFileName="UeEQ.ico" (normalized: "c:\\windows\\system32\\ueeq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0216.628] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0216.628] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0216.628] CloseHandle (hObject=0x10d4) returned 1 [0216.628] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0216.628] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0216.628] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0216.629] CopyFileW (lpExistingFileName="oosY.exe" (normalized: "c:\\windows\\system32\\oosy.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BEOhmrO5Yqwlk.xlsx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\beohmro5yqwlk.xlsx.exe"), bFailIfExists=0) returned 0 [0216.629] SetNamedSecurityInfoW () returned 0x2 [0216.629] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BEOhmrO5Yqwlk.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\beohmro5yqwlk.xlsx")) returned 1 [0216.631] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x74, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x74, lpOverlapped=0x0) returned 1 [0216.631] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0216.631] DeleteFileW (lpFileName="UeEQ.ico" (normalized: "c:\\windows\\system32\\ueeq.ico")) returned 1 [0216.633] DeleteFileW (lpFileName="oosY.exe" (normalized: "c:\\windows\\system32\\oosy.exe")) returned 0 [0216.633] GetCurrentThreadId () returned 0x6f8 [0216.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x5c7acd0, dwHighDateTime=0x1d6076d)) [0216.633] GetCurrentThreadId () returned 0x6f8 [0216.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x5c7acd0, dwHighDateTime=0x1d6076d)) [0216.633] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc58b35d0, ftCreationTime.dwHighDateTime=0x1d5d97a, ftLastAccessTime.dwLowDateTime=0x2f892b80, ftLastAccessTime.dwHighDateTime=0x1d5e52f, ftLastWriteTime.dwLowDateTime=0x2f892b80, ftLastWriteTime.dwHighDateTime=0x1d5e52f, nFileSizeHigh=0x0, nFileSizeLow=0x937b, dwReserved0=0x0, dwReserved1=0x0, cFileName="bRGpww8z.docx", cAlternateFileName="BRGPWW~1.DOC")) returned 1 [0216.633] GetCurrentThreadId () returned 0x6f8 [0216.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x5c7acd0, dwHighDateTime=0x1d6076d)) [0216.633] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bRGpww8z.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\brgpww8z.docx")) returned 0x20 [0216.634] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bRGpww8z.docx", dwFileAttributes=0x80) returned 1 [0216.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bRGpww8z.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\brgpww8z.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.635] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x937b [0216.639] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x937b, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x937b, lpOverlapped=0x0) returned 1 [0216.641] GetCurrentThreadId () returned 0x6f8 [0216.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x5ca0e30, dwHighDateTime=0x1d6076d)) [0216.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x5ca0e30, dwHighDateTime=0x1d6076d)) [0216.641] GetCurrentThreadId () returned 0x6f8 [0216.642] CloseHandle (hObject=0x10d4) returned 1 [0216.642] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bRGpww8z.docx", dwFileAttributes=0x20) returned 1 [0216.642] GetCurrentThreadId () returned 0x6f8 [0216.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x5ca0e30, dwHighDateTime=0x1d6076d)) [0216.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x5ca0e30, dwHighDateTime=0x1d6076d)) [0216.642] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bRGpww8z.docx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bRGpww8z.docx", piIcon=0x4e4f238) returned 0x1300f3 [0216.702] GetIconInfo (in: hIcon=0x1300f3, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0216.702] CreateFileW (lpFileName="sqss.ico" (normalized: "c:\\windows\\system32\\sqss.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.703] GetObjectA (in: h=0xad0501fa, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0216.703] GetObjectA (in: h=0x350501b8, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0216.703] CreateCompatibleDC (hdc=0x0) returned 0xa5010771 [0216.703] GetDIBits (in: hdc=0xa5010771, hbm=0xad0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0216.703] GetDIBits (in: hdc=0xa5010771, hbm=0xad0501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0216.703] GetDIBits (in: hdc=0xa5010771, hbm=0xad0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0216.703] GetDIBits (in: hdc=0xa5010771, hbm=0x350501b8, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0216.703] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0216.704] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0216.704] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0216.704] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0216.704] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0216.705] DeleteDC (hdc=0xa5010771) returned 1 [0216.705] CloseHandle (hObject=0x10d4) returned 1 [0216.706] DeleteObject (ho=0xad0501fa) returned 1 [0216.706] DeleteObject (ho=0x350501b8) returned 1 [0216.706] DestroyCursor (hCursor=0x1300f3) returned 1 [0216.706] GetCurrentThreadId () returned 0x6f8 [0216.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bRGpww8z.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\brgpww8z.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.706] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x937b [0216.712] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x937b, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x937b, lpOverlapped=0x0) returned 1 [0216.712] CloseHandle (hObject=0x10d4) returned 1 [0216.712] GetCurrentThreadId () returned 0x6f8 [0216.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x5d393b0, dwHighDateTime=0x1d6076d)) [0216.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x5d393b0, dwHighDateTime=0x1d6076d)) [0216.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x5d393b0, dwHighDateTime=0x1d6076d)) [0216.812] GetCurrentThreadId () returned 0x6f8 [0216.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x5e43d50, dwHighDateTime=0x1d6076d)) [0216.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x5e43d50, dwHighDateTime=0x1d6076d)) [0216.812] GetCurrentThreadId () returned 0x6f8 [0216.812] CreateFileW (lpFileName="KoQU.exe" (normalized: "c:\\windows\\system32\\koqu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.813] CreateFileW (lpFileName="KoQU.exe" (normalized: "c:\\windows\\system32\\koqu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.813] GetCurrentThreadId () returned 0x6f8 [0216.813] GetCurrentThreadId () returned 0x6f8 [0216.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x5e43d50, dwHighDateTime=0x1d6076d)) [0216.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x5e43d50, dwHighDateTime=0x1d6076d)) [0216.813] CreateFileW (lpFileName="KoQU.exe" (normalized: "c:\\windows\\system32\\koqu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.813] GetCurrentThreadId () returned 0x6f8 [0216.813] BeginUpdateResourceW (pFileName="KoQU.exe" (normalized: "c:\\windows\\system32\\koqu.exe"), bDeleteExistingResources=0) returned 0x0 [0216.813] CreateFileW (lpFileName="sqss.ico" (normalized: "c:\\windows\\system32\\sqss.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0216.814] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0216.814] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0216.814] CloseHandle (hObject=0x10d4) returned 1 [0216.814] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0216.814] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0216.814] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0216.814] CopyFileW (lpExistingFileName="KoQU.exe" (normalized: "c:\\windows\\system32\\koqu.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bRGpww8z.docx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\brgpww8z.docx.exe"), bFailIfExists=0) returned 0 [0216.815] SetNamedSecurityInfoW () returned 0x2 [0216.815] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bRGpww8z.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\brgpww8z.docx")) returned 1 [0216.817] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6a, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6a, lpOverlapped=0x0) returned 1 [0216.817] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0216.817] DeleteFileW (lpFileName="sqss.ico" (normalized: "c:\\windows\\system32\\sqss.ico")) returned 1 [0216.820] DeleteFileW (lpFileName="KoQU.exe" (normalized: "c:\\windows\\system32\\koqu.exe")) returned 0 [0216.820] GetCurrentThreadId () returned 0x6f8 [0216.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x5e43d50, dwHighDateTime=0x1d6076d)) [0216.820] GetCurrentThreadId () returned 0x6f8 [0216.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x5e43d50, dwHighDateTime=0x1d6076d)) [0216.820] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4305d90, ftCreationTime.dwHighDateTime=0x1d5decd, ftLastAccessTime.dwLowDateTime=0x1c619300, ftLastAccessTime.dwHighDateTime=0x1d5e7f8, ftLastWriteTime.dwLowDateTime=0x1c619300, ftLastWriteTime.dwHighDateTime=0x1d5e7f8, nFileSizeHigh=0x0, nFileSizeLow=0xd987, dwReserved0=0x0, dwReserved1=0x0, cFileName="bXWC95-bXY.ots", cAlternateFileName="BXWC95~1.OTS")) returned 1 [0216.820] GetCurrentThreadId () returned 0x6f8 [0216.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x5e43d50, dwHighDateTime=0x1d6076d)) [0216.820] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3407d7c0, ftCreationTime.dwHighDateTime=0x1d5de8a, ftLastAccessTime.dwLowDateTime=0x99335510, ftLastAccessTime.dwHighDateTime=0x1d5c7d4, ftLastWriteTime.dwLowDateTime=0x99335510, ftLastWriteTime.dwHighDateTime=0x1d5c7d4, nFileSizeHigh=0x0, nFileSizeLow=0xfeab, dwReserved0=0x0, dwReserved1=0x0, cFileName="deAYMjHUcE.xlsx", cAlternateFileName="DEAYMJ~1.XLS")) returned 1 [0216.820] GetCurrentThreadId () returned 0x6f8 [0216.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x5e43d50, dwHighDateTime=0x1d6076d)) [0216.820] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\deAYMjHUcE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\deaymjhuce.xlsx")) returned 0x20 [0216.821] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\deAYMjHUcE.xlsx", dwFileAttributes=0x80) returned 1 [0216.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\deAYMjHUcE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\deaymjhuce.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.821] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfeab [0216.826] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xfeab, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xfeab, lpOverlapped=0x0) returned 1 [0216.828] GetCurrentThreadId () returned 0x6f8 [0216.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x5e69eb0, dwHighDateTime=0x1d6076d)) [0216.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x5e69eb0, dwHighDateTime=0x1d6076d)) [0216.828] GetCurrentThreadId () returned 0x6f8 [0216.829] CloseHandle (hObject=0x10d4) returned 1 [0216.829] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\deAYMjHUcE.xlsx", dwFileAttributes=0x20) returned 1 [0216.829] GetCurrentThreadId () returned 0x6f8 [0216.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x5e69eb0, dwHighDateTime=0x1d6076d)) [0216.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x5e69eb0, dwHighDateTime=0x1d6076d)) [0216.829] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\deAYMjHUcE.xlsx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\deAYMjHUcE.xlsx", piIcon=0x4e4f238) returned 0x1400f3 [0216.841] GetIconInfo (in: hIcon=0x1400f3, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0216.842] CreateFileW (lpFileName="iyYo.ico" (normalized: "c:\\windows\\system32\\iyyo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0216.842] GetObjectA (in: h=0x430501b1, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0216.842] GetObjectA (in: h=0x305076f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0216.842] CreateCompatibleDC (hdc=0x0) returned 0x600101b3 [0216.842] GetDIBits (in: hdc=0x600101b3, hbm=0x430501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0216.843] GetDIBits (in: hdc=0x600101b3, hbm=0x430501b1, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0216.843] GetDIBits (in: hdc=0x600101b3, hbm=0x430501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0216.843] GetDIBits (in: hdc=0x600101b3, hbm=0x305076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0216.843] WriteFile (in: hFile=0x3dc, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0216.848] WriteFile (in: hFile=0x3dc, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0216.848] WriteFile (in: hFile=0x3dc, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0216.848] WriteFile (in: hFile=0x3dc, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0216.848] WriteFile (in: hFile=0x3dc, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0216.848] DeleteDC (hdc=0x600101b3) returned 1 [0216.848] CloseHandle (hObject=0x3dc) returned 1 [0216.849] DeleteObject (ho=0x430501b1) returned 1 [0216.849] DeleteObject (ho=0x305076f) returned 1 [0216.849] DestroyCursor (hCursor=0x1400f3) returned 1 [0216.849] GetCurrentThreadId () returned 0x6f8 [0216.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\deAYMjHUcE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\deaymjhuce.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0216.849] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfeab [0216.854] ReadFile (in: hFile=0x3dc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xfeab, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xfeab, lpOverlapped=0x0) returned 1 [0216.854] CloseHandle (hObject=0x3dc) returned 1 [0216.854] GetCurrentThreadId () returned 0x6f8 [0216.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x5e90010, dwHighDateTime=0x1d6076d)) [0216.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x5e90010, dwHighDateTime=0x1d6076d)) [0216.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x5e90010, dwHighDateTime=0x1d6076d)) [0216.938] GetCurrentThreadId () returned 0x6f8 [0216.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x5f74850, dwHighDateTime=0x1d6076d)) [0216.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x5f74850, dwHighDateTime=0x1d6076d)) [0216.938] GetCurrentThreadId () returned 0x6f8 [0216.938] CreateFileW (lpFileName="cwwg.exe" (normalized: "c:\\windows\\system32\\cwwg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.938] CreateFileW (lpFileName="cwwg.exe" (normalized: "c:\\windows\\system32\\cwwg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.939] GetCurrentThreadId () returned 0x6f8 [0216.939] GetCurrentThreadId () returned 0x6f8 [0216.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x5f74850, dwHighDateTime=0x1d6076d)) [0216.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x5f74850, dwHighDateTime=0x1d6076d)) [0216.939] CreateFileW (lpFileName="cwwg.exe" (normalized: "c:\\windows\\system32\\cwwg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0216.939] GetCurrentThreadId () returned 0x6f8 [0216.939] BeginUpdateResourceW (pFileName="cwwg.exe" (normalized: "c:\\windows\\system32\\cwwg.exe"), bDeleteExistingResources=0) returned 0x0 [0216.939] CreateFileW (lpFileName="iyYo.ico" (normalized: "c:\\windows\\system32\\iyyo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0216.939] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0216.939] ReadFile (in: hFile=0x3dc, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0216.939] CloseHandle (hObject=0x3dc) returned 1 [0216.940] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0216.940] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0216.940] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0216.940] CopyFileW (lpExistingFileName="cwwg.exe" (normalized: "c:\\windows\\system32\\cwwg.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\deAYMjHUcE.xlsx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\deaymjhuce.xlsx.exe"), bFailIfExists=0) returned 0 [0216.940] SetNamedSecurityInfoW () returned 0x2 [0216.940] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\deAYMjHUcE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\deaymjhuce.xlsx")) returned 1 [0216.945] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6e, lpOverlapped=0x0) returned 1 [0216.945] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0216.945] DeleteFileW (lpFileName="iyYo.ico" (normalized: "c:\\windows\\system32\\iyyo.ico")) returned 1 [0216.946] DeleteFileW (lpFileName="cwwg.exe" (normalized: "c:\\windows\\system32\\cwwg.exe")) returned 0 [0216.946] GetCurrentThreadId () returned 0x6f8 [0216.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x5f74850, dwHighDateTime=0x1d6076d)) [0216.946] GetCurrentThreadId () returned 0x6f8 [0216.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x5f74850, dwHighDateTime=0x1d6076d)) [0216.946] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0216.946] GetCurrentThreadId () returned 0x6f8 [0216.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x5f74850, dwHighDateTime=0x1d6076d)) [0216.946] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49849ce0, ftCreationTime.dwHighDateTime=0x1d58bca, ftLastAccessTime.dwLowDateTime=0x96852840, ftLastAccessTime.dwHighDateTime=0x1d567dd, ftLastWriteTime.dwLowDateTime=0x96852840, ftLastWriteTime.dwHighDateTime=0x1d567dd, nFileSizeHigh=0x0, nFileSizeLow=0x6e28, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ee3sNdXb 1.docx", cAlternateFileName="EE3SND~1.DOC")) returned 1 [0216.947] GetCurrentThreadId () returned 0x6f8 [0216.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x5f74850, dwHighDateTime=0x1d6076d)) [0216.947] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ee3sNdXb 1.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ee3sndxb 1.docx")) returned 0x20 [0216.947] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ee3sNdXb 1.docx", dwFileAttributes=0x80) returned 1 [0216.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ee3sNdXb 1.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ee3sndxb 1.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0216.947] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6e28 [0216.952] ReadFile (in: hFile=0x3dc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6e28, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x6e28, lpOverlapped=0x0) returned 1 [0216.954] GetCurrentThreadId () returned 0x6f8 [0216.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x5f9a9b0, dwHighDateTime=0x1d6076d)) [0216.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x5f9a9b0, dwHighDateTime=0x1d6076d)) [0216.954] GetCurrentThreadId () returned 0x6f8 [0216.954] CloseHandle (hObject=0x3dc) returned 1 [0216.954] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ee3sNdXb 1.docx", dwFileAttributes=0x20) returned 1 [0216.954] GetCurrentThreadId () returned 0x6f8 [0216.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x5f9a9b0, dwHighDateTime=0x1d6076d)) [0216.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x5f9a9b0, dwHighDateTime=0x1d6076d)) [0216.954] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ee3sNdXb 1.docx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ee3sNdXb 1.docx", piIcon=0x4e4f238) returned 0x1500f3 [0216.964] GetIconInfo (in: hIcon=0x1500f3, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0216.964] CreateFileW (lpFileName="IMAc.ico" (normalized: "c:\\windows\\system32\\imac.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.965] GetObjectA (in: h=0x380501b8, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0216.965] GetObjectA (in: h=0xb20501fa, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0216.965] CreateCompatibleDC (hdc=0x0) returned 0x350107c3 [0216.965] GetDIBits (in: hdc=0x350107c3, hbm=0x380501b8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0216.965] GetDIBits (in: hdc=0x350107c3, hbm=0x380501b8, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0216.965] GetDIBits (in: hdc=0x350107c3, hbm=0x380501b8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0216.965] GetDIBits (in: hdc=0x350107c3, hbm=0xb20501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0216.965] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0216.966] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0216.966] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0216.966] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0216.966] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0216.966] DeleteDC (hdc=0x350107c3) returned 1 [0216.966] CloseHandle (hObject=0x10d4) returned 1 [0216.967] DeleteObject (ho=0x380501b8) returned 1 [0216.967] DeleteObject (ho=0xb20501fa) returned 1 [0216.967] DestroyCursor (hCursor=0x1500f3) returned 1 [0216.967] GetCurrentThreadId () returned 0x6f8 [0216.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ee3sNdXb 1.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ee3sndxb 1.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0216.967] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6e28 [0216.972] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6e28, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x6e28, lpOverlapped=0x0) returned 1 [0216.972] CloseHandle (hObject=0x10d4) returned 1 [0216.972] GetCurrentThreadId () returned 0x6f8 [0216.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x5fc0b10, dwHighDateTime=0x1d6076d)) [0216.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x5fc0b10, dwHighDateTime=0x1d6076d)) [0216.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x5fc0b10, dwHighDateTime=0x1d6076d)) [0217.050] GetCurrentThreadId () returned 0x6f8 [0217.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x607f1f0, dwHighDateTime=0x1d6076d)) [0217.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x607f1f0, dwHighDateTime=0x1d6076d)) [0217.050] GetCurrentThreadId () returned 0x6f8 [0217.050] CreateFileW (lpFileName="OkUE.exe" (normalized: "c:\\windows\\system32\\okue.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.050] CreateFileW (lpFileName="OkUE.exe" (normalized: "c:\\windows\\system32\\okue.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.051] GetCurrentThreadId () returned 0x6f8 [0217.051] GetCurrentThreadId () returned 0x6f8 [0217.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x607f1f0, dwHighDateTime=0x1d6076d)) [0217.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x607f1f0, dwHighDateTime=0x1d6076d)) [0217.051] CreateFileW (lpFileName="OkUE.exe" (normalized: "c:\\windows\\system32\\okue.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.051] GetCurrentThreadId () returned 0x6f8 [0217.051] BeginUpdateResourceW (pFileName="OkUE.exe" (normalized: "c:\\windows\\system32\\okue.exe"), bDeleteExistingResources=0) returned 0x0 [0217.051] CreateFileW (lpFileName="IMAc.ico" (normalized: "c:\\windows\\system32\\imac.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0217.051] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0217.051] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0217.051] CloseHandle (hObject=0x10d4) returned 1 [0217.052] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0217.052] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0217.052] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0217.052] CopyFileW (lpExistingFileName="OkUE.exe" (normalized: "c:\\windows\\system32\\okue.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ee3sNdXb 1.docx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ee3sndxb 1.docx.exe"), bFailIfExists=0) returned 0 [0217.052] SetNamedSecurityInfoW () returned 0x2 [0217.052] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ee3sNdXb 1.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ee3sndxb 1.docx")) returned 1 [0217.054] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6e, lpOverlapped=0x0) returned 1 [0217.054] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0217.054] DeleteFileW (lpFileName="IMAc.ico" (normalized: "c:\\windows\\system32\\imac.ico")) returned 1 [0217.055] DeleteFileW (lpFileName="OkUE.exe" (normalized: "c:\\windows\\system32\\okue.exe")) returned 0 [0217.055] GetCurrentThreadId () returned 0x6f8 [0217.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x607f1f0, dwHighDateTime=0x1d6076d)) [0217.055] GetCurrentThreadId () returned 0x6f8 [0217.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x607f1f0, dwHighDateTime=0x1d6076d)) [0217.055] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x309b8f40, ftCreationTime.dwHighDateTime=0x1d5db52, ftLastAccessTime.dwLowDateTime=0xfea5d060, ftLastAccessTime.dwHighDateTime=0x1d5e248, ftLastWriteTime.dwLowDateTime=0xfea5d060, ftLastWriteTime.dwHighDateTime=0x1d5e248, nFileSizeHigh=0x0, nFileSizeLow=0x6d42, dwReserved0=0x0, dwReserved1=0x0, cFileName="eNUXxZ.rtf", cAlternateFileName="")) returned 1 [0217.055] GetCurrentThreadId () returned 0x6f8 [0217.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x607f1f0, dwHighDateTime=0x1d6076d)) [0217.055] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a1affe0, ftCreationTime.dwHighDateTime=0x1d5dfaa, ftLastAccessTime.dwLowDateTime=0x82a25700, ftLastAccessTime.dwHighDateTime=0x1d5dbad, ftLastWriteTime.dwLowDateTime=0x82a25700, ftLastWriteTime.dwHighDateTime=0x1d5dbad, nFileSizeHigh=0x0, nFileSizeLow=0x2802, dwReserved0=0x0, dwReserved1=0x0, cFileName="fkwklloM6CgJrmXwxtWV.rtf", cAlternateFileName="FKWKLL~1.RTF")) returned 1 [0217.055] GetCurrentThreadId () returned 0x6f8 [0217.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x607f1f0, dwHighDateTime=0x1d6076d)) [0217.055] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63c49510, ftCreationTime.dwHighDateTime=0x1d5ddbe, ftLastAccessTime.dwLowDateTime=0x4af1ae0, ftLastAccessTime.dwHighDateTime=0x1d5db0d, ftLastWriteTime.dwLowDateTime=0x4af1ae0, ftLastWriteTime.dwHighDateTime=0x1d5db0d, nFileSizeHigh=0x0, nFileSizeLow=0x10f92, dwReserved0=0x0, dwReserved1=0x0, cFileName="fnyx.odp", cAlternateFileName="")) returned 1 [0217.055] GetCurrentThreadId () returned 0x6f8 [0217.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x607f1f0, dwHighDateTime=0x1d6076d)) [0217.055] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8598010, ftCreationTime.dwHighDateTime=0x1d56838, ftLastAccessTime.dwLowDateTime=0xa5e40d00, ftLastAccessTime.dwHighDateTime=0x1d565e5, ftLastWriteTime.dwLowDateTime=0xa5e40d00, ftLastWriteTime.dwHighDateTime=0x1d565e5, nFileSizeHigh=0x0, nFileSizeLow=0x42dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="fzevtocoruBc4yG1S.xlsx", cAlternateFileName="FZEVTO~1.XLS")) returned 1 [0217.056] GetCurrentThreadId () returned 0x6f8 [0217.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x607f1f0, dwHighDateTime=0x1d6076d)) [0217.056] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fzevtocoruBc4yG1S.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fzevtocorubc4yg1s.xlsx")) returned 0x20 [0217.056] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fzevtocoruBc4yG1S.xlsx", dwFileAttributes=0x80) returned 1 [0217.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fzevtocoruBc4yG1S.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fzevtocorubc4yg1s.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.057] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x42dd [0217.062] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x42dd, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x42dd, lpOverlapped=0x0) returned 1 [0217.064] GetCurrentThreadId () returned 0x6f8 [0217.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x60a5350, dwHighDateTime=0x1d6076d)) [0217.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x60a5350, dwHighDateTime=0x1d6076d)) [0217.064] GetCurrentThreadId () returned 0x6f8 [0217.064] CloseHandle (hObject=0x10d4) returned 1 [0217.064] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fzevtocoruBc4yG1S.xlsx", dwFileAttributes=0x20) returned 1 [0217.065] GetCurrentThreadId () returned 0x6f8 [0217.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x60a5350, dwHighDateTime=0x1d6076d)) [0217.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x60a5350, dwHighDateTime=0x1d6076d)) [0217.065] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fzevtocoruBc4yG1S.xlsx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fzevtocoruBc4yG1S.xlsx", piIcon=0x4e4f238) returned 0x20143 [0217.077] GetIconInfo (in: hIcon=0x20143, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0217.077] CreateFileW (lpFileName="oosc.ico" (normalized: "c:\\windows\\system32\\oosc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0217.078] GetObjectA (in: h=0x605076f, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0217.078] GetObjectA (in: h=0x480501b1, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0217.078] CreateCompatibleDC (hdc=0x0) returned 0x4b01019e [0217.078] GetDIBits (in: hdc=0x4b01019e, hbm=0x605076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0217.078] GetDIBits (in: hdc=0x4b01019e, hbm=0x605076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0217.079] GetDIBits (in: hdc=0x4b01019e, hbm=0x605076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0217.079] GetDIBits (in: hdc=0x4b01019e, hbm=0x480501b1, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0217.079] WriteFile (in: hFile=0x3dc, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0217.080] WriteFile (in: hFile=0x3dc, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0217.080] WriteFile (in: hFile=0x3dc, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0217.080] WriteFile (in: hFile=0x3dc, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0217.080] WriteFile (in: hFile=0x3dc, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0217.080] DeleteDC (hdc=0x4b01019e) returned 1 [0217.081] CloseHandle (hObject=0x3dc) returned 1 [0217.081] DeleteObject (ho=0x605076f) returned 1 [0217.081] DeleteObject (ho=0x480501b1) returned 1 [0217.081] DestroyCursor (hCursor=0x20143) returned 1 [0217.081] GetCurrentThreadId () returned 0x6f8 [0217.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fzevtocoruBc4yG1S.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fzevtocorubc4yg1s.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0217.081] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x42dd [0217.086] ReadFile (in: hFile=0x3dc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x42dd, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x42dd, lpOverlapped=0x0) returned 1 [0217.086] CloseHandle (hObject=0x3dc) returned 1 [0217.086] GetCurrentThreadId () returned 0x6f8 [0217.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x60cb4b0, dwHighDateTime=0x1d6076d)) [0217.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x60cb4b0, dwHighDateTime=0x1d6076d)) [0217.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x60cb4b0, dwHighDateTime=0x1d6076d)) [0217.189] GetCurrentThreadId () returned 0x6f8 [0217.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x61d5e50, dwHighDateTime=0x1d6076d)) [0217.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x61d5e50, dwHighDateTime=0x1d6076d)) [0217.189] GetCurrentThreadId () returned 0x6f8 [0217.189] CreateFileW (lpFileName="CYwM.exe" (normalized: "c:\\windows\\system32\\cywm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.190] CreateFileW (lpFileName="CYwM.exe" (normalized: "c:\\windows\\system32\\cywm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.190] GetCurrentThreadId () returned 0x6f8 [0217.190] GetCurrentThreadId () returned 0x6f8 [0217.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x61d5e50, dwHighDateTime=0x1d6076d)) [0217.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x61d5e50, dwHighDateTime=0x1d6076d)) [0217.191] CreateFileW (lpFileName="CYwM.exe" (normalized: "c:\\windows\\system32\\cywm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.191] GetCurrentThreadId () returned 0x6f8 [0217.191] BeginUpdateResourceW (pFileName="CYwM.exe" (normalized: "c:\\windows\\system32\\cywm.exe"), bDeleteExistingResources=0) returned 0x0 [0217.191] CreateFileW (lpFileName="oosc.ico" (normalized: "c:\\windows\\system32\\oosc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0217.191] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0217.191] ReadFile (in: hFile=0x3dc, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0217.191] CloseHandle (hObject=0x3dc) returned 1 [0217.192] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0217.192] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0217.192] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0217.192] CopyFileW (lpExistingFileName="CYwM.exe" (normalized: "c:\\windows\\system32\\cywm.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fzevtocoruBc4yG1S.xlsx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fzevtocorubc4yg1s.xlsx.exe"), bFailIfExists=0) returned 0 [0217.192] SetNamedSecurityInfoW () returned 0x2 [0217.192] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fzevtocoruBc4yG1S.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fzevtocorubc4yg1s.xlsx")) returned 1 [0217.194] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7c, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x7c, lpOverlapped=0x0) returned 1 [0217.194] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0217.195] DeleteFileW (lpFileName="oosc.ico" (normalized: "c:\\windows\\system32\\oosc.ico")) returned 1 [0217.196] DeleteFileW (lpFileName="CYwM.exe" (normalized: "c:\\windows\\system32\\cywm.exe")) returned 0 [0217.196] GetCurrentThreadId () returned 0x6f8 [0217.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x61d5e50, dwHighDateTime=0x1d6076d)) [0217.196] GetCurrentThreadId () returned 0x6f8 [0217.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x61d5e50, dwHighDateTime=0x1d6076d)) [0217.196] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ea55f20, ftCreationTime.dwHighDateTime=0x1d5e63c, ftLastAccessTime.dwLowDateTime=0x1d698c90, ftLastAccessTime.dwHighDateTime=0x1d5db54, ftLastWriteTime.dwLowDateTime=0x1d698c90, ftLastWriteTime.dwHighDateTime=0x1d5db54, nFileSizeHigh=0x0, nFileSizeLow=0x1b54, dwReserved0=0x0, dwReserved1=0x0, cFileName="GIAr Ain.doc", cAlternateFileName="GIARAI~1.DOC")) returned 1 [0217.196] GetCurrentThreadId () returned 0x6f8 [0217.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x61d5e50, dwHighDateTime=0x1d6076d)) [0217.196] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GIAr Ain.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\giar ain.doc")) returned 0x20 [0217.196] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GIAr Ain.doc", dwFileAttributes=0x80) returned 1 [0217.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GIAr Ain.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\giar ain.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0217.197] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1b54 [0217.201] ReadFile (in: hFile=0x3dc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1b54, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x1b54, lpOverlapped=0x0) returned 1 [0217.203] GetCurrentThreadId () returned 0x6f8 [0217.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x61fbfb0, dwHighDateTime=0x1d6076d)) [0217.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x61fbfb0, dwHighDateTime=0x1d6076d)) [0217.204] GetCurrentThreadId () returned 0x6f8 [0217.204] CloseHandle (hObject=0x3dc) returned 1 [0217.204] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GIAr Ain.doc", dwFileAttributes=0x20) returned 1 [0217.204] GetCurrentThreadId () returned 0x6f8 [0217.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x61fbfb0, dwHighDateTime=0x1d6076d)) [0217.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x61fbfb0, dwHighDateTime=0x1d6076d)) [0217.204] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GIAr Ain.doc", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GIAr Ain.doc", piIcon=0x4e4f238) returned 0x30143 [0217.220] GetIconInfo (in: hIcon=0x30143, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0217.221] CreateFileW (lpFileName="SMIk.ico" (normalized: "c:\\windows\\system32\\smik.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.222] GetObjectA (in: h=0xb50501fa, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0217.222] GetObjectA (in: h=0x3d0501b8, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0217.222] CreateCompatibleDC (hdc=0x0) returned 0x3d0101a0 [0217.222] GetDIBits (in: hdc=0x3d0101a0, hbm=0xb50501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0217.222] GetDIBits (in: hdc=0x3d0101a0, hbm=0xb50501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0217.222] GetDIBits (in: hdc=0x3d0101a0, hbm=0xb50501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0217.223] GetDIBits (in: hdc=0x3d0101a0, hbm=0x3d0501b8, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0217.223] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0217.224] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0217.224] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0217.224] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0217.224] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0217.225] DeleteDC (hdc=0x3d0101a0) returned 1 [0217.225] CloseHandle (hObject=0x10d4) returned 1 [0217.225] DeleteObject (ho=0xb50501fa) returned 1 [0217.225] DeleteObject (ho=0x3d0501b8) returned 1 [0217.225] DestroyCursor (hCursor=0x30143) returned 1 [0217.225] GetCurrentThreadId () returned 0x6f8 [0217.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GIAr Ain.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\giar ain.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.225] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1b54 [0217.231] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1b54, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x1b54, lpOverlapped=0x0) returned 1 [0217.231] CloseHandle (hObject=0x10d4) returned 1 [0217.231] GetCurrentThreadId () returned 0x6f8 [0217.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x6248270, dwHighDateTime=0x1d6076d)) [0217.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x6248270, dwHighDateTime=0x1d6076d)) [0217.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x6248270, dwHighDateTime=0x1d6076d)) [0217.317] GetCurrentThreadId () returned 0x6f8 [0217.317] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x6306950, dwHighDateTime=0x1d6076d)) [0217.317] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x6306950, dwHighDateTime=0x1d6076d)) [0217.317] GetCurrentThreadId () returned 0x6f8 [0217.317] CreateFileW (lpFileName="gEki.exe" (normalized: "c:\\windows\\system32\\geki.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.320] CreateFileW (lpFileName="gEki.exe" (normalized: "c:\\windows\\system32\\geki.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.320] GetCurrentThreadId () returned 0x6f8 [0217.320] GetCurrentThreadId () returned 0x6f8 [0217.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x6306950, dwHighDateTime=0x1d6076d)) [0217.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x6306950, dwHighDateTime=0x1d6076d)) [0217.320] CreateFileW (lpFileName="gEki.exe" (normalized: "c:\\windows\\system32\\geki.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.320] GetCurrentThreadId () returned 0x6f8 [0217.320] BeginUpdateResourceW (pFileName="gEki.exe" (normalized: "c:\\windows\\system32\\geki.exe"), bDeleteExistingResources=0) returned 0x0 [0217.321] CreateFileW (lpFileName="SMIk.ico" (normalized: "c:\\windows\\system32\\smik.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0217.321] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0217.321] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0217.321] CloseHandle (hObject=0x10d4) returned 1 [0217.321] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0217.321] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0217.321] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0217.322] CopyFileW (lpExistingFileName="gEki.exe" (normalized: "c:\\windows\\system32\\geki.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GIAr Ain.doc.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\giar ain.doc.exe"), bFailIfExists=0) returned 0 [0217.322] SetNamedSecurityInfoW () returned 0x2 [0217.322] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GIAr Ain.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\giar ain.doc")) returned 1 [0217.324] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x68, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x68, lpOverlapped=0x0) returned 1 [0217.324] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0217.324] DeleteFileW (lpFileName="SMIk.ico" (normalized: "c:\\windows\\system32\\smik.ico")) returned 1 [0217.326] DeleteFileW (lpFileName="gEki.exe" (normalized: "c:\\windows\\system32\\geki.exe")) returned 0 [0217.326] GetCurrentThreadId () returned 0x6f8 [0217.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.326] GetCurrentThreadId () returned 0x6f8 [0217.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.326] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66d91670, ftCreationTime.dwHighDateTime=0x1d5dece, ftLastAccessTime.dwLowDateTime=0x465a3e40, ftLastAccessTime.dwHighDateTime=0x1d5dd27, ftLastWriteTime.dwLowDateTime=0x465a3e40, ftLastWriteTime.dwHighDateTime=0x1d5dd27, nFileSizeHigh=0x0, nFileSizeLow=0xed0d, dwReserved0=0x0, dwReserved1=0x0, cFileName="G_FPymdPf00XUcdaNcM.odp", cAlternateFileName="G_FPYM~1.ODP")) returned 1 [0217.326] GetCurrentThreadId () returned 0x6f8 [0217.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.326] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x612c5770, ftCreationTime.dwHighDateTime=0x1d5db20, ftLastAccessTime.dwLowDateTime=0x71caeed0, ftLastAccessTime.dwHighDateTime=0x1d5dcaf, ftLastWriteTime.dwLowDateTime=0x71caeed0, ftLastWriteTime.dwHighDateTime=0x1d5dcaf, nFileSizeHigh=0x0, nFileSizeLow=0xa9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="iv88gNrditYV.rtf", cAlternateFileName="IV88GN~1.RTF")) returned 1 [0217.326] GetCurrentThreadId () returned 0x6f8 [0217.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.326] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f26610, ftCreationTime.dwHighDateTime=0x1d5dd50, ftLastAccessTime.dwLowDateTime=0x3f17a890, ftLastAccessTime.dwHighDateTime=0x1d5dbe0, ftLastWriteTime.dwLowDateTime=0x3f17a890, ftLastWriteTime.dwHighDateTime=0x1d5dbe0, nFileSizeHigh=0x0, nFileSizeLow=0x16848, dwReserved0=0x0, dwReserved1=0x0, cFileName="J6hSP82CM3ZgN9hvRkf.ppt", cAlternateFileName="J6HSP8~1.PPT")) returned 1 [0217.326] GetCurrentThreadId () returned 0x6f8 [0217.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.326] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\J6hSP82CM3ZgN9hvRkf.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\j6hsp82cm3zgn9hvrkf.ppt")) returned 0x20 [0217.329] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\J6hSP82CM3ZgN9hvRkf.ppt", dwFileAttributes=0x80) returned 1 [0217.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\J6hSP82CM3ZgN9hvRkf.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\j6hsp82cm3zgn9hvrkf.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.330] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16848 [0217.335] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x16848, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x16848, lpOverlapped=0x0) returned 1 [0217.337] GetCurrentThreadId () returned 0x6f8 [0217.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.337] GetCurrentThreadId () returned 0x6f8 [0217.337] CloseHandle (hObject=0x10d4) returned 1 [0217.337] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\J6hSP82CM3ZgN9hvRkf.ppt", dwFileAttributes=0x20) returned 1 [0217.338] GetCurrentThreadId () returned 0x6f8 [0217.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.338] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\J6hSP82CM3ZgN9hvRkf.ppt", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\J6hSP82CM3ZgN9hvRkf.ppt", piIcon=0x4e4f238) returned 0x40143 [0217.349] GetIconInfo (in: hIcon=0x40143, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0217.349] CreateFileW (lpFileName="iYUA.ico" (normalized: "c:\\windows\\system32\\iyua.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0217.350] GetObjectA (in: h=0x4b0501b1, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0217.350] GetObjectA (in: h=0xb05076f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0217.350] CreateCompatibleDC (hdc=0x0) returned 0xb2010771 [0217.350] GetDIBits (in: hdc=0xb2010771, hbm=0x4b0501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0217.350] GetDIBits (in: hdc=0xb2010771, hbm=0x4b0501b1, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0217.350] GetDIBits (in: hdc=0xb2010771, hbm=0x4b0501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0217.350] GetDIBits (in: hdc=0xb2010771, hbm=0xb05076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0217.350] WriteFile (in: hFile=0x3dc, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0217.352] WriteFile (in: hFile=0x3dc, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0217.352] WriteFile (in: hFile=0x3dc, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0217.352] WriteFile (in: hFile=0x3dc, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0217.352] WriteFile (in: hFile=0x3dc, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0217.352] DeleteDC (hdc=0xb2010771) returned 1 [0217.353] CloseHandle (hObject=0x3dc) returned 1 [0217.353] DeleteObject (ho=0x4b0501b1) returned 1 [0217.353] DeleteObject (ho=0xb05076f) returned 1 [0217.353] DestroyCursor (hCursor=0x40143) returned 1 [0217.353] GetCurrentThreadId () returned 0x6f8 [0217.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\J6hSP82CM3ZgN9hvRkf.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\j6hsp82cm3zgn9hvrkf.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0217.353] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16848 [0217.358] ReadFile (in: hFile=0x3dc, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x16848, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x16848, lpOverlapped=0x0) returned 1 [0217.358] CloseHandle (hObject=0x3dc) returned 1 [0217.358] GetCurrentThreadId () returned 0x6f8 [0217.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x6378d70, dwHighDateTime=0x1d6076d)) [0217.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x6378d70, dwHighDateTime=0x1d6076d)) [0217.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x6378d70, dwHighDateTime=0x1d6076d)) [0217.444] GetCurrentThreadId () returned 0x6f8 [0217.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x6437450, dwHighDateTime=0x1d6076d)) [0217.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x6437450, dwHighDateTime=0x1d6076d)) [0217.444] GetCurrentThreadId () returned 0x6f8 [0217.444] CreateFileW (lpFileName="ckwA.exe" (normalized: "c:\\windows\\system32\\ckwa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.445] CreateFileW (lpFileName="ckwA.exe" (normalized: "c:\\windows\\system32\\ckwa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.445] GetCurrentThreadId () returned 0x6f8 [0217.445] GetCurrentThreadId () returned 0x6f8 [0217.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x6437450, dwHighDateTime=0x1d6076d)) [0217.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x6437450, dwHighDateTime=0x1d6076d)) [0217.445] CreateFileW (lpFileName="ckwA.exe" (normalized: "c:\\windows\\system32\\ckwa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.445] GetCurrentThreadId () returned 0x6f8 [0217.445] BeginUpdateResourceW (pFileName="ckwA.exe" (normalized: "c:\\windows\\system32\\ckwa.exe"), bDeleteExistingResources=0) returned 0x0 [0217.445] CreateFileW (lpFileName="iYUA.ico" (normalized: "c:\\windows\\system32\\iyua.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0217.446] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0217.446] ReadFile (in: hFile=0x3dc, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0217.447] CloseHandle (hObject=0x3dc) returned 1 [0217.447] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0217.447] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0217.447] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0217.447] CopyFileW (lpExistingFileName="ckwA.exe" (normalized: "c:\\windows\\system32\\ckwa.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\J6hSP82CM3ZgN9hvRkf.ppt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\j6hsp82cm3zgn9hvrkf.ppt.exe"), bFailIfExists=0) returned 0 [0217.448] SetNamedSecurityInfoW () returned 0x2 [0217.448] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\J6hSP82CM3ZgN9hvRkf.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\j6hsp82cm3zgn9hvrkf.ppt")) returned 1 [0217.449] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x7e, lpOverlapped=0x0) returned 1 [0217.449] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0217.449] DeleteFileW (lpFileName="iYUA.ico" (normalized: "c:\\windows\\system32\\iyua.ico")) returned 1 [0217.450] DeleteFileW (lpFileName="ckwA.exe" (normalized: "c:\\windows\\system32\\ckwa.exe")) returned 0 [0217.451] GetCurrentThreadId () returned 0x6f8 [0217.451] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x645d5b0, dwHighDateTime=0x1d6076d)) [0217.451] GetCurrentThreadId () returned 0x6f8 [0217.451] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x645d5b0, dwHighDateTime=0x1d6076d)) [0217.451] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x868c5d0, ftCreationTime.dwHighDateTime=0x1d5dc31, ftLastAccessTime.dwLowDateTime=0x9d235280, ftLastAccessTime.dwHighDateTime=0x1d5dbe1, ftLastWriteTime.dwLowDateTime=0x9d235280, ftLastWriteTime.dwHighDateTime=0x1d5dbe1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="llWF1", cAlternateFileName="")) returned 1 [0217.451] GetCurrentThreadId () returned 0x6f8 [0217.451] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x645d5b0, dwHighDateTime=0x1d6076d)) [0217.451] GetCurrentThreadId () returned 0x6f8 [0217.451] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x645d5b0, dwHighDateTime=0x1d6076d)) [0217.451] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x868c5d0, ftCreationTime.dwHighDateTime=0x1d5dc31, ftLastAccessTime.dwLowDateTime=0x9d235280, ftLastAccessTime.dwHighDateTime=0x1d5dbe1, ftLastWriteTime.dwLowDateTime=0x9d235280, ftLastWriteTime.dwHighDateTime=0x1d5dbe1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e8d8 [0217.454] GetCurrentThreadId () returned 0x6f8 [0217.454] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x645d5b0, dwHighDateTime=0x1d6076d)) [0217.454] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x868c5d0, ftCreationTime.dwHighDateTime=0x1d5dc31, ftLastAccessTime.dwLowDateTime=0x9d235280, ftLastAccessTime.dwHighDateTime=0x1d5dbe1, ftLastWriteTime.dwLowDateTime=0x9d235280, ftLastWriteTime.dwHighDateTime=0x1d5dbe1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0217.454] GetCurrentThreadId () returned 0x6f8 [0217.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x645d5b0, dwHighDateTime=0x1d6076d)) [0217.455] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x174c00e0, ftCreationTime.dwHighDateTime=0x1d5dbb8, ftLastAccessTime.dwLowDateTime=0xba0f30a0, ftLastAccessTime.dwHighDateTime=0x1d5dd1f, ftLastWriteTime.dwLowDateTime=0xba0f30a0, ftLastWriteTime.dwHighDateTime=0x1d5dd1f, nFileSizeHigh=0x0, nFileSizeLow=0x28d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="4mI7qeSyzpg0kHr.rtf", cAlternateFileName="4MI7QE~1.RTF")) returned 1 [0217.455] GetCurrentThreadId () returned 0x6f8 [0217.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x645d5b0, dwHighDateTime=0x1d6076d)) [0217.455] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c4b5be0, ftCreationTime.dwHighDateTime=0x1d5e043, ftLastAccessTime.dwLowDateTime=0xbee89c40, ftLastAccessTime.dwHighDateTime=0x1d5de6b, ftLastWriteTime.dwLowDateTime=0xbee89c40, ftLastWriteTime.dwHighDateTime=0x1d5de6b, nFileSizeHigh=0x0, nFileSizeLow=0x307f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5GYywnf0Z7Qir.odt", cAlternateFileName="5GYYWN~1.ODT")) returned 1 [0217.455] GetCurrentThreadId () returned 0x6f8 [0217.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x645d5b0, dwHighDateTime=0x1d6076d)) [0217.455] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe145d2c0, ftCreationTime.dwHighDateTime=0x1d5e051, ftLastAccessTime.dwLowDateTime=0x165f1680, ftLastAccessTime.dwHighDateTime=0x1d5dc81, ftLastWriteTime.dwLowDateTime=0x165f1680, ftLastWriteTime.dwHighDateTime=0x1d5dc81, nFileSizeHigh=0x0, nFileSizeLow=0x8a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7vo-oYPVdRwSYh4Y.pptx", cAlternateFileName="7VO-OY~1.PPT")) returned 1 [0217.455] GetCurrentThreadId () returned 0x6f8 [0217.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x645d5b0, dwHighDateTime=0x1d6076d)) [0217.455] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\7vo-oYPVdRwSYh4Y.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\7vo-oypvdrwsyh4y.pptx")) returned 0x20 [0217.459] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\7vo-oYPVdRwSYh4Y.pptx", dwFileAttributes=0x80) returned 1 [0217.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\7vo-oYPVdRwSYh4Y.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\7vo-oypvdrwsyh4y.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.459] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8a0 [0217.464] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x8a0, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x8a0, lpOverlapped=0x0) returned 1 [0217.466] CloseHandle (hObject=0x10d4) returned 1 [0217.466] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\7vo-oYPVdRwSYh4Y.pptx", dwFileAttributes=0x20) returned 1 [0217.466] CloseHandle (hObject=0x4e4f2e0) returned 0 [0217.467] GetCurrentThreadId () returned 0x6f8 [0217.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x6483710, dwHighDateTime=0x1d6076d)) [0217.467] GetCurrentThreadId () returned 0x6f8 [0217.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x6483710, dwHighDateTime=0x1d6076d)) [0217.467] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17e12f40, ftCreationTime.dwHighDateTime=0x1d5e56c, ftLastAccessTime.dwLowDateTime=0x6b465400, ftLastAccessTime.dwHighDateTime=0x1d5e452, ftLastWriteTime.dwLowDateTime=0x6b465400, ftLastWriteTime.dwHighDateTime=0x1d5e452, nFileSizeHigh=0x0, nFileSizeLow=0x1522e, dwReserved0=0x0, dwReserved1=0x0, cFileName="aqE.pps", cAlternateFileName="")) returned 1 [0217.467] GetCurrentThreadId () returned 0x6f8 [0217.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x6483710, dwHighDateTime=0x1d6076d)) [0217.467] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1333d500, ftCreationTime.dwHighDateTime=0x1d5dbc2, ftLastAccessTime.dwLowDateTime=0xccbc7390, ftLastAccessTime.dwHighDateTime=0x1d5d7e6, ftLastWriteTime.dwLowDateTime=0xccbc7390, ftLastWriteTime.dwHighDateTime=0x1d5d7e6, nFileSizeHigh=0x0, nFileSizeLow=0x1aec, dwReserved0=0x0, dwReserved1=0x0, cFileName="bd2xxtoWGvfMY.pptx", cAlternateFileName="BD2XXT~1.PPT")) returned 1 [0217.467] GetCurrentThreadId () returned 0x6f8 [0217.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x6483710, dwHighDateTime=0x1d6076d)) [0217.467] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\bd2xxtoWGvfMY.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\bd2xxtowgvfmy.pptx")) returned 0x20 [0217.468] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\bd2xxtoWGvfMY.pptx", dwFileAttributes=0x80) returned 1 [0217.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\bd2xxtoWGvfMY.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\bd2xxtowgvfmy.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.469] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1aec [0217.474] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1aec, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x1aec, lpOverlapped=0x0) returned 1 [0217.479] GetCurrentThreadId () returned 0x6f8 [0217.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x64a9870, dwHighDateTime=0x1d6076d)) [0217.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x64a9870, dwHighDateTime=0x1d6076d)) [0217.479] GetCurrentThreadId () returned 0x6f8 [0217.479] CloseHandle (hObject=0x10d4) returned 1 [0217.479] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\bd2xxtoWGvfMY.pptx", dwFileAttributes=0x20) returned 1 [0217.480] GetCurrentThreadId () returned 0x6f8 [0217.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x64a9870, dwHighDateTime=0x1d6076d)) [0217.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x64a9870, dwHighDateTime=0x1d6076d)) [0217.480] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\bd2xxtoWGvfMY.pptx", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\bd2xxtoWGvfMY.pptx", piIcon=0x4e4efc4) returned 0x50143 [0217.491] GetIconInfo (in: hIcon=0x50143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0217.492] CreateFileW (lpFileName="AQwQ.ico" (normalized: "c:\\windows\\system32\\aqwq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0217.492] GetObjectA (in: h=0x400501b8, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0217.492] GetObjectA (in: h=0xba0501fa, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0217.493] CreateCompatibleDC (hdc=0x0) returned 0x6d0101b3 [0217.493] GetDIBits (in: hdc=0x6d0101b3, hbm=0x400501b8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0217.493] GetDIBits (in: hdc=0x6d0101b3, hbm=0x400501b8, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0217.493] GetDIBits (in: hdc=0x6d0101b3, hbm=0x400501b8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0217.493] GetDIBits (in: hdc=0x6d0101b3, hbm=0xba0501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0217.493] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0217.494] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0217.494] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0217.495] WriteFile (in: hFile=0x10e8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0217.495] WriteFile (in: hFile=0x10e8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0217.495] DeleteDC (hdc=0x6d0101b3) returned 1 [0217.495] CloseHandle (hObject=0x10e8) returned 1 [0217.495] DeleteObject (ho=0x400501b8) returned 1 [0217.496] DeleteObject (ho=0xba0501fa) returned 1 [0217.496] DestroyCursor (hCursor=0x50143) returned 1 [0217.496] GetCurrentThreadId () returned 0x6f8 [0217.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\bd2xxtoWGvfMY.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\bd2xxtowgvfmy.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0217.496] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1aec [0217.501] ReadFile (in: hFile=0x10e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1aec, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x1aec, lpOverlapped=0x0) returned 1 [0217.501] CloseHandle (hObject=0x10e8) returned 1 [0217.501] GetCurrentThreadId () returned 0x6f8 [0217.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x64cf9d0, dwHighDateTime=0x1d6076d)) [0217.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x64cf9d0, dwHighDateTime=0x1d6076d)) [0217.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x64cf9d0, dwHighDateTime=0x1d6076d)) [0217.581] GetCurrentThreadId () returned 0x6f8 [0217.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x658e0b0, dwHighDateTime=0x1d6076d)) [0217.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x658e0b0, dwHighDateTime=0x1d6076d)) [0217.581] GetCurrentThreadId () returned 0x6f8 [0217.581] CreateFileW (lpFileName="Wgce.exe" (normalized: "c:\\windows\\system32\\wgce.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.593] CreateFileW (lpFileName="Wgce.exe" (normalized: "c:\\windows\\system32\\wgce.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.593] GetCurrentThreadId () returned 0x6f8 [0217.593] GetCurrentThreadId () returned 0x6f8 [0217.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x65b4210, dwHighDateTime=0x1d6076d)) [0217.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x65b4210, dwHighDateTime=0x1d6076d)) [0217.593] CreateFileW (lpFileName="Wgce.exe" (normalized: "c:\\windows\\system32\\wgce.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.594] GetCurrentThreadId () returned 0x6f8 [0217.594] BeginUpdateResourceW (pFileName="Wgce.exe" (normalized: "c:\\windows\\system32\\wgce.exe"), bDeleteExistingResources=0) returned 0x0 [0217.594] CreateFileW (lpFileName="AQwQ.ico" (normalized: "c:\\windows\\system32\\aqwq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e8 [0217.594] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0217.594] ReadFile (in: hFile=0x10e8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0217.594] CloseHandle (hObject=0x10e8) returned 1 [0217.595] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0217.595] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0217.595] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0217.595] CopyFileW (lpExistingFileName="Wgce.exe" (normalized: "c:\\windows\\system32\\wgce.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\bd2xxtoWGvfMY.pptx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\bd2xxtowgvfmy.pptx.exe"), bFailIfExists=0) returned 0 [0217.595] SetNamedSecurityInfoW () returned 0x2 [0217.595] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\bd2xxtoWGvfMY.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\bd2xxtowgvfmy.pptx")) returned 1 [0217.597] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x80, lpOverlapped=0x0) returned 1 [0217.597] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0217.597] DeleteFileW (lpFileName="AQwQ.ico" (normalized: "c:\\windows\\system32\\aqwq.ico")) returned 1 [0217.598] DeleteFileW (lpFileName="Wgce.exe" (normalized: "c:\\windows\\system32\\wgce.exe")) returned 0 [0217.599] GetCurrentThreadId () returned 0x6f8 [0217.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x65b4210, dwHighDateTime=0x1d6076d)) [0217.599] GetCurrentThreadId () returned 0x6f8 [0217.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x65b4210, dwHighDateTime=0x1d6076d)) [0217.599] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12971d0, ftCreationTime.dwHighDateTime=0x1d5dd16, ftLastAccessTime.dwLowDateTime=0x5f9f25d0, ftLastAccessTime.dwHighDateTime=0x1d5dce3, ftLastWriteTime.dwLowDateTime=0x5f9f25d0, ftLastWriteTime.dwHighDateTime=0x1d5dce3, nFileSizeHigh=0x0, nFileSizeLow=0xf9cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_sHzEN-YqCs.doc", cAlternateFileName="D_SHZE~1.DOC")) returned 1 [0217.599] GetCurrentThreadId () returned 0x6f8 [0217.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x65b4210, dwHighDateTime=0x1d6076d)) [0217.599] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\D_sHzEN-YqCs.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\d_shzen-yqcs.doc")) returned 0x20 [0217.601] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\D_sHzEN-YqCs.doc", dwFileAttributes=0x80) returned 1 [0217.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\D_sHzEN-YqCs.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\d_shzen-yqcs.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0217.601] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf9cc [0217.606] ReadFile (in: hFile=0x10e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xf9cc, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xf9cc, lpOverlapped=0x0) returned 1 [0217.607] GetCurrentThreadId () returned 0x6f8 [0217.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x65da370, dwHighDateTime=0x1d6076d)) [0217.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x65da370, dwHighDateTime=0x1d6076d)) [0217.608] GetCurrentThreadId () returned 0x6f8 [0217.608] CloseHandle (hObject=0x10e8) returned 1 [0217.608] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\D_sHzEN-YqCs.doc", dwFileAttributes=0x20) returned 1 [0217.608] GetCurrentThreadId () returned 0x6f8 [0217.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x65da370, dwHighDateTime=0x1d6076d)) [0217.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x65da370, dwHighDateTime=0x1d6076d)) [0217.608] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\D_sHzEN-YqCs.doc", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\D_sHzEN-YqCs.doc", piIcon=0x4e4efc4) returned 0x60143 [0217.618] GetIconInfo (in: hIcon=0x60143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0217.618] CreateFileW (lpFileName="iaUo.ico" (normalized: "c:\\windows\\system32\\iauo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.619] GetObjectA (in: h=0xe05076f, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0217.619] GetObjectA (in: h=0x500501b1, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0217.619] CreateCompatibleDC (hdc=0x0) returned 0x420107c3 [0217.619] GetDIBits (in: hdc=0x420107c3, hbm=0xe05076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0217.619] GetDIBits (in: hdc=0x420107c3, hbm=0xe05076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0217.619] GetDIBits (in: hdc=0x420107c3, hbm=0xe05076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0217.619] GetDIBits (in: hdc=0x420107c3, hbm=0x500501b1, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0217.619] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0217.620] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0217.620] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0217.620] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0217.620] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0217.621] DeleteDC (hdc=0x420107c3) returned 1 [0217.621] CloseHandle (hObject=0x10d4) returned 1 [0217.621] DeleteObject (ho=0xe05076f) returned 1 [0217.621] DeleteObject (ho=0x500501b1) returned 1 [0217.621] DestroyCursor (hCursor=0x60143) returned 1 [0217.621] GetCurrentThreadId () returned 0x6f8 [0217.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\D_sHzEN-YqCs.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\d_shzen-yqcs.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.621] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf9cc [0217.626] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xf9cc, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xf9cc, lpOverlapped=0x0) returned 1 [0217.626] CloseHandle (hObject=0x10d4) returned 1 [0217.626] GetCurrentThreadId () returned 0x6f8 [0217.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x66004d0, dwHighDateTime=0x1d6076d)) [0217.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x66004d0, dwHighDateTime=0x1d6076d)) [0217.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x66004d0, dwHighDateTime=0x1d6076d)) [0217.697] GetCurrentThreadId () returned 0x6f8 [0217.697] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x6698a50, dwHighDateTime=0x1d6076d)) [0217.697] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x6698a50, dwHighDateTime=0x1d6076d)) [0217.697] GetCurrentThreadId () returned 0x6f8 [0217.697] CreateFileW (lpFileName="QMUC.exe" (normalized: "c:\\windows\\system32\\qmuc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.698] CreateFileW (lpFileName="QMUC.exe" (normalized: "c:\\windows\\system32\\qmuc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.698] GetCurrentThreadId () returned 0x6f8 [0217.698] GetCurrentThreadId () returned 0x6f8 [0217.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x66bebb0, dwHighDateTime=0x1d6076d)) [0217.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x66bebb0, dwHighDateTime=0x1d6076d)) [0217.698] CreateFileW (lpFileName="QMUC.exe" (normalized: "c:\\windows\\system32\\qmuc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.699] GetCurrentThreadId () returned 0x6f8 [0217.699] BeginUpdateResourceW (pFileName="QMUC.exe" (normalized: "c:\\windows\\system32\\qmuc.exe"), bDeleteExistingResources=0) returned 0x0 [0217.699] CreateFileW (lpFileName="iaUo.ico" (normalized: "c:\\windows\\system32\\iauo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0217.699] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0217.699] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0217.699] CloseHandle (hObject=0x10d4) returned 1 [0217.700] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0217.700] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0217.700] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0217.700] CopyFileW (lpExistingFileName="QMUC.exe" (normalized: "c:\\windows\\system32\\qmuc.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\D_sHzEN-YqCs.doc.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\d_shzen-yqcs.doc.exe"), bFailIfExists=0) returned 0 [0217.700] SetNamedSecurityInfoW () returned 0x2 [0217.700] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\D_sHzEN-YqCs.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\d_shzen-yqcs.doc")) returned 1 [0217.702] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x7c, lpOverlapped=0x0) returned 1 [0217.702] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0217.702] DeleteFileW (lpFileName="iaUo.ico" (normalized: "c:\\windows\\system32\\iauo.ico")) returned 1 [0217.705] DeleteFileW (lpFileName="QMUC.exe" (normalized: "c:\\windows\\system32\\qmuc.exe")) returned 0 [0217.705] GetCurrentThreadId () returned 0x6f8 [0217.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x66bebb0, dwHighDateTime=0x1d6076d)) [0217.705] GetCurrentThreadId () returned 0x6f8 [0217.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x66bebb0, dwHighDateTime=0x1d6076d)) [0217.705] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9ee35d0, ftCreationTime.dwHighDateTime=0x1d5d7db, ftLastAccessTime.dwLowDateTime=0x5764cd40, ftLastAccessTime.dwHighDateTime=0x1d5d868, ftLastWriteTime.dwLowDateTime=0x5764cd40, ftLastWriteTime.dwHighDateTime=0x1d5d868, nFileSizeHigh=0x0, nFileSizeLow=0x5e39, dwReserved0=0x0, dwReserved1=0x0, cFileName="E11guZJNz_a1rgUc.csv", cAlternateFileName="E11GUZ~1.CSV")) returned 1 [0217.705] GetCurrentThreadId () returned 0x6f8 [0217.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x66bebb0, dwHighDateTime=0x1d6076d)) [0217.705] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf34073a0, ftCreationTime.dwHighDateTime=0x1d5e7b2, ftLastAccessTime.dwLowDateTime=0xe856cf60, ftLastAccessTime.dwHighDateTime=0x1d5de9e, ftLastWriteTime.dwLowDateTime=0xe856cf60, ftLastWriteTime.dwHighDateTime=0x1d5de9e, nFileSizeHigh=0x0, nFileSizeLow=0x63b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="F3NVpts.docx", cAlternateFileName="F3NVPT~1.DOC")) returned 1 [0217.705] GetCurrentThreadId () returned 0x6f8 [0217.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x66bebb0, dwHighDateTime=0x1d6076d)) [0217.705] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\F3NVpts.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\f3nvpts.docx")) returned 0x20 [0217.708] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\F3NVpts.docx", dwFileAttributes=0x80) returned 1 [0217.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\F3NVpts.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\f3nvpts.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.708] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x63b9 [0217.713] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x63b9, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x63b9, lpOverlapped=0x0) returned 1 [0217.715] GetCurrentThreadId () returned 0x6f8 [0217.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x66e4d10, dwHighDateTime=0x1d6076d)) [0217.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x66e4d10, dwHighDateTime=0x1d6076d)) [0217.715] GetCurrentThreadId () returned 0x6f8 [0217.716] CloseHandle (hObject=0x10d4) returned 1 [0217.716] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\F3NVpts.docx", dwFileAttributes=0x20) returned 1 [0217.716] GetCurrentThreadId () returned 0x6f8 [0217.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x66e4d10, dwHighDateTime=0x1d6076d)) [0217.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x66e4d10, dwHighDateTime=0x1d6076d)) [0217.716] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\F3NVpts.docx", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\F3NVpts.docx", piIcon=0x4e4efc4) returned 0x70143 [0217.728] GetIconInfo (in: hIcon=0x70143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0217.729] CreateFileW (lpFileName="oewk.ico" (normalized: "c:\\windows\\system32\\oewk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0217.729] GetObjectA (in: h=0xbd0501fa, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0217.729] GetObjectA (in: h=0x450501b8, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0217.729] CreateCompatibleDC (hdc=0x0) returned 0x5801019e [0217.729] GetDIBits (in: hdc=0x5801019e, hbm=0xbd0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0217.730] GetDIBits (in: hdc=0x5801019e, hbm=0xbd0501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0217.730] GetDIBits (in: hdc=0x5801019e, hbm=0xbd0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0217.730] GetDIBits (in: hdc=0x5801019e, hbm=0x450501b8, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0217.730] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0217.731] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0217.731] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0217.731] WriteFile (in: hFile=0x10e8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0217.732] WriteFile (in: hFile=0x10e8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0217.732] DeleteDC (hdc=0x5801019e) returned 1 [0217.732] CloseHandle (hObject=0x10e8) returned 1 [0217.732] DeleteObject (ho=0xbd0501fa) returned 1 [0217.732] DeleteObject (ho=0x450501b8) returned 1 [0217.732] DestroyCursor (hCursor=0x70143) returned 1 [0217.732] GetCurrentThreadId () returned 0x6f8 [0217.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\F3NVpts.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\f3nvpts.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0217.732] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x63b9 [0217.737] ReadFile (in: hFile=0x10e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x63b9, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x63b9, lpOverlapped=0x0) returned 1 [0217.738] CloseHandle (hObject=0x10e8) returned 1 [0217.738] GetCurrentThreadId () returned 0x6f8 [0217.738] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x670ae70, dwHighDateTime=0x1d6076d)) [0217.738] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x670ae70, dwHighDateTime=0x1d6076d)) [0217.738] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x670ae70, dwHighDateTime=0x1d6076d)) [0217.825] GetCurrentThreadId () returned 0x6f8 [0217.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x67ef6b0, dwHighDateTime=0x1d6076d)) [0217.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x67ef6b0, dwHighDateTime=0x1d6076d)) [0217.825] GetCurrentThreadId () returned 0x6f8 [0217.825] CreateFileW (lpFileName="WYwu.exe" (normalized: "c:\\windows\\system32\\wywu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.825] CreateFileW (lpFileName="WYwu.exe" (normalized: "c:\\windows\\system32\\wywu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.826] GetCurrentThreadId () returned 0x6f8 [0217.826] GetCurrentThreadId () returned 0x6f8 [0217.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x67ef6b0, dwHighDateTime=0x1d6076d)) [0217.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x67ef6b0, dwHighDateTime=0x1d6076d)) [0217.826] CreateFileW (lpFileName="WYwu.exe" (normalized: "c:\\windows\\system32\\wywu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.826] GetCurrentThreadId () returned 0x6f8 [0217.826] BeginUpdateResourceW (pFileName="WYwu.exe" (normalized: "c:\\windows\\system32\\wywu.exe"), bDeleteExistingResources=0) returned 0x0 [0217.826] CreateFileW (lpFileName="oewk.ico" (normalized: "c:\\windows\\system32\\oewk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e8 [0217.826] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0217.827] ReadFile (in: hFile=0x10e8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0217.827] CloseHandle (hObject=0x10e8) returned 1 [0217.827] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0217.827] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0217.827] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0217.827] CopyFileW (lpExistingFileName="WYwu.exe" (normalized: "c:\\windows\\system32\\wywu.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\F3NVpts.docx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\f3nvpts.docx.exe"), bFailIfExists=0) returned 0 [0217.827] SetNamedSecurityInfoW () returned 0x2 [0217.827] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\F3NVpts.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\f3nvpts.docx")) returned 1 [0217.829] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x74, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x74, lpOverlapped=0x0) returned 1 [0217.830] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0217.830] DeleteFileW (lpFileName="oewk.ico" (normalized: "c:\\windows\\system32\\oewk.ico")) returned 1 [0217.831] DeleteFileW (lpFileName="WYwu.exe" (normalized: "c:\\windows\\system32\\wywu.exe")) returned 0 [0217.831] GetCurrentThreadId () returned 0x6f8 [0217.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x67ef6b0, dwHighDateTime=0x1d6076d)) [0217.831] GetCurrentThreadId () returned 0x6f8 [0217.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x67ef6b0, dwHighDateTime=0x1d6076d)) [0217.831] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e3c320, ftCreationTime.dwHighDateTime=0x1d5e1e2, ftLastAccessTime.dwLowDateTime=0xeca86af0, ftLastAccessTime.dwHighDateTime=0x1d5e55c, ftLastWriteTime.dwLowDateTime=0xeca86af0, ftLastWriteTime.dwHighDateTime=0x1d5e55c, nFileSizeHigh=0x0, nFileSizeLow=0xb690, dwReserved0=0x0, dwReserved1=0x0, cFileName="ftfaZiGUvDBR.odt", cAlternateFileName="FTFAZI~1.ODT")) returned 1 [0217.831] GetCurrentThreadId () returned 0x6f8 [0217.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x67ef6b0, dwHighDateTime=0x1d6076d)) [0217.831] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a9411c0, ftCreationTime.dwHighDateTime=0x1d5e0c0, ftLastAccessTime.dwLowDateTime=0xddaba3a0, ftLastAccessTime.dwHighDateTime=0x1d5e6b5, ftLastWriteTime.dwLowDateTime=0xddaba3a0, ftLastWriteTime.dwHighDateTime=0x1d5e6b5, nFileSizeHigh=0x0, nFileSizeLow=0x11d27, dwReserved0=0x0, dwReserved1=0x0, cFileName="G3iRv2GNMb5Bfh.pptx", cAlternateFileName="G3IRV2~1.PPT")) returned 1 [0217.832] GetCurrentThreadId () returned 0x6f8 [0217.832] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x67ef6b0, dwHighDateTime=0x1d6076d)) [0217.832] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\G3iRv2GNMb5Bfh.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\g3irv2gnmb5bfh.pptx")) returned 0x20 [0217.832] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\G3iRv2GNMb5Bfh.pptx", dwFileAttributes=0x80) returned 1 [0217.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\G3iRv2GNMb5Bfh.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\g3irv2gnmb5bfh.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0217.832] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11d27 [0217.837] ReadFile (in: hFile=0x10e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x11d27, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x11d27, lpOverlapped=0x0) returned 1 [0217.839] GetCurrentThreadId () returned 0x6f8 [0217.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x6815810, dwHighDateTime=0x1d6076d)) [0217.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x6815810, dwHighDateTime=0x1d6076d)) [0217.840] GetCurrentThreadId () returned 0x6f8 [0217.840] CloseHandle (hObject=0x10e8) returned 1 [0217.840] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\G3iRv2GNMb5Bfh.pptx", dwFileAttributes=0x20) returned 1 [0217.840] GetCurrentThreadId () returned 0x6f8 [0217.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x6815810, dwHighDateTime=0x1d6076d)) [0217.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x6815810, dwHighDateTime=0x1d6076d)) [0217.841] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\G3iRv2GNMb5Bfh.pptx", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\G3iRv2GNMb5Bfh.pptx", piIcon=0x4e4efc4) returned 0x80143 [0217.853] GetIconInfo (in: hIcon=0x80143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0217.853] CreateFileW (lpFileName="AAso.ico" (normalized: "c:\\windows\\system32\\aaso.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.854] GetObjectA (in: h=0x530501b1, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0217.854] GetObjectA (in: h=0x1305076f, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0217.854] CreateCompatibleDC (hdc=0x0) returned 0x4a0101a0 [0217.854] GetDIBits (in: hdc=0x4a0101a0, hbm=0x530501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0217.854] GetDIBits (in: hdc=0x4a0101a0, hbm=0x530501b1, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0217.854] GetDIBits (in: hdc=0x4a0101a0, hbm=0x530501b1, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0217.854] GetDIBits (in: hdc=0x4a0101a0, hbm=0x1305076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0217.855] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0217.856] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0217.856] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0217.856] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0217.856] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0217.856] DeleteDC (hdc=0x4a0101a0) returned 1 [0217.856] CloseHandle (hObject=0x10d4) returned 1 [0217.857] DeleteObject (ho=0x530501b1) returned 1 [0217.857] DeleteObject (ho=0x1305076f) returned 1 [0217.857] DestroyCursor (hCursor=0x80143) returned 1 [0217.857] GetCurrentThreadId () returned 0x6f8 [0217.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\G3iRv2GNMb5Bfh.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\g3irv2gnmb5bfh.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0217.857] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11d27 [0217.863] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x11d27, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x11d27, lpOverlapped=0x0) returned 1 [0217.863] CloseHandle (hObject=0x10d4) returned 1 [0217.863] GetCurrentThreadId () returned 0x6f8 [0217.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x683b970, dwHighDateTime=0x1d6076d)) [0217.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x683b970, dwHighDateTime=0x1d6076d)) [0217.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x683b970, dwHighDateTime=0x1d6076d)) [0217.997] GetCurrentThreadId () returned 0x6f8 [0217.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x69925d0, dwHighDateTime=0x1d6076d)) [0217.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x69925d0, dwHighDateTime=0x1d6076d)) [0217.997] GetCurrentThreadId () returned 0x6f8 [0217.997] CreateFileW (lpFileName="Igow.exe" (normalized: "c:\\windows\\system32\\igow.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.998] CreateFileW (lpFileName="Igow.exe" (normalized: "c:\\windows\\system32\\igow.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.998] GetCurrentThreadId () returned 0x6f8 [0217.998] GetCurrentThreadId () returned 0x6f8 [0217.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x69925d0, dwHighDateTime=0x1d6076d)) [0217.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x69925d0, dwHighDateTime=0x1d6076d)) [0217.998] CreateFileW (lpFileName="Igow.exe" (normalized: "c:\\windows\\system32\\igow.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0217.998] GetCurrentThreadId () returned 0x6f8 [0217.998] BeginUpdateResourceW (pFileName="Igow.exe" (normalized: "c:\\windows\\system32\\igow.exe"), bDeleteExistingResources=0) returned 0x0 [0217.998] CreateFileW (lpFileName="AAso.ico" (normalized: "c:\\windows\\system32\\aaso.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0217.999] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0217.999] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0217.999] CloseHandle (hObject=0x10d4) returned 1 [0217.999] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0217.999] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0217.999] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0217.999] CopyFileW (lpExistingFileName="Igow.exe" (normalized: "c:\\windows\\system32\\igow.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\G3iRv2GNMb5Bfh.pptx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\g3irv2gnmb5bfh.pptx.exe"), bFailIfExists=0) returned 0 [0218.000] SetNamedSecurityInfoW () returned 0x2 [0218.000] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\G3iRv2GNMb5Bfh.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\g3irv2gnmb5bfh.pptx")) returned 1 [0218.002] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x82, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x82, lpOverlapped=0x0) returned 1 [0218.002] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0218.002] DeleteFileW (lpFileName="AAso.ico" (normalized: "c:\\windows\\system32\\aaso.ico")) returned 1 [0218.004] DeleteFileW (lpFileName="Igow.exe" (normalized: "c:\\windows\\system32\\igow.exe")) returned 0 [0218.004] GetCurrentThreadId () returned 0x6f8 [0218.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x69925d0, dwHighDateTime=0x1d6076d)) [0218.004] GetCurrentThreadId () returned 0x6f8 [0218.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x69925d0, dwHighDateTime=0x1d6076d)) [0218.004] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6a89400, ftCreationTime.dwHighDateTime=0x1d5df1d, ftLastAccessTime.dwLowDateTime=0x694af400, ftLastAccessTime.dwHighDateTime=0x1d5d82f, ftLastWriteTime.dwLowDateTime=0x694af400, ftLastWriteTime.dwHighDateTime=0x1d5d82f, nFileSizeHigh=0x0, nFileSizeLow=0xc634, dwReserved0=0x0, dwReserved1=0x0, cFileName="HaFZJcyUsZlbGPlHhv.ods", cAlternateFileName="HAFZJC~1.ODS")) returned 1 [0218.004] GetCurrentThreadId () returned 0x6f8 [0218.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x69925d0, dwHighDateTime=0x1d6076d)) [0218.004] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bda8ee0, ftCreationTime.dwHighDateTime=0x1d5da1f, ftLastAccessTime.dwLowDateTime=0xe57e6fc0, ftLastAccessTime.dwHighDateTime=0x1d5e0c7, ftLastWriteTime.dwLowDateTime=0xe57e6fc0, ftLastWriteTime.dwHighDateTime=0x1d5e0c7, nFileSizeHigh=0x0, nFileSizeLow=0x10f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="KIYEXJ4R1Czs36X.pptx", cAlternateFileName="KIYEXJ~1.PPT")) returned 1 [0218.004] GetCurrentThreadId () returned 0x6f8 [0218.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x69925d0, dwHighDateTime=0x1d6076d)) [0218.004] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\KIYEXJ4R1Czs36X.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\kiyexj4r1czs36x.pptx")) returned 0x20 [0218.005] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\KIYEXJ4R1Czs36X.pptx", dwFileAttributes=0x80) returned 1 [0218.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\KIYEXJ4R1Czs36X.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\kiyexj4r1czs36x.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0218.005] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10f8 [0218.010] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x10f8, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x10f8, lpOverlapped=0x0) returned 1 [0218.012] GetCurrentThreadId () returned 0x6f8 [0218.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x69b8730, dwHighDateTime=0x1d6076d)) [0218.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x69b8730, dwHighDateTime=0x1d6076d)) [0218.012] GetCurrentThreadId () returned 0x6f8 [0218.012] CloseHandle (hObject=0x10d4) returned 1 [0218.012] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\KIYEXJ4R1Czs36X.pptx", dwFileAttributes=0x20) returned 1 [0218.013] GetCurrentThreadId () returned 0x6f8 [0218.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x69b8730, dwHighDateTime=0x1d6076d)) [0218.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x69b8730, dwHighDateTime=0x1d6076d)) [0218.013] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\KIYEXJ4R1Czs36X.pptx", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\KIYEXJ4R1Czs36X.pptx", piIcon=0x4e4efc4) returned 0x90143 [0218.025] GetIconInfo (in: hIcon=0x90143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0218.025] CreateFileW (lpFileName="Gooc.ico" (normalized: "c:\\windows\\system32\\gooc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0218.026] GetObjectA (in: h=0x480501b8, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0218.026] GetObjectA (in: h=0xc20501fa, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0218.026] CreateCompatibleDC (hdc=0x0) returned 0xbf010771 [0218.026] GetDIBits (in: hdc=0xbf010771, hbm=0x480501b8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0218.026] GetDIBits (in: hdc=0xbf010771, hbm=0x480501b8, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0218.026] GetDIBits (in: hdc=0xbf010771, hbm=0x480501b8, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0218.026] GetDIBits (in: hdc=0xbf010771, hbm=0xc20501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0218.026] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0218.027] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0218.027] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0218.028] WriteFile (in: hFile=0x10e8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0218.028] WriteFile (in: hFile=0x10e8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0218.028] DeleteDC (hdc=0xbf010771) returned 1 [0218.028] CloseHandle (hObject=0x10e8) returned 1 [0218.029] DeleteObject (ho=0x480501b8) returned 1 [0218.029] DeleteObject (ho=0xc20501fa) returned 1 [0218.029] DestroyCursor (hCursor=0x90143) returned 1 [0218.029] GetCurrentThreadId () returned 0x6f8 [0218.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\KIYEXJ4R1Czs36X.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\kiyexj4r1czs36x.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0218.029] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10f8 [0218.034] ReadFile (in: hFile=0x10e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x10f8, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x10f8, lpOverlapped=0x0) returned 1 [0218.034] CloseHandle (hObject=0x10e8) returned 1 [0218.034] GetCurrentThreadId () returned 0x6f8 [0218.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x69de890, dwHighDateTime=0x1d6076d)) [0218.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x69de890, dwHighDateTime=0x1d6076d)) [0218.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x69de890, dwHighDateTime=0x1d6076d)) [0218.183] GetCurrentThreadId () returned 0x6f8 [0218.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x6b5b650, dwHighDateTime=0x1d6076d)) [0218.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x6b5b650, dwHighDateTime=0x1d6076d)) [0218.183] GetCurrentThreadId () returned 0x6f8 [0218.183] CreateFileW (lpFileName="CsYK.exe" (normalized: "c:\\windows\\system32\\csyk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0218.184] CreateFileW (lpFileName="CsYK.exe" (normalized: "c:\\windows\\system32\\csyk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0218.185] GetCurrentThreadId () returned 0x6f8 [0218.185] GetCurrentThreadId () returned 0x6f8 [0218.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x6b5b650, dwHighDateTime=0x1d6076d)) [0218.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x6b5b650, dwHighDateTime=0x1d6076d)) [0218.185] CreateFileW (lpFileName="CsYK.exe" (normalized: "c:\\windows\\system32\\csyk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0218.185] GetCurrentThreadId () returned 0x6f8 [0218.185] BeginUpdateResourceW (pFileName="CsYK.exe" (normalized: "c:\\windows\\system32\\csyk.exe"), bDeleteExistingResources=0) returned 0x0 [0218.185] CreateFileW (lpFileName="Gooc.ico" (normalized: "c:\\windows\\system32\\gooc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e8 [0218.186] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0218.186] ReadFile (in: hFile=0x10e8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0218.186] CloseHandle (hObject=0x10e8) returned 1 [0218.186] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0218.186] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0218.186] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0218.186] CopyFileW (lpExistingFileName="CsYK.exe" (normalized: "c:\\windows\\system32\\csyk.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\KIYEXJ4R1Czs36X.pptx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\kiyexj4r1czs36x.pptx.exe"), bFailIfExists=0) returned 0 [0218.187] SetNamedSecurityInfoW () returned 0x2 [0218.187] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\KIYEXJ4R1Czs36X.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\kiyexj4r1czs36x.pptx")) returned 1 [0218.189] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x84, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x84, lpOverlapped=0x0) returned 1 [0218.189] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0218.189] DeleteFileW (lpFileName="Gooc.ico" (normalized: "c:\\windows\\system32\\gooc.ico")) returned 1 [0218.190] DeleteFileW (lpFileName="CsYK.exe" (normalized: "c:\\windows\\system32\\csyk.exe")) returned 0 [0218.190] GetCurrentThreadId () returned 0x6f8 [0218.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x6b5b650, dwHighDateTime=0x1d6076d)) [0218.190] GetCurrentThreadId () returned 0x6f8 [0218.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x6b5b650, dwHighDateTime=0x1d6076d)) [0218.190] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d9197f0, ftCreationTime.dwHighDateTime=0x1d5e324, ftLastAccessTime.dwLowDateTime=0x8237ba40, ftLastAccessTime.dwHighDateTime=0x1d5e0cf, ftLastWriteTime.dwLowDateTime=0x8237ba40, ftLastWriteTime.dwHighDateTime=0x1d5e0cf, nFileSizeHigh=0x0, nFileSizeLow=0x1019c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MkiHue.csv", cAlternateFileName="")) returned 1 [0218.191] GetCurrentThreadId () returned 0x6f8 [0218.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x6b5b650, dwHighDateTime=0x1d6076d)) [0218.191] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28912910, ftCreationTime.dwHighDateTime=0x1d5e5b9, ftLastAccessTime.dwLowDateTime=0xc88cad0, ftLastAccessTime.dwHighDateTime=0x1d5e112, ftLastWriteTime.dwLowDateTime=0xc88cad0, ftLastWriteTime.dwHighDateTime=0x1d5e112, nFileSizeHigh=0x0, nFileSizeLow=0xa3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pkdg0v0Bp.pdf", cAlternateFileName="PKDG0V~1.PDF")) returned 1 [0218.191] GetCurrentThreadId () returned 0x6f8 [0218.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x6b5b650, dwHighDateTime=0x1d6076d)) [0218.191] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\Pkdg0v0Bp.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\pkdg0v0bp.pdf")) returned 0x20 [0218.193] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\Pkdg0v0Bp.pdf", dwFileAttributes=0x80) returned 1 [0218.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\Pkdg0v0Bp.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\pkdg0v0bp.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0218.193] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa3a0 [0218.198] ReadFile (in: hFile=0x10e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa3a0, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xa3a0, lpOverlapped=0x0) returned 1 [0218.200] GetCurrentThreadId () returned 0x6f8 [0218.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x6b817b0, dwHighDateTime=0x1d6076d)) [0218.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x6b817b0, dwHighDateTime=0x1d6076d)) [0218.200] GetCurrentThreadId () returned 0x6f8 [0218.200] CloseHandle (hObject=0x10e8) returned 1 [0218.201] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\Pkdg0v0Bp.pdf", dwFileAttributes=0x20) returned 1 [0218.201] GetCurrentThreadId () returned 0x6f8 [0218.201] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x6b817b0, dwHighDateTime=0x1d6076d)) [0218.201] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x6b817b0, dwHighDateTime=0x1d6076d)) [0218.201] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\Pkdg0v0Bp.pdf", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\Pkdg0v0Bp.pdf", piIcon=0x4e4efc4) returned 0xb0143 [0218.541] GetIconInfo (in: hIcon=0xb0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0218.541] CreateFileW (lpFileName="AAsA.ico" (normalized: "c:\\windows\\system32\\aasa.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0218.542] GetObjectA (in: h=0x4f0501a0, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0218.542] GetObjectA (in: h=0x4e0507c3, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0218.542] CreateCompatibleDC (hdc=0x0) returned 0x590101b1 [0218.542] GetDIBits (in: hdc=0x590101b1, hbm=0x4f0501a0, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0218.542] GetDIBits (in: hdc=0x590101b1, hbm=0x4f0501a0, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0218.542] GetDIBits (in: hdc=0x590101b1, hbm=0x4f0501a0, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0218.542] GetDIBits (in: hdc=0x590101b1, hbm=0x4e0507c3, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0218.542] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0218.543] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0218.543] WriteFile (in: hFile=0x10d4, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0218.543] WriteFile (in: hFile=0x10d4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0218.543] WriteFile (in: hFile=0x10d4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0218.543] DeleteDC (hdc=0x590101b1) returned 1 [0218.543] CloseHandle (hObject=0x10d4) returned 1 [0218.544] DeleteObject (ho=0x4f0501a0) returned 1 [0218.544] DeleteObject (ho=0x4e0507c3) returned 1 [0218.544] DestroyCursor (hCursor=0xb0143) returned 1 [0218.544] GetCurrentThreadId () returned 0x6f8 [0218.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\Pkdg0v0Bp.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\pkdg0v0bp.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0218.545] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa3a0 [0218.549] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa3a0, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xa3a0, lpOverlapped=0x0) returned 1 [0218.549] CloseHandle (hObject=0x10d4) returned 1 [0218.549] GetCurrentThreadId () returned 0x6f8 [0218.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x6ec75f0, dwHighDateTime=0x1d6076d)) [0218.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x6ec75f0, dwHighDateTime=0x1d6076d)) [0218.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x6ec75f0, dwHighDateTime=0x1d6076d)) [0218.618] GetCurrentThreadId () returned 0x6f8 [0218.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.618] GetCurrentThreadId () returned 0x6f8 [0218.618] CreateFileW (lpFileName="agwo.exe" (normalized: "c:\\windows\\system32\\agwo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0218.619] CreateFileW (lpFileName="agwo.exe" (normalized: "c:\\windows\\system32\\agwo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0218.619] GetCurrentThreadId () returned 0x6f8 [0218.619] GetCurrentThreadId () returned 0x6f8 [0218.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.619] CreateFileW (lpFileName="agwo.exe" (normalized: "c:\\windows\\system32\\agwo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0218.619] GetCurrentThreadId () returned 0x6f8 [0218.619] BeginUpdateResourceW (pFileName="agwo.exe" (normalized: "c:\\windows\\system32\\agwo.exe"), bDeleteExistingResources=0) returned 0x0 [0218.620] CreateFileW (lpFileName="AAsA.ico" (normalized: "c:\\windows\\system32\\aasa.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10d4 [0218.620] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0218.620] ReadFile (in: hFile=0x10d4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0218.620] CloseHandle (hObject=0x10d4) returned 1 [0218.620] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0218.620] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0218.620] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0218.620] CopyFileW (lpExistingFileName="agwo.exe" (normalized: "c:\\windows\\system32\\agwo.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\Pkdg0v0Bp.pdf.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\pkdg0v0bp.pdf.exe"), bFailIfExists=0) returned 0 [0218.620] SetNamedSecurityInfoW () returned 0x2 [0218.621] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\Pkdg0v0Bp.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\pkdg0v0bp.pdf")) returned 1 [0218.622] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x76, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x76, lpOverlapped=0x0) returned 1 [0218.622] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0218.622] DeleteFileW (lpFileName="AAsA.ico" (normalized: "c:\\windows\\system32\\aasa.ico")) returned 1 [0218.623] DeleteFileW (lpFileName="agwo.exe" (normalized: "c:\\windows\\system32\\agwo.exe")) returned 0 [0218.623] GetCurrentThreadId () returned 0x6f8 [0218.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.623] GetCurrentThreadId () returned 0x6f8 [0218.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.623] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc752a730, ftCreationTime.dwHighDateTime=0x1d5de8f, ftLastAccessTime.dwLowDateTime=0x8cc52240, ftLastAccessTime.dwHighDateTime=0x1d5e494, ftLastWriteTime.dwLowDateTime=0x8cc52240, ftLastWriteTime.dwHighDateTime=0x1d5e494, nFileSizeHigh=0x0, nFileSizeLow=0x37c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="rUpoIpuds.xlsx", cAlternateFileName="RUPOIP~1.XLS")) returned 1 [0218.623] GetCurrentThreadId () returned 0x6f8 [0218.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.623] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\rUpoIpuds.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\rupoipuds.xlsx")) returned 0x20 [0218.625] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\rUpoIpuds.xlsx", dwFileAttributes=0x80) returned 1 [0218.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\rUpoIpuds.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\rupoipuds.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10d4 [0218.625] GetFileSize (in: hFile=0x10d4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x37c2 [0218.630] ReadFile (in: hFile=0x10d4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x37c2, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x37c2, lpOverlapped=0x0) returned 1 [0218.631] GetCurrentThreadId () returned 0x6f8 [0218.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.631] GetCurrentThreadId () returned 0x6f8 [0218.631] CloseHandle (hObject=0x10d4) returned 1 [0218.632] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\rUpoIpuds.xlsx", dwFileAttributes=0x20) returned 1 [0218.632] GetCurrentThreadId () returned 0x6f8 [0218.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x6f85cd0, dwHighDateTime=0x1d6076d)) [0218.632] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\rUpoIpuds.xlsx", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\rUpoIpuds.xlsx", piIcon=0x4e4efc4) returned 0x31008b [0218.641] GetIconInfo (in: hIcon=0x31008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0218.641] CreateFileW (lpFileName="wEIA.ico" (normalized: "c:\\windows\\system32\\weia.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0218.642] GetObjectA (in: h=0x6205019e, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0218.642] GetObjectA (in: h=0x1e05076f, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0218.642] CreateCompatibleDC (hdc=0x0) returned 0xcb0101fa [0218.642] GetDIBits (in: hdc=0xcb0101fa, hbm=0x6205019e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0218.642] GetDIBits (in: hdc=0xcb0101fa, hbm=0x6205019e, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0218.642] GetDIBits (in: hdc=0xcb0101fa, hbm=0x6205019e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0218.642] GetDIBits (in: hdc=0xcb0101fa, hbm=0x1e05076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0218.642] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0218.643] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0218.643] WriteFile (in: hFile=0x10e8, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0218.643] WriteFile (in: hFile=0x10e8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0218.643] WriteFile (in: hFile=0x10e8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0218.644] DeleteDC (hdc=0xcb0101fa) returned 1 [0218.644] CloseHandle (hObject=0x10e8) returned 1 [0218.644] DeleteObject (ho=0x6205019e) returned 1 [0218.644] DeleteObject (ho=0x1e05076f) returned 1 [0218.644] DestroyCursor (hCursor=0x31008b) returned 1 [0218.644] GetCurrentThreadId () returned 0x6f8 [0218.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\rUpoIpuds.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\rupoipuds.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10e8 [0218.644] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x37c2 [0218.648] ReadFile (in: hFile=0x10e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x37c2, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x37c2, lpOverlapped=0x0) returned 1 [0218.649] CloseHandle (hObject=0x10e8) returned 1 [0218.649] GetCurrentThreadId () returned 0x6f8 [0218.649] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x6fd1f90, dwHighDateTime=0x1d6076d)) [0218.649] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x6fd1f90, dwHighDateTime=0x1d6076d)) [0218.649] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x6fd1f90, dwHighDateTime=0x1d6076d)) [0219.479] GetCurrentThreadId () returned 0x6f8 [0219.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.479] GetCurrentThreadId () returned 0x6f8 [0219.480] CreateFileW (lpFileName="YAQm.exe" (normalized: "c:\\windows\\system32\\yaqm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0219.480] CreateFileW (lpFileName="YAQm.exe" (normalized: "c:\\windows\\system32\\yaqm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0219.480] GetCurrentThreadId () returned 0x6f8 [0219.481] GetCurrentThreadId () returned 0x6f8 [0219.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.481] CreateFileW (lpFileName="YAQm.exe" (normalized: "c:\\windows\\system32\\yaqm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0219.481] GetCurrentThreadId () returned 0x6f8 [0219.481] BeginUpdateResourceW (pFileName="YAQm.exe" (normalized: "c:\\windows\\system32\\yaqm.exe"), bDeleteExistingResources=0) returned 0x0 [0219.481] CreateFileW (lpFileName="wEIA.ico" (normalized: "c:\\windows\\system32\\weia.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10e8 [0219.481] GetFileSize (in: hFile=0x10e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0219.481] ReadFile (in: hFile=0x10e8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0219.482] CloseHandle (hObject=0x10e8) returned 1 [0219.482] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0219.482] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0219.482] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0219.482] CopyFileW (lpExistingFileName="YAQm.exe" (normalized: "c:\\windows\\system32\\yaqm.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\rUpoIpuds.xlsx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\rupoipuds.xlsx.exe"), bFailIfExists=0) returned 0 [0219.482] SetNamedSecurityInfoW () returned 0x2 [0219.482] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\llWF1\\rUpoIpuds.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\llwf1\\rupoipuds.xlsx")) returned 1 [0219.484] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x78, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x78, lpOverlapped=0x0) returned 1 [0219.484] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0219.484] DeleteFileW (lpFileName="wEIA.ico" (normalized: "c:\\windows\\system32\\weia.ico")) returned 1 [0219.486] DeleteFileW (lpFileName="YAQm.exe" (normalized: "c:\\windows\\system32\\yaqm.exe")) returned 0 [0219.486] GetCurrentThreadId () returned 0x6f8 [0219.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.486] GetCurrentThreadId () returned 0x6f8 [0219.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.486] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf516960, ftCreationTime.dwHighDateTime=0x1d5e398, ftLastAccessTime.dwLowDateTime=0x6ebba060, ftLastAccessTime.dwHighDateTime=0x1d5d8e8, ftLastWriteTime.dwLowDateTime=0x6ebba060, ftLastWriteTime.dwHighDateTime=0x1d5d8e8, nFileSizeHigh=0x0, nFileSizeLow=0x16cd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="s_0VNoNUDUniDT836eD.ods", cAlternateFileName="S_0VNO~1.ODS")) returned 1 [0219.486] GetCurrentThreadId () returned 0x6f8 [0219.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.486] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bc92980, ftCreationTime.dwHighDateTime=0x1d5d7b1, ftLastAccessTime.dwLowDateTime=0x619e9d50, ftLastAccessTime.dwHighDateTime=0x1d5e44c, ftLastWriteTime.dwLowDateTime=0x619e9d50, ftLastWriteTime.dwHighDateTime=0x1d5e44c, nFileSizeHigh=0x0, nFileSizeLow=0xcb4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="xcrqDPvj8o2Y.odp", cAlternateFileName="XCRQDP~1.ODP")) returned 1 [0219.486] GetCurrentThreadId () returned 0x6f8 [0219.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.486] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92082900, ftCreationTime.dwHighDateTime=0x1d5db07, ftLastAccessTime.dwLowDateTime=0x2bba7260, ftLastAccessTime.dwHighDateTime=0x1d5e120, ftLastWriteTime.dwLowDateTime=0x2bba7260, ftLastWriteTime.dwHighDateTime=0x1d5e120, nFileSizeHigh=0x0, nFileSizeLow=0x1047b, dwReserved0=0x0, dwReserved1=0x0, cFileName="yubtU6DLibtg3BBm.ods", cAlternateFileName="YUBTU6~1.ODS")) returned 1 [0219.486] GetCurrentThreadId () returned 0x6f8 [0219.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.486] FindNextFileW (in: hFindFile=0x7e6e8d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92082900, ftCreationTime.dwHighDateTime=0x1d5db07, ftLastAccessTime.dwLowDateTime=0x2bba7260, ftLastAccessTime.dwHighDateTime=0x1d5e120, ftLastWriteTime.dwLowDateTime=0x2bba7260, ftLastWriteTime.dwHighDateTime=0x1d5e120, nFileSizeHigh=0x0, nFileSizeLow=0x1047b, dwReserved0=0x0, dwReserved1=0x0, cFileName="yubtU6DLibtg3BBm.ods", cAlternateFileName="YUBTU6~1.ODS")) returned 0 [0219.486] GetCurrentThreadId () returned 0x6f8 [0219.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.487] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0219.487] GetCurrentThreadId () returned 0x6f8 [0219.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.487] GetCurrentThreadId () returned 0x6f8 [0219.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0219.487] GetCurrentThreadId () returned 0x6f8 [0219.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.487] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0219.487] GetCurrentThreadId () returned 0x6f8 [0219.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.487] GetCurrentThreadId () returned 0x6f8 [0219.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0219.487] GetCurrentThreadId () returned 0x6f8 [0219.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.488] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0219.488] GetCurrentThreadId () returned 0x6f8 [0219.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.488] GetCurrentThreadId () returned 0x6f8 [0219.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.488] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e918 [0219.556] GetCurrentThreadId () returned 0x6f8 [0219.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x7872f50, dwHighDateTime=0x1d6076d)) [0219.556] FindNextFileW (in: hFindFile=0x7e6e918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0219.556] GetCurrentThreadId () returned 0x6f8 [0219.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x7872f50, dwHighDateTime=0x1d6076d)) [0219.556] FindNextFileW (in: hFindFile=0x7e6e918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0219.556] GetCurrentThreadId () returned 0x6f8 [0219.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x7872f50, dwHighDateTime=0x1d6076d)) [0219.556] FindNextFileW (in: hFindFile=0x7e6e918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0219.557] GetCurrentThreadId () returned 0x6f8 [0219.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x7872f50, dwHighDateTime=0x1d6076d)) [0219.557] FindNextFileW (in: hFindFile=0x7e6e918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0219.557] GetCurrentThreadId () returned 0x6f8 [0219.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x7872f50, dwHighDateTime=0x1d6076d)) [0219.557] GetCurrentThreadId () returned 0x6f8 [0219.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x7872f50, dwHighDateTime=0x1d6076d)) [0219.557] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e958 [0219.568] GetCurrentThreadId () returned 0x6f8 [0219.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x7872f50, dwHighDateTime=0x1d6076d)) [0219.568] FindNextFileW (in: hFindFile=0x7e6e958, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0219.569] GetCurrentThreadId () returned 0x6f8 [0219.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x7872f50, dwHighDateTime=0x1d6076d)) [0219.569] FindNextFileW (in: hFindFile=0x7e6e958, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0219.569] GetCurrentThreadId () returned 0x6f8 [0219.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x7872f50, dwHighDateTime=0x1d6076d)) [0219.569] FindNextFileW (in: hFindFile=0x7e6e958, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 0 [0219.569] GetCurrentThreadId () returned 0x6f8 [0219.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x7872f50, dwHighDateTime=0x1d6076d)) [0219.569] FindNextFileW (in: hFindFile=0x7e6e918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0 [0219.569] GetCurrentThreadId () returned 0x6f8 [0219.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x78990b0, dwHighDateTime=0x1d6076d)) [0219.569] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0219.569] GetCurrentThreadId () returned 0x6f8 [0219.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x78990b0, dwHighDateTime=0x1d6076d)) [0219.569] GetCurrentThreadId () returned 0x6f8 [0219.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x78990b0, dwHighDateTime=0x1d6076d)) [0219.569] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0219.570] GetCurrentThreadId () returned 0x6f8 [0219.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x78990b0, dwHighDateTime=0x1d6076d)) [0219.570] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4de25850, ftCreationTime.dwHighDateTime=0x1d5e317, ftLastAccessTime.dwLowDateTime=0xb6e3efe0, ftLastAccessTime.dwHighDateTime=0x1d5df65, ftLastWriteTime.dwLowDateTime=0xb6e3efe0, ftLastWriteTime.dwHighDateTime=0x1d5df65, nFileSizeHigh=0x0, nFileSizeLow=0xa6a7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OgwjX5Eq.pptx", cAlternateFileName="OGWJX5~1.PPT")) returned 1 [0219.570] GetCurrentThreadId () returned 0x6f8 [0219.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x78990b0, dwHighDateTime=0x1d6076d)) [0219.570] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OgwjX5Eq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ogwjx5eq.pptx")) returned 0x20 [0219.570] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OgwjX5Eq.pptx", dwFileAttributes=0x80) returned 1 [0219.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OgwjX5Eq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ogwjx5eq.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10ec [0219.573] GetFileSize (in: hFile=0x10ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa6a7 [0219.577] ReadFile (in: hFile=0x10ec, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa6a7, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xa6a7, lpOverlapped=0x0) returned 1 [0219.579] GetCurrentThreadId () returned 0x6f8 [0219.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x78990b0, dwHighDateTime=0x1d6076d)) [0219.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x78990b0, dwHighDateTime=0x1d6076d)) [0219.579] GetCurrentThreadId () returned 0x6f8 [0219.579] CloseHandle (hObject=0x10ec) returned 1 [0219.579] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OgwjX5Eq.pptx", dwFileAttributes=0x20) returned 1 [0219.580] GetCurrentThreadId () returned 0x6f8 [0219.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x78990b0, dwHighDateTime=0x1d6076d)) [0219.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x78990b0, dwHighDateTime=0x1d6076d)) [0219.580] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OgwjX5Eq.pptx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OgwjX5Eq.pptx", piIcon=0x4e4f238) returned 0x15013f [0219.650] GetIconInfo (in: hIcon=0x15013f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0219.650] CreateFileW (lpFileName="cYcs.ico" (normalized: "c:\\windows\\system32\\cycs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0219.651] GetObjectA (in: h=0x6905019e, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0219.651] GetObjectA (in: h=0x2905076f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0219.651] CreateCompatibleDC (hdc=0x0) returned 0x610101a0 [0219.651] GetDIBits (in: hdc=0x610101a0, hbm=0x6905019e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0219.651] GetDIBits (in: hdc=0x610101a0, hbm=0x6905019e, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0219.652] GetDIBits (in: hdc=0x610101a0, hbm=0x6905019e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0219.652] GetDIBits (in: hdc=0x610101a0, hbm=0x2905076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0219.652] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0219.653] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0219.653] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0219.653] WriteFile (in: hFile=0x10f0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0219.653] WriteFile (in: hFile=0x10f0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0219.653] DeleteDC (hdc=0x610101a0) returned 1 [0219.653] CloseHandle (hObject=0x10f0) returned 1 [0219.654] DeleteObject (ho=0x6905019e) returned 1 [0219.654] DeleteObject (ho=0x2905076f) returned 1 [0219.654] DestroyCursor (hCursor=0x15013f) returned 1 [0219.654] GetCurrentThreadId () returned 0x6f8 [0219.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OgwjX5Eq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ogwjx5eq.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0219.654] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa6a7 [0219.659] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa6a7, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xa6a7, lpOverlapped=0x0) returned 1 [0219.660] CloseHandle (hObject=0x10f0) returned 1 [0219.660] GetCurrentThreadId () returned 0x6f8 [0219.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x7957790, dwHighDateTime=0x1d6076d)) [0219.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x7957790, dwHighDateTime=0x1d6076d)) [0219.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x7957790, dwHighDateTime=0x1d6076d)) [0219.995] GetCurrentThreadId () returned 0x6f8 [0219.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0219.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0219.995] GetCurrentThreadId () returned 0x6f8 [0219.995] CreateFileW (lpFileName="UAQG.exe" (normalized: "c:\\windows\\system32\\uaqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0219.996] CreateFileW (lpFileName="UAQG.exe" (normalized: "c:\\windows\\system32\\uaqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0219.996] GetCurrentThreadId () returned 0x6f8 [0219.996] GetCurrentThreadId () returned 0x6f8 [0219.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0219.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0219.996] CreateFileW (lpFileName="UAQG.exe" (normalized: "c:\\windows\\system32\\uaqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0219.996] GetCurrentThreadId () returned 0x6f8 [0219.997] BeginUpdateResourceW (pFileName="UAQG.exe" (normalized: "c:\\windows\\system32\\uaqg.exe"), bDeleteExistingResources=0) returned 0x0 [0219.997] CreateFileW (lpFileName="cYcs.ico" (normalized: "c:\\windows\\system32\\cycs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10f0 [0219.997] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0219.997] ReadFile (in: hFile=0x10f0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0219.997] CloseHandle (hObject=0x10f0) returned 1 [0219.997] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0219.997] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0219.997] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0219.998] CopyFileW (lpExistingFileName="UAQG.exe" (normalized: "c:\\windows\\system32\\uaqg.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OgwjX5Eq.pptx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ogwjx5eq.pptx.exe"), bFailIfExists=0) returned 0 [0219.998] SetNamedSecurityInfoW () returned 0x2 [0219.998] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OgwjX5Eq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ogwjx5eq.pptx")) returned 1 [0220.000] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6a, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6a, lpOverlapped=0x0) returned 1 [0220.000] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0220.000] DeleteFileW (lpFileName="cYcs.ico" (normalized: "c:\\windows\\system32\\cycs.ico")) returned 1 [0220.002] DeleteFileW (lpFileName="UAQG.exe" (normalized: "c:\\windows\\system32\\uaqg.exe")) returned 0 [0220.002] GetCurrentThreadId () returned 0x6f8 [0220.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.002] GetCurrentThreadId () returned 0x6f8 [0220.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.002] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x266cb750, ftCreationTime.dwHighDateTime=0x1d5e067, ftLastAccessTime.dwLowDateTime=0x1baefb60, ftLastAccessTime.dwHighDateTime=0x1d5e504, ftLastWriteTime.dwLowDateTime=0x1baefb60, ftLastWriteTime.dwHighDateTime=0x1d5e504, nFileSizeHigh=0x0, nFileSizeLow=0xe32d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="orK4KBZEkNKP6.pptx", cAlternateFileName="ORK4KB~1.PPT")) returned 1 [0220.002] GetCurrentThreadId () returned 0x6f8 [0220.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x7c9d5d0, dwHighDateTime=0x1d6076d)) [0220.002] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\orK4KBZEkNKP6.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ork4kbzeknkp6.pptx")) returned 0x20 [0220.054] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\orK4KBZEkNKP6.pptx", dwFileAttributes=0x80) returned 1 [0220.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\orK4KBZEkNKP6.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ork4kbzeknkp6.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0220.054] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe32d [0220.059] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xe32d, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xe32d, lpOverlapped=0x0) returned 1 [0220.062] GetCurrentThreadId () returned 0x6f8 [0220.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x7d35b50, dwHighDateTime=0x1d6076d)) [0220.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x7d35b50, dwHighDateTime=0x1d6076d)) [0220.062] GetCurrentThreadId () returned 0x6f8 [0220.062] CloseHandle (hObject=0x10f0) returned 1 [0220.062] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\orK4KBZEkNKP6.pptx", dwFileAttributes=0x20) returned 1 [0220.062] GetCurrentThreadId () returned 0x6f8 [0220.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x7d35b50, dwHighDateTime=0x1d6076d)) [0220.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x7d35b50, dwHighDateTime=0x1d6076d)) [0220.063] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\orK4KBZEkNKP6.pptx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\orK4KBZEkNKP6.pptx", piIcon=0x4e4f238) returned 0x16013f [0220.075] GetIconInfo (in: hIcon=0x16013f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0220.075] CreateFileW (lpFileName="gwgM.ico" (normalized: "c:\\windows\\system32\\gwgm.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10ec [0220.076] GetObjectA (in: h=0x310501a4, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0220.076] GetObjectA (in: h=0x3205008e, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0220.076] CreateCompatibleDC (hdc=0x0) returned 0x740101a2 [0220.076] GetDIBits (in: hdc=0x740101a2, hbm=0x310501a4, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0220.076] GetDIBits (in: hdc=0x740101a2, hbm=0x310501a4, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0220.076] GetDIBits (in: hdc=0x740101a2, hbm=0x310501a4, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0220.076] GetDIBits (in: hdc=0x740101a2, hbm=0x3205008e, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0220.076] WriteFile (in: hFile=0x10ec, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0220.077] WriteFile (in: hFile=0x10ec, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0220.077] WriteFile (in: hFile=0x10ec, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0220.078] WriteFile (in: hFile=0x10ec, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0220.078] WriteFile (in: hFile=0x10ec, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0220.078] DeleteDC (hdc=0x740101a2) returned 1 [0220.078] CloseHandle (hObject=0x10ec) returned 1 [0220.078] DeleteObject (ho=0x310501a4) returned 1 [0220.078] DeleteObject (ho=0x3205008e) returned 1 [0220.078] DestroyCursor (hCursor=0x16013f) returned 1 [0220.078] GetCurrentThreadId () returned 0x6f8 [0220.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\orK4KBZEkNKP6.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ork4kbzeknkp6.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10ec [0220.079] GetFileSize (in: hFile=0x10ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe32d [0220.084] ReadFile (in: hFile=0x10ec, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xe32d, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xe32d, lpOverlapped=0x0) returned 1 [0220.108] CloseHandle (hObject=0x10ec) returned 1 [0220.108] GetCurrentThreadId () returned 0x6f8 [0220.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x7da7f70, dwHighDateTime=0x1d6076d)) [0220.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x7da7f70, dwHighDateTime=0x1d6076d)) [0220.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x7da7f70, dwHighDateTime=0x1d6076d)) [0220.290] GetCurrentThreadId () returned 0x6f8 [0220.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x7f70ff0, dwHighDateTime=0x1d6076d)) [0220.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x7f70ff0, dwHighDateTime=0x1d6076d)) [0220.290] GetCurrentThreadId () returned 0x6f8 [0220.290] CreateFileW (lpFileName="GIsO.exe" (normalized: "c:\\windows\\system32\\giso.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.293] CreateFileW (lpFileName="GIsO.exe" (normalized: "c:\\windows\\system32\\giso.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.293] GetCurrentThreadId () returned 0x6f8 [0220.293] GetCurrentThreadId () returned 0x6f8 [0220.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x7f70ff0, dwHighDateTime=0x1d6076d)) [0220.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x7f70ff0, dwHighDateTime=0x1d6076d)) [0220.293] CreateFileW (lpFileName="GIsO.exe" (normalized: "c:\\windows\\system32\\giso.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.294] GetCurrentThreadId () returned 0x6f8 [0220.294] BeginUpdateResourceW (pFileName="GIsO.exe" (normalized: "c:\\windows\\system32\\giso.exe"), bDeleteExistingResources=0) returned 0x0 [0220.294] CreateFileW (lpFileName="gwgM.ico" (normalized: "c:\\windows\\system32\\gwgm.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10ec [0220.294] GetFileSize (in: hFile=0x10ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0220.294] ReadFile (in: hFile=0x10ec, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0220.294] CloseHandle (hObject=0x10ec) returned 1 [0220.294] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0220.294] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0220.294] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0220.294] CopyFileW (lpExistingFileName="GIsO.exe" (normalized: "c:\\windows\\system32\\giso.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\orK4KBZEkNKP6.pptx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ork4kbzeknkp6.pptx.exe"), bFailIfExists=0) returned 0 [0220.295] SetNamedSecurityInfoW () returned 0x2 [0220.295] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\orK4KBZEkNKP6.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ork4kbzeknkp6.pptx")) returned 1 [0220.297] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x74, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x74, lpOverlapped=0x0) returned 1 [0220.297] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0220.297] DeleteFileW (lpFileName="gwgM.ico" (normalized: "c:\\windows\\system32\\gwgm.ico")) returned 1 [0220.299] DeleteFileW (lpFileName="GIsO.exe" (normalized: "c:\\windows\\system32\\giso.exe")) returned 0 [0220.299] GetCurrentThreadId () returned 0x6f8 [0220.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x7f70ff0, dwHighDateTime=0x1d6076d)) [0220.299] GetCurrentThreadId () returned 0x6f8 [0220.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x7f70ff0, dwHighDateTime=0x1d6076d)) [0220.299] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0220.299] GetCurrentThreadId () returned 0x6f8 [0220.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x7f70ff0, dwHighDateTime=0x1d6076d)) [0220.299] GetCurrentThreadId () returned 0x6f8 [0220.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x7f70ff0, dwHighDateTime=0x1d6076d)) [0220.299] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e998 [0220.335] GetCurrentThreadId () returned 0x6f8 [0220.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x7fe3410, dwHighDateTime=0x1d6076d)) [0220.335] FindNextFileW (in: hFindFile=0x7e6e998, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.335] GetCurrentThreadId () returned 0x6f8 [0220.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x7fe3410, dwHighDateTime=0x1d6076d)) [0220.335] FindNextFileW (in: hFindFile=0x7e6e998, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0220.335] GetCurrentThreadId () returned 0x6f8 [0220.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x7fe3410, dwHighDateTime=0x1d6076d)) [0220.335] FindNextFileW (in: hFindFile=0x7e6e998, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0 [0220.335] GetCurrentThreadId () returned 0x6f8 [0220.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x7fe3410, dwHighDateTime=0x1d6076d)) [0220.335] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb49352c0, ftCreationTime.dwHighDateTime=0x1d5dead, ftLastAccessTime.dwLowDateTime=0x91c91f00, ftLastAccessTime.dwHighDateTime=0x1d5e26c, ftLastWriteTime.dwLowDateTime=0x91c91f00, ftLastWriteTime.dwHighDateTime=0x1d5e26c, nFileSizeHigh=0x0, nFileSizeLow=0x332c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PLtGkcFm3nh.pdf", cAlternateFileName="PLTGKC~1.PDF")) returned 1 [0220.335] GetCurrentThreadId () returned 0x6f8 [0220.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x7fe3410, dwHighDateTime=0x1d6076d)) [0220.335] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PLtGkcFm3nh.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pltgkcfm3nh.pdf")) returned 0x20 [0220.336] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PLtGkcFm3nh.pdf", dwFileAttributes=0x80) returned 1 [0220.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PLtGkcFm3nh.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pltgkcfm3nh.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0220.336] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x332c [0220.341] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x332c, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x332c, lpOverlapped=0x0) returned 1 [0220.395] GetCurrentThreadId () returned 0x6f8 [0220.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x8055830, dwHighDateTime=0x1d6076d)) [0220.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x8055830, dwHighDateTime=0x1d6076d)) [0220.395] GetCurrentThreadId () returned 0x6f8 [0220.395] CloseHandle (hObject=0x10f0) returned 1 [0220.395] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PLtGkcFm3nh.pdf", dwFileAttributes=0x20) returned 1 [0220.396] GetCurrentThreadId () returned 0x6f8 [0220.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x8055830, dwHighDateTime=0x1d6076d)) [0220.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x807b990, dwHighDateTime=0x1d6076d)) [0220.396] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PLtGkcFm3nh.pdf", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PLtGkcFm3nh.pdf", piIcon=0x4e4f238) returned 0x17013f [0220.408] GetIconInfo (in: hIcon=0x17013f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0220.408] CreateFileW (lpFileName="IqME.ico" (normalized: "c:\\windows\\system32\\iqme.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0220.409] GetObjectA (in: h=0x2c05076f, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0220.409] GetObjectA (in: h=0x6e05019e, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0220.409] CreateCompatibleDC (hdc=0x0) returned 0x730101b7 [0220.409] GetDIBits (in: hdc=0x730101b7, hbm=0x2c05076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0220.409] GetDIBits (in: hdc=0x730101b7, hbm=0x2c05076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0220.409] GetDIBits (in: hdc=0x730101b7, hbm=0x2c05076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0220.409] GetDIBits (in: hdc=0x730101b7, hbm=0x6e05019e, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0220.409] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0220.410] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0220.410] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0220.410] WriteFile (in: hFile=0x10f4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0220.411] WriteFile (in: hFile=0x10f4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0220.411] DeleteDC (hdc=0x730101b7) returned 1 [0220.411] CloseHandle (hObject=0x10f4) returned 1 [0220.411] DeleteObject (ho=0x2c05076f) returned 1 [0220.411] DeleteObject (ho=0x6e05019e) returned 1 [0220.411] DestroyCursor (hCursor=0x17013f) returned 1 [0220.411] GetCurrentThreadId () returned 0x6f8 [0220.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PLtGkcFm3nh.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pltgkcfm3nh.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0220.411] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x332c [0220.417] ReadFile (in: hFile=0x10f4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x332c, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x332c, lpOverlapped=0x0) returned 1 [0220.417] CloseHandle (hObject=0x10f4) returned 1 [0220.417] GetCurrentThreadId () returned 0x6f8 [0220.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x80a1af0, dwHighDateTime=0x1d6076d)) [0220.418] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x80a1af0, dwHighDateTime=0x1d6076d)) [0220.418] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x80a1af0, dwHighDateTime=0x1d6076d)) [0220.515] GetCurrentThreadId () returned 0x6f8 [0220.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x8186330, dwHighDateTime=0x1d6076d)) [0220.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x8186330, dwHighDateTime=0x1d6076d)) [0220.515] GetCurrentThreadId () returned 0x6f8 [0220.515] CreateFileW (lpFileName="CgAw.exe" (normalized: "c:\\windows\\system32\\cgaw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.516] CreateFileW (lpFileName="CgAw.exe" (normalized: "c:\\windows\\system32\\cgaw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.516] GetCurrentThreadId () returned 0x6f8 [0220.516] GetCurrentThreadId () returned 0x6f8 [0220.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x8186330, dwHighDateTime=0x1d6076d)) [0220.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x8186330, dwHighDateTime=0x1d6076d)) [0220.517] CreateFileW (lpFileName="CgAw.exe" (normalized: "c:\\windows\\system32\\cgaw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.517] GetCurrentThreadId () returned 0x6f8 [0220.517] BeginUpdateResourceW (pFileName="CgAw.exe" (normalized: "c:\\windows\\system32\\cgaw.exe"), bDeleteExistingResources=0) returned 0x0 [0220.517] CreateFileW (lpFileName="IqME.ico" (normalized: "c:\\windows\\system32\\iqme.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10f4 [0220.517] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0220.517] ReadFile (in: hFile=0x10f4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0220.517] CloseHandle (hObject=0x10f4) returned 1 [0220.517] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0220.518] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0220.518] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0220.518] CopyFileW (lpExistingFileName="CgAw.exe" (normalized: "c:\\windows\\system32\\cgaw.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PLtGkcFm3nh.pdf.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pltgkcfm3nh.pdf.exe"), bFailIfExists=0) returned 0 [0220.518] SetNamedSecurityInfoW () returned 0x2 [0220.518] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PLtGkcFm3nh.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pltgkcfm3nh.pdf")) returned 1 [0220.536] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6e, lpOverlapped=0x0) returned 1 [0220.536] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0220.536] DeleteFileW (lpFileName="IqME.ico" (normalized: "c:\\windows\\system32\\iqme.ico")) returned 1 [0220.538] DeleteFileW (lpFileName="CgAw.exe" (normalized: "c:\\windows\\system32\\cgaw.exe")) returned 0 [0220.538] GetCurrentThreadId () returned 0x6f8 [0220.538] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x81d25f0, dwHighDateTime=0x1d6076d)) [0220.538] GetCurrentThreadId () returned 0x6f8 [0220.538] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x81d25f0, dwHighDateTime=0x1d6076d)) [0220.538] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3bd70c0, ftCreationTime.dwHighDateTime=0x1d58dea, ftLastAccessTime.dwLowDateTime=0x2ecd2860, ftLastAccessTime.dwHighDateTime=0x1d598d9, ftLastWriteTime.dwLowDateTime=0x2ecd2860, ftLastWriteTime.dwHighDateTime=0x1d598d9, nFileSizeHigh=0x0, nFileSizeLow=0x237e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pua8_NLTYZ.pptx", cAlternateFileName="PUA8_N~1.PPT")) returned 1 [0220.538] GetCurrentThreadId () returned 0x6f8 [0220.538] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x81d25f0, dwHighDateTime=0x1d6076d)) [0220.538] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pua8_NLTYZ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pua8_nltyz.pptx")) returned 0x20 [0220.540] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pua8_NLTYZ.pptx", dwFileAttributes=0x80) returned 1 [0220.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pua8_NLTYZ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pua8_nltyz.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0220.540] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x237e [0220.545] ReadFile (in: hFile=0x10f4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x237e, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x237e, lpOverlapped=0x0) returned 1 [0220.547] GetCurrentThreadId () returned 0x6f8 [0220.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x81d25f0, dwHighDateTime=0x1d6076d)) [0220.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x81d25f0, dwHighDateTime=0x1d6076d)) [0220.547] GetCurrentThreadId () returned 0x6f8 [0220.547] CloseHandle (hObject=0x10f4) returned 1 [0220.547] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pua8_NLTYZ.pptx", dwFileAttributes=0x20) returned 1 [0220.547] GetCurrentThreadId () returned 0x6f8 [0220.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x81d25f0, dwHighDateTime=0x1d6076d)) [0220.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x81d25f0, dwHighDateTime=0x1d6076d)) [0220.548] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pua8_NLTYZ.pptx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pua8_NLTYZ.pptx", piIcon=0x4e4f238) returned 0x18013f [0220.558] GetIconInfo (in: hIcon=0x18013f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0220.558] CreateFileW (lpFileName="UAYI.ico" (normalized: "c:\\windows\\system32\\uayi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0220.559] GetObjectA (in: h=0x3505008e, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0220.559] GetObjectA (in: h=0x360501a4, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0220.559] CreateCompatibleDC (hdc=0x0) returned 0x930101b3 [0220.559] GetDIBits (in: hdc=0x930101b3, hbm=0x3505008e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0220.559] GetDIBits (in: hdc=0x930101b3, hbm=0x3505008e, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0220.559] GetDIBits (in: hdc=0x930101b3, hbm=0x3505008e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0220.560] GetDIBits (in: hdc=0x930101b3, hbm=0x360501a4, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0220.560] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0220.561] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0220.561] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0220.561] WriteFile (in: hFile=0x10f0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0220.561] WriteFile (in: hFile=0x10f0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0220.561] DeleteDC (hdc=0x930101b3) returned 1 [0220.561] CloseHandle (hObject=0x10f0) returned 1 [0220.562] DeleteObject (ho=0x3505008e) returned 1 [0220.562] DeleteObject (ho=0x360501a4) returned 1 [0220.562] DestroyCursor (hCursor=0x18013f) returned 1 [0220.562] GetCurrentThreadId () returned 0x6f8 [0220.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pua8_NLTYZ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pua8_nltyz.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0220.562] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x237e [0220.567] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x237e, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x237e, lpOverlapped=0x0) returned 1 [0220.567] CloseHandle (hObject=0x10f0) returned 1 [0220.567] GetCurrentThreadId () returned 0x6f8 [0220.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x81f8750, dwHighDateTime=0x1d6076d)) [0220.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x81f8750, dwHighDateTime=0x1d6076d)) [0220.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x81f8750, dwHighDateTime=0x1d6076d)) [0220.827] GetCurrentThreadId () returned 0x6f8 [0220.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x847feb0, dwHighDateTime=0x1d6076d)) [0220.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x847feb0, dwHighDateTime=0x1d6076d)) [0220.827] GetCurrentThreadId () returned 0x6f8 [0220.828] CreateFileW (lpFileName="ywoK.exe" (normalized: "c:\\windows\\system32\\ywok.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.829] CreateFileW (lpFileName="ywoK.exe" (normalized: "c:\\windows\\system32\\ywok.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.830] GetCurrentThreadId () returned 0x6f8 [0220.830] GetCurrentThreadId () returned 0x6f8 [0220.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x847feb0, dwHighDateTime=0x1d6076d)) [0220.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x847feb0, dwHighDateTime=0x1d6076d)) [0220.830] CreateFileW (lpFileName="ywoK.exe" (normalized: "c:\\windows\\system32\\ywok.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.830] GetCurrentThreadId () returned 0x6f8 [0220.830] BeginUpdateResourceW (pFileName="ywoK.exe" (normalized: "c:\\windows\\system32\\ywok.exe"), bDeleteExistingResources=0) returned 0x0 [0220.830] CreateFileW (lpFileName="UAYI.ico" (normalized: "c:\\windows\\system32\\uayi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10f0 [0220.830] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0220.830] ReadFile (in: hFile=0x10f0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0220.831] CloseHandle (hObject=0x10f0) returned 1 [0220.831] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0220.831] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0220.831] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0220.831] CopyFileW (lpExistingFileName="ywoK.exe" (normalized: "c:\\windows\\system32\\ywok.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pua8_NLTYZ.pptx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pua8_nltyz.pptx.exe"), bFailIfExists=0) returned 0 [0220.831] SetNamedSecurityInfoW () returned 0x2 [0220.831] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pua8_NLTYZ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pua8_nltyz.pptx")) returned 1 [0220.833] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6e, lpOverlapped=0x0) returned 1 [0220.833] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0220.834] DeleteFileW (lpFileName="UAYI.ico" (normalized: "c:\\windows\\system32\\uayi.ico")) returned 1 [0220.835] DeleteFileW (lpFileName="ywoK.exe" (normalized: "c:\\windows\\system32\\ywok.exe")) returned 0 [0220.835] GetCurrentThreadId () returned 0x6f8 [0220.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x84a6010, dwHighDateTime=0x1d6076d)) [0220.835] GetCurrentThreadId () returned 0x6f8 [0220.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x84a6010, dwHighDateTime=0x1d6076d)) [0220.835] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadeeba40, ftCreationTime.dwHighDateTime=0x1d5e7b8, ftLastAccessTime.dwLowDateTime=0x62a07440, ftLastAccessTime.dwHighDateTime=0x1d5d988, ftLastWriteTime.dwLowDateTime=0x62a07440, ftLastWriteTime.dwHighDateTime=0x1d5d988, nFileSizeHigh=0x0, nFileSizeLow=0x248b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="QGwg-CgcTy.pps", cAlternateFileName="QGWG-C~1.PPS")) returned 1 [0220.835] GetCurrentThreadId () returned 0x6f8 [0220.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x84a6010, dwHighDateTime=0x1d6076d)) [0220.835] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6dfd7060, ftCreationTime.dwHighDateTime=0x1d5bdd4, ftLastAccessTime.dwLowDateTime=0x42ac1b20, ftLastAccessTime.dwHighDateTime=0x1d57570, ftLastWriteTime.dwLowDateTime=0x42ac1b20, ftLastWriteTime.dwHighDateTime=0x1d57570, nFileSizeHigh=0x0, nFileSizeLow=0x17841, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RnnR-.xlsx", cAlternateFileName="RNNR-~1.XLS")) returned 1 [0220.835] GetCurrentThreadId () returned 0x6f8 [0220.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x84a6010, dwHighDateTime=0x1d6076d)) [0220.836] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RnnR-.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnnr-.xlsx")) returned 0x20 [0220.836] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RnnR-.xlsx", dwFileAttributes=0x80) returned 1 [0220.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RnnR-.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnnr-.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0220.836] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17841 [0220.841] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x17841, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x17841, lpOverlapped=0x0) returned 1 [0220.843] GetCurrentThreadId () returned 0x6f8 [0220.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x84a6010, dwHighDateTime=0x1d6076d)) [0220.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x84a6010, dwHighDateTime=0x1d6076d)) [0220.843] GetCurrentThreadId () returned 0x6f8 [0220.844] CloseHandle (hObject=0x10f0) returned 1 [0220.844] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RnnR-.xlsx", dwFileAttributes=0x20) returned 1 [0220.844] GetCurrentThreadId () returned 0x6f8 [0220.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x84a6010, dwHighDateTime=0x1d6076d)) [0220.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x84a6010, dwHighDateTime=0x1d6076d)) [0220.845] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RnnR-.xlsx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RnnR-.xlsx", piIcon=0x4e4f238) returned 0x19013f [0220.857] GetIconInfo (in: hIcon=0x19013f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0220.857] CreateFileW (lpFileName="CmMk.ico" (normalized: "c:\\windows\\system32\\cmmk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0220.858] GetObjectA (in: h=0x7105019e, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0220.858] GetObjectA (in: h=0x3105076f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0220.858] CreateCompatibleDC (hdc=0x0) returned 0x45010736 [0220.858] GetDIBits (in: hdc=0x45010736, hbm=0x7105019e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0220.858] GetDIBits (in: hdc=0x45010736, hbm=0x7105019e, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0220.858] GetDIBits (in: hdc=0x45010736, hbm=0x7105019e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0220.858] GetDIBits (in: hdc=0x45010736, hbm=0x3105076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0220.858] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0220.859] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0220.860] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0220.860] WriteFile (in: hFile=0x10f4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0220.860] WriteFile (in: hFile=0x10f4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0220.860] DeleteDC (hdc=0x45010736) returned 1 [0220.860] CloseHandle (hObject=0x10f4) returned 1 [0220.861] DeleteObject (ho=0x7105019e) returned 1 [0220.861] DeleteObject (ho=0x3105076f) returned 1 [0220.861] DestroyCursor (hCursor=0x19013f) returned 1 [0220.861] GetCurrentThreadId () returned 0x6f8 [0220.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RnnR-.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnnr-.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0220.861] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17841 [0220.866] ReadFile (in: hFile=0x10f4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x17841, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x17841, lpOverlapped=0x0) returned 1 [0220.866] CloseHandle (hObject=0x10f4) returned 1 [0220.866] GetCurrentThreadId () returned 0x6f8 [0220.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x84f22d0, dwHighDateTime=0x1d6076d)) [0220.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x84f22d0, dwHighDateTime=0x1d6076d)) [0220.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x84f22d0, dwHighDateTime=0x1d6076d)) [0220.939] GetCurrentThreadId () returned 0x6f8 [0220.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x858a850, dwHighDateTime=0x1d6076d)) [0220.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x858a850, dwHighDateTime=0x1d6076d)) [0220.939] GetCurrentThreadId () returned 0x6f8 [0220.939] CreateFileW (lpFileName="Wsom.exe" (normalized: "c:\\windows\\system32\\wsom.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.940] CreateFileW (lpFileName="Wsom.exe" (normalized: "c:\\windows\\system32\\wsom.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.940] GetCurrentThreadId () returned 0x6f8 [0220.940] GetCurrentThreadId () returned 0x6f8 [0220.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x858a850, dwHighDateTime=0x1d6076d)) [0220.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x858a850, dwHighDateTime=0x1d6076d)) [0220.940] CreateFileW (lpFileName="Wsom.exe" (normalized: "c:\\windows\\system32\\wsom.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.940] GetCurrentThreadId () returned 0x6f8 [0220.940] BeginUpdateResourceW (pFileName="Wsom.exe" (normalized: "c:\\windows\\system32\\wsom.exe"), bDeleteExistingResources=0) returned 0x0 [0220.940] CreateFileW (lpFileName="CmMk.ico" (normalized: "c:\\windows\\system32\\cmmk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10f4 [0220.941] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0220.941] ReadFile (in: hFile=0x10f4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0220.941] CloseHandle (hObject=0x10f4) returned 1 [0220.941] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0220.941] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0220.941] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0220.941] CopyFileW (lpExistingFileName="Wsom.exe" (normalized: "c:\\windows\\system32\\wsom.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RnnR-.xlsx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnnr-.xlsx.exe"), bFailIfExists=0) returned 0 [0220.941] SetNamedSecurityInfoW () returned 0x2 [0220.942] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RnnR-.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnnr-.xlsx")) returned 1 [0220.944] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x64, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x64, lpOverlapped=0x0) returned 1 [0220.944] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0220.944] DeleteFileW (lpFileName="CmMk.ico" (normalized: "c:\\windows\\system32\\cmmk.ico")) returned 1 [0220.945] DeleteFileW (lpFileName="Wsom.exe" (normalized: "c:\\windows\\system32\\wsom.exe")) returned 0 [0220.945] GetCurrentThreadId () returned 0x6f8 [0220.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x85b09b0, dwHighDateTime=0x1d6076d)) [0220.945] GetCurrentThreadId () returned 0x6f8 [0220.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x85b09b0, dwHighDateTime=0x1d6076d)) [0220.945] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x171d76a0, ftCreationTime.dwHighDateTime=0x1d5a36c, ftLastAccessTime.dwLowDateTime=0x3e716ea0, ftLastAccessTime.dwHighDateTime=0x1d58f4e, ftLastWriteTime.dwLowDateTime=0x3e716ea0, ftLastWriteTime.dwHighDateTime=0x1d58f4e, nFileSizeHigh=0x0, nFileSizeLow=0x4095, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SosFgWq6fny qM.docx", cAlternateFileName="SOSFGW~1.DOC")) returned 1 [0220.945] GetCurrentThreadId () returned 0x6f8 [0220.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x85b09b0, dwHighDateTime=0x1d6076d)) [0220.945] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SosFgWq6fny qM.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sosfgwq6fny qm.docx")) returned 0x20 [0220.947] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SosFgWq6fny qM.docx", dwFileAttributes=0x80) returned 1 [0220.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SosFgWq6fny qM.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sosfgwq6fny qm.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0220.947] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4095 [0220.952] ReadFile (in: hFile=0x10f4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x4095, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x4095, lpOverlapped=0x0) returned 1 [0220.954] GetCurrentThreadId () returned 0x6f8 [0220.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x85b09b0, dwHighDateTime=0x1d6076d)) [0220.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x85b09b0, dwHighDateTime=0x1d6076d)) [0220.954] GetCurrentThreadId () returned 0x6f8 [0220.954] CloseHandle (hObject=0x10f4) returned 1 [0220.954] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SosFgWq6fny qM.docx", dwFileAttributes=0x20) returned 1 [0220.954] GetCurrentThreadId () returned 0x6f8 [0220.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x85b09b0, dwHighDateTime=0x1d6076d)) [0220.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x85b09b0, dwHighDateTime=0x1d6076d)) [0220.954] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SosFgWq6fny qM.docx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SosFgWq6fny qM.docx", piIcon=0x4e4f238) returned 0x1a013f [0220.964] GetIconInfo (in: hIcon=0x1a013f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0220.964] CreateFileW (lpFileName="WeQc.ico" (normalized: "c:\\windows\\system32\\weqc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0220.964] GetObjectA (in: h=0x390501a4, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0220.964] GetObjectA (in: h=0x3a05008e, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0220.964] CreateCompatibleDC (hdc=0x0) returned 0x6e0101a0 [0220.964] GetDIBits (in: hdc=0x6e0101a0, hbm=0x390501a4, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0220.965] GetDIBits (in: hdc=0x6e0101a0, hbm=0x390501a4, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0220.965] GetDIBits (in: hdc=0x6e0101a0, hbm=0x390501a4, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0220.965] GetDIBits (in: hdc=0x6e0101a0, hbm=0x3a05008e, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0220.965] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0220.966] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0220.966] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0220.966] WriteFile (in: hFile=0x10f0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0220.966] WriteFile (in: hFile=0x10f0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0220.966] DeleteDC (hdc=0x6e0101a0) returned 1 [0220.966] CloseHandle (hObject=0x10f0) returned 1 [0220.967] DeleteObject (ho=0x390501a4) returned 1 [0220.967] DeleteObject (ho=0x3a05008e) returned 1 [0220.967] DestroyCursor (hCursor=0x1a013f) returned 1 [0220.967] GetCurrentThreadId () returned 0x6f8 [0220.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SosFgWq6fny qM.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sosfgwq6fny qm.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0220.967] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4095 [0220.971] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x4095, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x4095, lpOverlapped=0x0) returned 1 [0220.971] CloseHandle (hObject=0x10f0) returned 1 [0220.972] GetCurrentThreadId () returned 0x6f8 [0220.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x85d6b10, dwHighDateTime=0x1d6076d)) [0220.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x85d6b10, dwHighDateTime=0x1d6076d)) [0220.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x85d6b10, dwHighDateTime=0x1d6076d)) [0221.106] GetCurrentThreadId () returned 0x6f8 [0221.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x872d770, dwHighDateTime=0x1d6076d)) [0221.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x872d770, dwHighDateTime=0x1d6076d)) [0221.106] GetCurrentThreadId () returned 0x6f8 [0221.106] CreateFileW (lpFileName="CwMe.exe" (normalized: "c:\\windows\\system32\\cwme.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.107] CreateFileW (lpFileName="CwMe.exe" (normalized: "c:\\windows\\system32\\cwme.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.108] GetCurrentThreadId () returned 0x6f8 [0221.108] GetCurrentThreadId () returned 0x6f8 [0221.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x872d770, dwHighDateTime=0x1d6076d)) [0221.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x872d770, dwHighDateTime=0x1d6076d)) [0221.108] CreateFileW (lpFileName="CwMe.exe" (normalized: "c:\\windows\\system32\\cwme.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.108] GetCurrentThreadId () returned 0x6f8 [0221.108] BeginUpdateResourceW (pFileName="CwMe.exe" (normalized: "c:\\windows\\system32\\cwme.exe"), bDeleteExistingResources=0) returned 0x0 [0221.108] CreateFileW (lpFileName="WeQc.ico" (normalized: "c:\\windows\\system32\\weqc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10f0 [0221.108] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0221.109] ReadFile (in: hFile=0x10f0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0221.109] CloseHandle (hObject=0x10f0) returned 1 [0221.109] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0221.109] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0221.109] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0221.109] CopyFileW (lpExistingFileName="CwMe.exe" (normalized: "c:\\windows\\system32\\cwme.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SosFgWq6fny qM.docx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sosfgwq6fny qm.docx.exe"), bFailIfExists=0) returned 0 [0221.109] SetNamedSecurityInfoW () returned 0x2 [0221.109] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SosFgWq6fny qM.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sosfgwq6fny qm.docx")) returned 1 [0221.114] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x78, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x78, lpOverlapped=0x0) returned 1 [0221.114] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0221.114] DeleteFileW (lpFileName="WeQc.ico" (normalized: "c:\\windows\\system32\\weqc.ico")) returned 1 [0221.116] DeleteFileW (lpFileName="CwMe.exe" (normalized: "c:\\windows\\system32\\cwme.exe")) returned 0 [0221.116] GetCurrentThreadId () returned 0x6f8 [0221.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x87538d0, dwHighDateTime=0x1d6076d)) [0221.116] GetCurrentThreadId () returned 0x6f8 [0221.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x87538d0, dwHighDateTime=0x1d6076d)) [0221.116] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47262370, ftCreationTime.dwHighDateTime=0x1d5e2fe, ftLastAccessTime.dwLowDateTime=0x37b966c0, ftLastAccessTime.dwHighDateTime=0x1d5e03a, ftLastWriteTime.dwLowDateTime=0x37b966c0, ftLastWriteTime.dwHighDateTime=0x1d5e03a, nFileSizeHigh=0x0, nFileSizeLow=0xfbbb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Thw_Guqp2Q.ods", cAlternateFileName="THW_GU~1.ODS")) returned 1 [0221.116] GetCurrentThreadId () returned 0x6f8 [0221.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x87538d0, dwHighDateTime=0x1d6076d)) [0221.116] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1cc31eb0, ftCreationTime.dwHighDateTime=0x1d5b4d9, ftLastAccessTime.dwLowDateTime=0xb5039ab0, ftLastAccessTime.dwHighDateTime=0x1d571d6, ftLastWriteTime.dwLowDateTime=0xb5039ab0, ftLastWriteTime.dwHighDateTime=0x1d571d6, nFileSizeHigh=0x0, nFileSizeLow=0x8d86, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ua2D 6djdE_2ie.pptx", cAlternateFileName="UA2D6D~1.PPT")) returned 1 [0221.116] GetCurrentThreadId () returned 0x6f8 [0221.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x87538d0, dwHighDateTime=0x1d6076d)) [0221.116] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ua2D 6djdE_2ie.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ua2d 6djde_2ie.pptx")) returned 0x20 [0221.116] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ua2D 6djdE_2ie.pptx", dwFileAttributes=0x80) returned 1 [0221.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ua2D 6djdE_2ie.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ua2d 6djde_2ie.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0221.117] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8d86 [0221.122] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x8d86, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x8d86, lpOverlapped=0x0) returned 1 [0221.124] GetCurrentThreadId () returned 0x6f8 [0221.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x87538d0, dwHighDateTime=0x1d6076d)) [0221.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x87538d0, dwHighDateTime=0x1d6076d)) [0221.124] GetCurrentThreadId () returned 0x6f8 [0221.124] CloseHandle (hObject=0x10f0) returned 1 [0221.124] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ua2D 6djdE_2ie.pptx", dwFileAttributes=0x20) returned 1 [0221.124] GetCurrentThreadId () returned 0x6f8 [0221.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x87538d0, dwHighDateTime=0x1d6076d)) [0221.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x87538d0, dwHighDateTime=0x1d6076d)) [0221.125] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ua2D 6djdE_2ie.pptx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ua2D 6djdE_2ie.pptx", piIcon=0x4e4f238) returned 0x1b013f [0221.136] GetIconInfo (in: hIcon=0x1b013f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0221.136] CreateFileW (lpFileName="SekQ.ico" (normalized: "c:\\windows\\system32\\sekq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0221.137] GetObjectA (in: h=0x3405076f, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0221.137] GetObjectA (in: h=0x7605019e, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0221.137] CreateCompatibleDC (hdc=0x0) returned 0x810101a2 [0221.137] GetDIBits (in: hdc=0x810101a2, hbm=0x3405076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0221.137] GetDIBits (in: hdc=0x810101a2, hbm=0x3405076f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0221.137] GetDIBits (in: hdc=0x810101a2, hbm=0x3405076f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0221.137] GetDIBits (in: hdc=0x810101a2, hbm=0x7605019e, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0221.137] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0221.138] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0221.138] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0221.139] WriteFile (in: hFile=0x10f4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0221.139] WriteFile (in: hFile=0x10f4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0221.139] DeleteDC (hdc=0x810101a2) returned 1 [0221.139] CloseHandle (hObject=0x10f4) returned 1 [0221.139] DeleteObject (ho=0x3405076f) returned 1 [0221.139] DeleteObject (ho=0x7605019e) returned 1 [0221.139] DestroyCursor (hCursor=0x1b013f) returned 1 [0221.139] GetCurrentThreadId () returned 0x6f8 [0221.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ua2D 6djdE_2ie.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ua2d 6djde_2ie.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0221.140] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8d86 [0221.144] ReadFile (in: hFile=0x10f4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x8d86, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x8d86, lpOverlapped=0x0) returned 1 [0221.146] CloseHandle (hObject=0x10f4) returned 1 [0221.146] GetCurrentThreadId () returned 0x6f8 [0221.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x879fb90, dwHighDateTime=0x1d6076d)) [0221.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x879fb90, dwHighDateTime=0x1d6076d)) [0221.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x879fb90, dwHighDateTime=0x1d6076d)) [0221.274] GetCurrentThreadId () returned 0x6f8 [0221.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x88d0690, dwHighDateTime=0x1d6076d)) [0221.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x88d0690, dwHighDateTime=0x1d6076d)) [0221.275] GetCurrentThreadId () returned 0x6f8 [0221.275] CreateFileW (lpFileName="oQYq.exe" (normalized: "c:\\windows\\system32\\oqyq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.275] CreateFileW (lpFileName="oQYq.exe" (normalized: "c:\\windows\\system32\\oqyq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.276] GetCurrentThreadId () returned 0x6f8 [0221.276] GetCurrentThreadId () returned 0x6f8 [0221.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x88d0690, dwHighDateTime=0x1d6076d)) [0221.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x88d0690, dwHighDateTime=0x1d6076d)) [0221.276] CreateFileW (lpFileName="oQYq.exe" (normalized: "c:\\windows\\system32\\oqyq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.276] GetCurrentThreadId () returned 0x6f8 [0221.276] BeginUpdateResourceW (pFileName="oQYq.exe" (normalized: "c:\\windows\\system32\\oqyq.exe"), bDeleteExistingResources=0) returned 0x0 [0221.276] CreateFileW (lpFileName="SekQ.ico" (normalized: "c:\\windows\\system32\\sekq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10f4 [0221.276] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0221.276] ReadFile (in: hFile=0x10f4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0221.277] CloseHandle (hObject=0x10f4) returned 1 [0221.277] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0221.277] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0221.277] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0221.277] CopyFileW (lpExistingFileName="oQYq.exe" (normalized: "c:\\windows\\system32\\oqyq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ua2D 6djdE_2ie.pptx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ua2d 6djde_2ie.pptx.exe"), bFailIfExists=0) returned 0 [0221.277] SetNamedSecurityInfoW () returned 0x2 [0221.277] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ua2D 6djdE_2ie.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ua2d 6djde_2ie.pptx")) returned 1 [0221.279] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x76, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x76, lpOverlapped=0x0) returned 1 [0221.279] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0221.280] DeleteFileW (lpFileName="SekQ.ico" (normalized: "c:\\windows\\system32\\sekq.ico")) returned 1 [0221.281] DeleteFileW (lpFileName="oQYq.exe" (normalized: "c:\\windows\\system32\\oqyq.exe")) returned 0 [0221.281] GetCurrentThreadId () returned 0x6f8 [0221.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x88d0690, dwHighDateTime=0x1d6076d)) [0221.281] GetCurrentThreadId () returned 0x6f8 [0221.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x88d0690, dwHighDateTime=0x1d6076d)) [0221.281] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ad67170, ftCreationTime.dwHighDateTime=0x1d5b7ba, ftLastAccessTime.dwLowDateTime=0x90e47760, ftLastAccessTime.dwHighDateTime=0x1d58dd5, ftLastWriteTime.dwLowDateTime=0x90e47760, ftLastWriteTime.dwHighDateTime=0x1d58dd5, nFileSizeHigh=0x0, nFileSizeLow=0x17687, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usTFGNw.docx", cAlternateFileName="USTFGN~1.DOC")) returned 1 [0221.281] GetCurrentThreadId () returned 0x6f8 [0221.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x88d0690, dwHighDateTime=0x1d6076d)) [0221.281] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\usTFGNw.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ustfgnw.docx")) returned 0x20 [0221.282] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\usTFGNw.docx", dwFileAttributes=0x80) returned 1 [0221.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\usTFGNw.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ustfgnw.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0221.282] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17687 [0221.287] ReadFile (in: hFile=0x10f4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x17687, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x17687, lpOverlapped=0x0) returned 1 [0221.289] GetCurrentThreadId () returned 0x6f8 [0221.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x88f67f0, dwHighDateTime=0x1d6076d)) [0221.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x88f67f0, dwHighDateTime=0x1d6076d)) [0221.289] GetCurrentThreadId () returned 0x6f8 [0221.290] CloseHandle (hObject=0x10f4) returned 1 [0221.290] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\usTFGNw.docx", dwFileAttributes=0x20) returned 1 [0221.290] GetCurrentThreadId () returned 0x6f8 [0221.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x88f67f0, dwHighDateTime=0x1d6076d)) [0221.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x88f67f0, dwHighDateTime=0x1d6076d)) [0221.291] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\usTFGNw.docx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\usTFGNw.docx", piIcon=0x4e4f238) returned 0x1c013f [0221.302] GetIconInfo (in: hIcon=0x1c013f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0221.303] CreateFileW (lpFileName="AuIo.ico" (normalized: "c:\\windows\\system32\\auio.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0221.304] GetObjectA (in: h=0x3d05008e, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0221.304] GetObjectA (in: h=0x3e0501a4, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0221.304] CreateCompatibleDC (hdc=0x0) returned 0x800101b7 [0221.304] GetDIBits (in: hdc=0x800101b7, hbm=0x3d05008e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0221.304] GetDIBits (in: hdc=0x800101b7, hbm=0x3d05008e, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0221.304] GetDIBits (in: hdc=0x800101b7, hbm=0x3d05008e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0221.305] GetDIBits (in: hdc=0x800101b7, hbm=0x3e0501a4, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0221.305] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0221.306] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0221.306] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0221.306] WriteFile (in: hFile=0x10f0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0221.306] WriteFile (in: hFile=0x10f0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0221.306] DeleteDC (hdc=0x800101b7) returned 1 [0221.306] CloseHandle (hObject=0x10f0) returned 1 [0221.308] DeleteObject (ho=0x3d05008e) returned 1 [0221.308] DeleteObject (ho=0x3e0501a4) returned 1 [0221.308] DestroyCursor (hCursor=0x1c013f) returned 1 [0221.308] GetCurrentThreadId () returned 0x6f8 [0221.308] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\usTFGNw.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ustfgnw.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0221.308] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17687 [0221.313] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x17687, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x17687, lpOverlapped=0x0) returned 1 [0221.314] CloseHandle (hObject=0x10f0) returned 1 [0221.314] GetCurrentThreadId () returned 0x6f8 [0221.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x891c950, dwHighDateTime=0x1d6076d)) [0221.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x891c950, dwHighDateTime=0x1d6076d)) [0221.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x891c950, dwHighDateTime=0x1d6076d)) [0221.398] GetCurrentThreadId () returned 0x6f8 [0221.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x8a01190, dwHighDateTime=0x1d6076d)) [0221.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x8a01190, dwHighDateTime=0x1d6076d)) [0221.398] GetCurrentThreadId () returned 0x6f8 [0221.398] CreateFileW (lpFileName="YAEq.exe" (normalized: "c:\\windows\\system32\\yaeq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.399] CreateFileW (lpFileName="YAEq.exe" (normalized: "c:\\windows\\system32\\yaeq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.399] GetCurrentThreadId () returned 0x6f8 [0221.399] GetCurrentThreadId () returned 0x6f8 [0221.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x8a01190, dwHighDateTime=0x1d6076d)) [0221.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x8a01190, dwHighDateTime=0x1d6076d)) [0221.399] CreateFileW (lpFileName="YAEq.exe" (normalized: "c:\\windows\\system32\\yaeq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.400] GetCurrentThreadId () returned 0x6f8 [0221.400] BeginUpdateResourceW (pFileName="YAEq.exe" (normalized: "c:\\windows\\system32\\yaeq.exe"), bDeleteExistingResources=0) returned 0x0 [0221.400] CreateFileW (lpFileName="AuIo.ico" (normalized: "c:\\windows\\system32\\auio.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10f0 [0221.400] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0221.400] ReadFile (in: hFile=0x10f0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0221.400] CloseHandle (hObject=0x10f0) returned 1 [0221.400] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0221.400] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0221.400] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0221.401] CopyFileW (lpExistingFileName="YAEq.exe" (normalized: "c:\\windows\\system32\\yaeq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\usTFGNw.docx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ustfgnw.docx.exe"), bFailIfExists=0) returned 0 [0221.401] SetNamedSecurityInfoW () returned 0x2 [0221.401] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\usTFGNw.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ustfgnw.docx")) returned 1 [0221.404] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x68, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x68, lpOverlapped=0x0) returned 1 [0221.404] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0221.404] DeleteFileW (lpFileName="AuIo.ico" (normalized: "c:\\windows\\system32\\auio.ico")) returned 1 [0221.405] DeleteFileW (lpFileName="YAEq.exe" (normalized: "c:\\windows\\system32\\yaeq.exe")) returned 0 [0221.405] GetCurrentThreadId () returned 0x6f8 [0221.405] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x8a01190, dwHighDateTime=0x1d6076d)) [0221.405] GetCurrentThreadId () returned 0x6f8 [0221.405] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8a01190, dwHighDateTime=0x1d6076d)) [0221.405] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad8a610, ftCreationTime.dwHighDateTime=0x1d56b6f, ftLastAccessTime.dwLowDateTime=0x75f920e0, ftLastAccessTime.dwHighDateTime=0x1d57f75, ftLastWriteTime.dwLowDateTime=0x75f920e0, ftLastWriteTime.dwHighDateTime=0x1d57f75, nFileSizeHigh=0x0, nFileSizeLow=0xa8ff, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wlxAu7b3.pptx", cAlternateFileName="WLXAU7~1.PPT")) returned 1 [0221.406] GetCurrentThreadId () returned 0x6f8 [0221.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x8a01190, dwHighDateTime=0x1d6076d)) [0221.406] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wlxAu7b3.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wlxau7b3.pptx")) returned 0x20 [0221.406] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wlxAu7b3.pptx", dwFileAttributes=0x80) returned 1 [0221.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wlxAu7b3.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wlxau7b3.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0221.406] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa8ff [0221.412] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa8ff, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xa8ff, lpOverlapped=0x0) returned 1 [0221.414] GetCurrentThreadId () returned 0x6f8 [0221.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x8a272f0, dwHighDateTime=0x1d6076d)) [0221.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x8a272f0, dwHighDateTime=0x1d6076d)) [0221.414] GetCurrentThreadId () returned 0x6f8 [0221.414] CloseHandle (hObject=0x10f0) returned 1 [0221.414] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wlxAu7b3.pptx", dwFileAttributes=0x20) returned 1 [0221.415] GetCurrentThreadId () returned 0x6f8 [0221.415] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x8a272f0, dwHighDateTime=0x1d6076d)) [0221.415] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x8a272f0, dwHighDateTime=0x1d6076d)) [0221.415] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wlxAu7b3.pptx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wlxAu7b3.pptx", piIcon=0x4e4f238) returned 0x1d013f [0221.427] GetIconInfo (in: hIcon=0x1d013f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0221.427] CreateFileW (lpFileName="iIcs.ico" (normalized: "c:\\windows\\system32\\iics.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0221.428] GetObjectA (in: h=0x7905019e, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0221.428] GetObjectA (in: h=0x3905076f, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0221.428] CreateCompatibleDC (hdc=0x0) returned 0xa00101b3 [0221.428] GetDIBits (in: hdc=0xa00101b3, hbm=0x7905019e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0221.428] GetDIBits (in: hdc=0xa00101b3, hbm=0x7905019e, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0221.428] GetDIBits (in: hdc=0xa00101b3, hbm=0x7905019e, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0221.428] GetDIBits (in: hdc=0xa00101b3, hbm=0x3905076f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0221.428] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0221.429] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0221.429] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0221.429] WriteFile (in: hFile=0x10f4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0221.430] WriteFile (in: hFile=0x10f4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0221.430] DeleteDC (hdc=0xa00101b3) returned 1 [0221.430] CloseHandle (hObject=0x10f4) returned 1 [0221.430] DeleteObject (ho=0x7905019e) returned 1 [0221.430] DeleteObject (ho=0x3905076f) returned 1 [0221.430] DestroyCursor (hCursor=0x1d013f) returned 1 [0221.430] GetCurrentThreadId () returned 0x6f8 [0221.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wlxAu7b3.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wlxau7b3.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0221.431] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa8ff [0221.435] ReadFile (in: hFile=0x10f4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa8ff, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xa8ff, lpOverlapped=0x0) returned 1 [0221.436] CloseHandle (hObject=0x10f4) returned 1 [0221.436] GetCurrentThreadId () returned 0x6f8 [0221.436] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x8a4d450, dwHighDateTime=0x1d6076d)) [0221.436] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x8a4d450, dwHighDateTime=0x1d6076d)) [0221.436] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x8a4d450, dwHighDateTime=0x1d6076d)) [0221.517] GetCurrentThreadId () returned 0x6f8 [0221.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x8b0bb30, dwHighDateTime=0x1d6076d)) [0221.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x8b0bb30, dwHighDateTime=0x1d6076d)) [0221.517] GetCurrentThreadId () returned 0x6f8 [0221.517] CreateFileW (lpFileName="YAUG.exe" (normalized: "c:\\windows\\system32\\yaug.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.518] CreateFileW (lpFileName="YAUG.exe" (normalized: "c:\\windows\\system32\\yaug.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.518] GetCurrentThreadId () returned 0x6f8 [0221.518] GetCurrentThreadId () returned 0x6f8 [0221.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x8b0bb30, dwHighDateTime=0x1d6076d)) [0221.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x8b0bb30, dwHighDateTime=0x1d6076d)) [0221.518] CreateFileW (lpFileName="YAUG.exe" (normalized: "c:\\windows\\system32\\yaug.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.518] GetCurrentThreadId () returned 0x6f8 [0221.518] BeginUpdateResourceW (pFileName="YAUG.exe" (normalized: "c:\\windows\\system32\\yaug.exe"), bDeleteExistingResources=0) returned 0x0 [0221.518] CreateFileW (lpFileName="iIcs.ico" (normalized: "c:\\windows\\system32\\iics.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10f4 [0221.519] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0221.519] ReadFile (in: hFile=0x10f4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0221.521] CloseHandle (hObject=0x10f4) returned 1 [0221.521] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0221.521] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0221.521] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0221.521] CopyFileW (lpExistingFileName="YAUG.exe" (normalized: "c:\\windows\\system32\\yaug.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wlxAu7b3.pptx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wlxau7b3.pptx.exe"), bFailIfExists=0) returned 0 [0221.522] SetNamedSecurityInfoW () returned 0x2 [0221.522] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wlxAu7b3.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wlxau7b3.pptx")) returned 1 [0221.526] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6a, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6a, lpOverlapped=0x0) returned 1 [0221.526] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0221.526] DeleteFileW (lpFileName="iIcs.ico" (normalized: "c:\\windows\\system32\\iics.ico")) returned 1 [0221.528] DeleteFileW (lpFileName="YAUG.exe" (normalized: "c:\\windows\\system32\\yaug.exe")) returned 0 [0221.528] GetCurrentThreadId () returned 0x6f8 [0221.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x8b31c90, dwHighDateTime=0x1d6076d)) [0221.528] GetCurrentThreadId () returned 0x6f8 [0221.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8b31c90, dwHighDateTime=0x1d6076d)) [0221.528] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x958b3300, ftCreationTime.dwHighDateTime=0x1d568fd, ftLastAccessTime.dwLowDateTime=0xdbb7cc20, ftLastAccessTime.dwHighDateTime=0x1d57083, ftLastWriteTime.dwLowDateTime=0xdbb7cc20, ftLastWriteTime.dwHighDateTime=0x1d57083, nFileSizeHigh=0x0, nFileSizeLow=0xb6c1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="xmkw.docx", cAlternateFileName="XMKW~1.DOC")) returned 1 [0221.528] GetCurrentThreadId () returned 0x6f8 [0221.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x8b31c90, dwHighDateTime=0x1d6076d)) [0221.528] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xmkw.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xmkw.docx")) returned 0x20 [0221.528] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xmkw.docx", dwFileAttributes=0x80) returned 1 [0221.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xmkw.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xmkw.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0221.529] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb6c1 [0221.534] ReadFile (in: hFile=0x10f4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xb6c1, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xb6c1, lpOverlapped=0x0) returned 1 [0221.536] GetCurrentThreadId () returned 0x6f8 [0221.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x8b57df0, dwHighDateTime=0x1d6076d)) [0221.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x8b57df0, dwHighDateTime=0x1d6076d)) [0221.536] GetCurrentThreadId () returned 0x6f8 [0221.536] CloseHandle (hObject=0x10f4) returned 1 [0221.536] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xmkw.docx", dwFileAttributes=0x20) returned 1 [0221.537] GetCurrentThreadId () returned 0x6f8 [0221.537] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x8b57df0, dwHighDateTime=0x1d6076d)) [0221.537] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x8b57df0, dwHighDateTime=0x1d6076d)) [0221.537] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xmkw.docx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xmkw.docx", piIcon=0x4e4f238) returned 0x90147 [0221.548] GetIconInfo (in: hIcon=0x90147, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0221.548] CreateFileW (lpFileName="WAEk.ico" (normalized: "c:\\windows\\system32\\waek.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0221.549] GetObjectA (in: h=0x410501a4, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0221.549] GetObjectA (in: h=0x4205008e, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0221.549] CreateCompatibleDC (hdc=0x0) returned 0x52010736 [0221.549] GetDIBits (in: hdc=0x52010736, hbm=0x410501a4, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0221.549] GetDIBits (in: hdc=0x52010736, hbm=0x410501a4, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0221.549] GetDIBits (in: hdc=0x52010736, hbm=0x410501a4, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0221.549] GetDIBits (in: hdc=0x52010736, hbm=0x4205008e, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0221.549] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0221.551] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0221.551] WriteFile (in: hFile=0x10f0, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0221.551] WriteFile (in: hFile=0x10f0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0221.551] WriteFile (in: hFile=0x10f0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0221.551] DeleteDC (hdc=0x52010736) returned 1 [0221.551] CloseHandle (hObject=0x10f0) returned 1 [0221.552] DeleteObject (ho=0x410501a4) returned 1 [0221.552] DeleteObject (ho=0x4205008e) returned 1 [0221.552] DestroyCursor (hCursor=0x90147) returned 1 [0221.552] GetCurrentThreadId () returned 0x6f8 [0221.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xmkw.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xmkw.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0221.552] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb6c1 [0221.557] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xb6c1, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xb6c1, lpOverlapped=0x0) returned 1 [0221.557] CloseHandle (hObject=0x10f0) returned 1 [0221.557] GetCurrentThreadId () returned 0x6f8 [0221.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x8b7df50, dwHighDateTime=0x1d6076d)) [0221.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x8b7df50, dwHighDateTime=0x1d6076d)) [0221.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x8b7df50, dwHighDateTime=0x1d6076d)) [0221.663] GetCurrentThreadId () returned 0x6f8 [0221.663] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x8c888f0, dwHighDateTime=0x1d6076d)) [0221.663] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x8c888f0, dwHighDateTime=0x1d6076d)) [0221.663] GetCurrentThreadId () returned 0x6f8 [0221.663] CreateFileW (lpFileName="KcUE.exe" (normalized: "c:\\windows\\system32\\kcue.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.663] CreateFileW (lpFileName="KcUE.exe" (normalized: "c:\\windows\\system32\\kcue.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.665] GetCurrentThreadId () returned 0x6f8 [0221.665] GetCurrentThreadId () returned 0x6f8 [0221.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x8c888f0, dwHighDateTime=0x1d6076d)) [0221.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x8c888f0, dwHighDateTime=0x1d6076d)) [0221.665] CreateFileW (lpFileName="KcUE.exe" (normalized: "c:\\windows\\system32\\kcue.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.665] GetCurrentThreadId () returned 0x6f8 [0221.665] BeginUpdateResourceW (pFileName="KcUE.exe" (normalized: "c:\\windows\\system32\\kcue.exe"), bDeleteExistingResources=0) returned 0x0 [0221.665] CreateFileW (lpFileName="WAEk.ico" (normalized: "c:\\windows\\system32\\waek.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10f0 [0221.665] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0221.665] ReadFile (in: hFile=0x10f0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0221.666] CloseHandle (hObject=0x10f0) returned 1 [0221.666] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0221.666] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0221.666] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0221.666] CopyFileW (lpExistingFileName="KcUE.exe" (normalized: "c:\\windows\\system32\\kcue.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xmkw.docx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xmkw.docx.exe"), bFailIfExists=0) returned 0 [0221.666] SetNamedSecurityInfoW () returned 0x2 [0221.666] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xmkw.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xmkw.docx")) returned 1 [0221.668] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x62, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x62, lpOverlapped=0x0) returned 1 [0221.669] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0221.669] DeleteFileW (lpFileName="WAEk.ico" (normalized: "c:\\windows\\system32\\waek.ico")) returned 1 [0221.670] DeleteFileW (lpFileName="KcUE.exe" (normalized: "c:\\windows\\system32\\kcue.exe")) returned 0 [0221.670] GetCurrentThreadId () returned 0x6f8 [0221.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x8c888f0, dwHighDateTime=0x1d6076d)) [0221.670] GetCurrentThreadId () returned 0x6f8 [0221.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8c888f0, dwHighDateTime=0x1d6076d)) [0221.670] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b1ebb0, ftCreationTime.dwHighDateTime=0x1d5e79a, ftLastAccessTime.dwLowDateTime=0xf5ca2390, ftLastAccessTime.dwHighDateTime=0x1d5e303, ftLastWriteTime.dwLowDateTime=0xf5ca2390, ftLastWriteTime.dwHighDateTime=0x1d5e303, nFileSizeHigh=0x0, nFileSizeLow=0xd522, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="yJPGp0HmM.odt", cAlternateFileName="YJPGP0~1.ODT")) returned 1 [0221.670] GetCurrentThreadId () returned 0x6f8 [0221.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8c888f0, dwHighDateTime=0x1d6076d)) [0221.670] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1583790, ftCreationTime.dwHighDateTime=0x1d5de2e, ftLastAccessTime.dwLowDateTime=0xd68f32a0, ftLastAccessTime.dwHighDateTime=0x1d5daf1, ftLastWriteTime.dwLowDateTime=0xd68f32a0, ftLastWriteTime.dwHighDateTime=0x1d5daf1, nFileSizeHigh=0x0, nFileSizeLow=0xd5ac, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ZKNa.odt", cAlternateFileName="")) returned 1 [0221.671] GetCurrentThreadId () returned 0x6f8 [0221.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8c888f0, dwHighDateTime=0x1d6076d)) [0221.671] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x361ffe90, ftCreationTime.dwHighDateTime=0x1d5df28, ftLastAccessTime.dwLowDateTime=0x9decfd20, ftLastAccessTime.dwHighDateTime=0x1d5deec, ftLastWriteTime.dwLowDateTime=0x9decfd20, ftLastWriteTime.dwHighDateTime=0x1d5deec, nFileSizeHigh=0x0, nFileSizeLow=0xcf1c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zqjb.odt", cAlternateFileName="")) returned 1 [0221.671] GetCurrentThreadId () returned 0x6f8 [0221.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8c888f0, dwHighDateTime=0x1d6076d)) [0221.671] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22d3350, ftCreationTime.dwHighDateTime=0x1d5dd21, ftLastAccessTime.dwLowDateTime=0x1aa2060, ftLastAccessTime.dwHighDateTime=0x1d5e562, ftLastWriteTime.dwLowDateTime=0x1aa2060, ftLastWriteTime.dwHighDateTime=0x1d5e562, nFileSizeHigh=0x0, nFileSizeLow=0x40bd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zROBvpH3jHeTNI-wr.docx", cAlternateFileName="ZROBVP~1.DOC")) returned 1 [0221.671] GetCurrentThreadId () returned 0x6f8 [0221.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x8c888f0, dwHighDateTime=0x1d6076d)) [0221.671] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zROBvpH3jHeTNI-wr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zrobvph3jhetni-wr.docx")) returned 0x20 [0221.683] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zROBvpH3jHeTNI-wr.docx", dwFileAttributes=0x80) returned 1 [0221.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zROBvpH3jHeTNI-wr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zrobvph3jhetni-wr.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f0 [0221.683] GetFileSize (in: hFile=0x10f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40bd [0221.688] ReadFile (in: hFile=0x10f0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x40bd, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x40bd, lpOverlapped=0x0) returned 1 [0221.690] GetCurrentThreadId () returned 0x6f8 [0221.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x8caea50, dwHighDateTime=0x1d6076d)) [0221.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x8caea50, dwHighDateTime=0x1d6076d)) [0221.690] GetCurrentThreadId () returned 0x6f8 [0221.691] CloseHandle (hObject=0x10f0) returned 1 [0221.691] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zROBvpH3jHeTNI-wr.docx", dwFileAttributes=0x20) returned 1 [0221.691] GetCurrentThreadId () returned 0x6f8 [0221.691] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x8cd4bb0, dwHighDateTime=0x1d6076d)) [0221.691] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x8cd4bb0, dwHighDateTime=0x1d6076d)) [0221.691] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zROBvpH3jHeTNI-wr.docx", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zROBvpH3jHeTNI-wr.docx", piIcon=0x4e4f238) returned 0x12010f [0221.703] GetIconInfo (in: hIcon=0x12010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0221.703] CreateFileW (lpFileName="wqQk.ico" (normalized: "c:\\windows\\system32\\wqqk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0221.704] GetObjectA (in: h=0xf70501fc, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0221.704] GetObjectA (in: h=0xe8050772, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0221.704] CreateCompatibleDC (hdc=0x0) returned 0x80101fe [0221.704] GetDIBits (in: hdc=0x80101fe, hbm=0xf70501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0221.704] GetDIBits (in: hdc=0x80101fe, hbm=0xf70501fc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0221.704] GetDIBits (in: hdc=0x80101fe, hbm=0xf70501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0221.704] GetDIBits (in: hdc=0x80101fe, hbm=0xe8050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0221.704] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0221.705] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0221.705] WriteFile (in: hFile=0x10f4, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0221.706] WriteFile (in: hFile=0x10f4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0221.706] WriteFile (in: hFile=0x10f4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0221.706] DeleteDC (hdc=0x80101fe) returned 1 [0221.706] CloseHandle (hObject=0x10f4) returned 1 [0221.706] DeleteObject (ho=0xf70501fc) returned 1 [0221.706] DeleteObject (ho=0xe8050772) returned 1 [0221.707] DestroyCursor (hCursor=0x12010f) returned 1 [0221.707] GetCurrentThreadId () returned 0x6f8 [0221.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zROBvpH3jHeTNI-wr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zrobvph3jhetni-wr.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10f4 [0221.709] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40bd [0221.713] ReadFile (in: hFile=0x10f4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x40bd, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x40bd, lpOverlapped=0x0) returned 1 [0221.713] CloseHandle (hObject=0x10f4) returned 1 [0221.714] GetCurrentThreadId () returned 0x6f8 [0221.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x8cfad10, dwHighDateTime=0x1d6076d)) [0221.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x8cfad10, dwHighDateTime=0x1d6076d)) [0221.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x8cfad10, dwHighDateTime=0x1d6076d)) [0221.806] GetCurrentThreadId () returned 0x6f8 [0221.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.806] GetCurrentThreadId () returned 0x6f8 [0221.806] CreateFileW (lpFileName="mAMA.exe" (normalized: "c:\\windows\\system32\\mama.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.806] CreateFileW (lpFileName="mAMA.exe" (normalized: "c:\\windows\\system32\\mama.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.807] GetCurrentThreadId () returned 0x6f8 [0221.807] GetCurrentThreadId () returned 0x6f8 [0221.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.807] CreateFileW (lpFileName="mAMA.exe" (normalized: "c:\\windows\\system32\\mama.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.807] GetCurrentThreadId () returned 0x6f8 [0221.807] BeginUpdateResourceW (pFileName="mAMA.exe" (normalized: "c:\\windows\\system32\\mama.exe"), bDeleteExistingResources=0) returned 0x0 [0221.807] CreateFileW (lpFileName="wqQk.ico" (normalized: "c:\\windows\\system32\\wqqk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10f4 [0221.807] GetFileSize (in: hFile=0x10f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0221.808] ReadFile (in: hFile=0x10f4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0221.808] CloseHandle (hObject=0x10f4) returned 1 [0221.808] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0221.808] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0221.808] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0221.808] CopyFileW (lpExistingFileName="mAMA.exe" (normalized: "c:\\windows\\system32\\mama.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zROBvpH3jHeTNI-wr.docx.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zrobvph3jhetni-wr.docx.exe"), bFailIfExists=0) returned 0 [0221.808] SetNamedSecurityInfoW () returned 0x2 [0221.809] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zROBvpH3jHeTNI-wr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zrobvph3jhetni-wr.docx")) returned 1 [0221.810] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7c, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x7c, lpOverlapped=0x0) returned 1 [0221.811] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0221.811] DeleteFileW (lpFileName="wqQk.ico" (normalized: "c:\\windows\\system32\\wqqk.ico")) returned 1 [0221.812] DeleteFileW (lpFileName="mAMA.exe" (normalized: "c:\\windows\\system32\\mama.exe")) returned 0 [0221.812] GetCurrentThreadId () returned 0x6f8 [0221.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.812] GetCurrentThreadId () returned 0x6f8 [0221.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.812] FindNextFileW (in: hFindFile=0x7e6e898, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22d3350, ftCreationTime.dwHighDateTime=0x1d5dd21, ftLastAccessTime.dwLowDateTime=0x1aa2060, ftLastAccessTime.dwHighDateTime=0x1d5e562, ftLastWriteTime.dwLowDateTime=0x1aa2060, ftLastWriteTime.dwHighDateTime=0x1d5e562, nFileSizeHigh=0x0, nFileSizeLow=0x40bd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zROBvpH3jHeTNI-wr.docx", cAlternateFileName="ZROBVP~1.DOC")) returned 0 [0221.812] GetCurrentThreadId () returned 0x6f8 [0221.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.813] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0221.813] GetCurrentThreadId () returned 0x6f8 [0221.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.813] GetCurrentThreadId () returned 0x6f8 [0221.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.813] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6e9d8 [0221.813] GetCurrentThreadId () returned 0x6f8 [0221.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.813] FindNextFileW (in: hFindFile=0x7e6e9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.813] GetCurrentThreadId () returned 0x6f8 [0221.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.813] FindNextFileW (in: hFindFile=0x7e6e9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0221.813] GetCurrentThreadId () returned 0x6f8 [0221.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.813] FindNextFileW (in: hFindFile=0x7e6e9d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0221.813] GetCurrentThreadId () returned 0x6f8 [0221.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.814] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xa175ab10, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0xa2426150, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa2426150, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="duIwksoU", cAlternateFileName="")) returned 1 [0221.814] GetCurrentThreadId () returned 0x6f8 [0221.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.814] GetCurrentThreadId () returned 0x6f8 [0221.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.814] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0221.814] GetCurrentThreadId () returned 0x6f8 [0221.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.814] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0221.814] GetCurrentThreadId () returned 0x6f8 [0221.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.814] GetCurrentThreadId () returned 0x6f8 [0221.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.814] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ea18 [0221.814] GetCurrentThreadId () returned 0x6f8 [0221.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.814] FindNextFileW (in: hFindFile=0x7e6ea18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.814] GetCurrentThreadId () returned 0x6f8 [0221.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.815] FindNextFileW (in: hFindFile=0x7e6ea18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0221.815] GetCurrentThreadId () returned 0x6f8 [0221.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.815] FindNextFileW (in: hFindFile=0x7e6ea18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0221.815] GetCurrentThreadId () returned 0x6f8 [0221.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.815] GetCurrentThreadId () returned 0x6f8 [0221.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.815] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ea58 [0221.815] GetCurrentThreadId () returned 0x6f8 [0221.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8ddf550, dwHighDateTime=0x1d6076d)) [0221.815] FindNextFileW (in: hFindFile=0x7e6ea58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.815] GetCurrentThreadId () returned 0x6f8 [0221.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.815] FindNextFileW (in: hFindFile=0x7e6ea58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0221.816] GetCurrentThreadId () returned 0x6f8 [0221.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.816] FindNextFileW (in: hFindFile=0x7e6ea58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Suggested Sites.url", cAlternateFileName="SUGGES~1.URL")) returned 1 [0221.816] GetCurrentThreadId () returned 0x6f8 [0221.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.816] FindNextFileW (in: hFindFile=0x7e6ea58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0221.816] GetCurrentThreadId () returned 0x6f8 [0221.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.816] FindNextFileW (in: hFindFile=0x7e6ea58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0221.816] GetCurrentThreadId () returned 0x6f8 [0221.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.816] FindNextFileW (in: hFindFile=0x7e6ea18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0221.816] GetCurrentThreadId () returned 0x6f8 [0221.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.816] GetCurrentThreadId () returned 0x6f8 [0221.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.816] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ea98 [0221.821] GetCurrentThreadId () returned 0x6f8 [0221.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.821] FindNextFileW (in: hFindFile=0x7e6ea98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.821] GetCurrentThreadId () returned 0x6f8 [0221.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.821] FindNextFileW (in: hFindFile=0x7e6ea98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0221.821] GetCurrentThreadId () returned 0x6f8 [0221.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.821] FindNextFileW (in: hFindFile=0x7e6ea98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0221.821] GetCurrentThreadId () returned 0x6f8 [0221.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.821] FindNextFileW (in: hFindFile=0x7e6ea98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0221.821] GetCurrentThreadId () returned 0x6f8 [0221.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.821] FindNextFileW (in: hFindFile=0x7e6ea98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0221.821] GetCurrentThreadId () returned 0x6f8 [0221.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.821] FindNextFileW (in: hFindFile=0x7e6ea98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0221.822] GetCurrentThreadId () returned 0x6f8 [0221.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.822] FindNextFileW (in: hFindFile=0x7e6ea98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0221.822] GetCurrentThreadId () returned 0x6f8 [0221.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.822] FindNextFileW (in: hFindFile=0x7e6ea18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0221.822] GetCurrentThreadId () returned 0x6f8 [0221.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.822] GetCurrentThreadId () returned 0x6f8 [0221.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.822] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ead8 [0221.824] GetCurrentThreadId () returned 0x6f8 [0221.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.824] FindNextFileW (in: hFindFile=0x7e6ead8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.824] GetCurrentThreadId () returned 0x6f8 [0221.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.824] FindNextFileW (in: hFindFile=0x7e6ead8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0221.824] GetCurrentThreadId () returned 0x6f8 [0221.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.825] FindNextFileW (in: hFindFile=0x7e6ead8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0221.825] GetCurrentThreadId () returned 0x6f8 [0221.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.825] FindNextFileW (in: hFindFile=0x7e6ead8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0221.825] GetCurrentThreadId () returned 0x6f8 [0221.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.825] FindNextFileW (in: hFindFile=0x7e6ead8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0221.825] GetCurrentThreadId () returned 0x6f8 [0221.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.825] FindNextFileW (in: hFindFile=0x7e6ead8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0221.825] GetCurrentThreadId () returned 0x6f8 [0221.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.825] FindNextFileW (in: hFindFile=0x7e6ead8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0221.825] GetCurrentThreadId () returned 0x6f8 [0221.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.825] FindNextFileW (in: hFindFile=0x7e6ead8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0221.825] GetCurrentThreadId () returned 0x6f8 [0221.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.825] FindNextFileW (in: hFindFile=0x7e6ea18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0221.825] GetCurrentThreadId () returned 0x6f8 [0221.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.825] FindNextFileW (in: hFindFile=0x7e6ea18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0221.826] GetCurrentThreadId () returned 0x6f8 [0221.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.826] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0221.826] GetCurrentThreadId () returned 0x6f8 [0221.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.826] GetCurrentThreadId () returned 0x6f8 [0221.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.826] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6eb18 [0221.826] GetCurrentThreadId () returned 0x6f8 [0221.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.826] FindNextFileW (in: hFindFile=0x7e6eb18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.826] GetCurrentThreadId () returned 0x6f8 [0221.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.826] FindNextFileW (in: hFindFile=0x7e6eb18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0221.826] GetCurrentThreadId () returned 0x6f8 [0221.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.826] FindNextFileW (in: hFindFile=0x7e6eb18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0221.826] GetCurrentThreadId () returned 0x6f8 [0221.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.826] FindNextFileW (in: hFindFile=0x7e6eb18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0221.826] GetCurrentThreadId () returned 0x6f8 [0221.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.827] FindNextFileW (in: hFindFile=0x7e6eb18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0221.827] GetCurrentThreadId () returned 0x6f8 [0221.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.827] FindNextFileW (in: hFindFile=0x7e6eb18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0221.827] GetCurrentThreadId () returned 0x6f8 [0221.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.827] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0221.827] GetCurrentThreadId () returned 0x6f8 [0221.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.827] GetCurrentThreadId () returned 0x6f8 [0221.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.827] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0221.827] GetCurrentThreadId () returned 0x6f8 [0221.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.827] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd932e740, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd932e740, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0221.827] GetCurrentThreadId () returned 0x6f8 [0221.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.827] GetCurrentThreadId () returned 0x6f8 [0221.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.828] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd932e740, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd932e740, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6eb58 [0221.828] GetCurrentThreadId () returned 0x6f8 [0221.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.828] FindNextFileW (in: hFindFile=0x7e6eb58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd932e740, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd932e740, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.828] GetCurrentThreadId () returned 0x6f8 [0221.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.828] FindNextFileW (in: hFindFile=0x7e6eb58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0221.828] GetCurrentThreadId () returned 0x6f8 [0221.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.828] FindNextFileW (in: hFindFile=0x7e6eb58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1880bc70, ftCreationTime.dwHighDateTime=0x1d5e5e1, ftLastAccessTime.dwLowDateTime=0xe9a08d80, ftLastAccessTime.dwHighDateTime=0x1d5e2bc, ftLastWriteTime.dwLowDateTime=0xe9a08d80, ftLastWriteTime.dwHighDateTime=0x1d5e2bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="k8qweN-IiSAnrvYNZ7", cAlternateFileName="K8QWEN~1")) returned 1 [0221.828] GetCurrentThreadId () returned 0x6f8 [0221.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.828] GetCurrentThreadId () returned 0x6f8 [0221.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.828] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1880bc70, ftCreationTime.dwHighDateTime=0x1d5e5e1, ftLastAccessTime.dwLowDateTime=0xe9a08d80, ftLastAccessTime.dwHighDateTime=0x1d5e2bc, ftLastWriteTime.dwLowDateTime=0xe9a08d80, ftLastWriteTime.dwHighDateTime=0x1d5e2bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6eb98 [0221.831] GetCurrentThreadId () returned 0x6f8 [0221.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.831] FindNextFileW (in: hFindFile=0x7e6eb98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1880bc70, ftCreationTime.dwHighDateTime=0x1d5e5e1, ftLastAccessTime.dwLowDateTime=0xe9a08d80, ftLastAccessTime.dwHighDateTime=0x1d5e2bc, ftLastWriteTime.dwLowDateTime=0xe9a08d80, ftLastWriteTime.dwHighDateTime=0x1d5e2bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.831] GetCurrentThreadId () returned 0x6f8 [0221.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.831] FindNextFileW (in: hFindFile=0x7e6eb98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27cda590, ftCreationTime.dwHighDateTime=0x1d5dcf3, ftLastAccessTime.dwLowDateTime=0xf55c6c40, ftLastAccessTime.dwHighDateTime=0x1d5db71, ftLastWriteTime.dwLowDateTime=0xf55c6c40, ftLastWriteTime.dwHighDateTime=0x1d5db71, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="g5Ta-8tpOnU_t", cAlternateFileName="G5TA-8~1")) returned 1 [0221.831] GetCurrentThreadId () returned 0x6f8 [0221.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x8e056b0, dwHighDateTime=0x1d6076d)) [0221.831] GetCurrentThreadId () returned 0x6f8 [0221.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x8e2b810, dwHighDateTime=0x1d6076d)) [0221.831] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27cda590, ftCreationTime.dwHighDateTime=0x1d5dcf3, ftLastAccessTime.dwLowDateTime=0xf55c6c40, ftLastAccessTime.dwHighDateTime=0x1d5db71, ftLastWriteTime.dwLowDateTime=0xf55c6c40, ftLastWriteTime.dwHighDateTime=0x1d5db71, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ebd8 [0221.832] GetCurrentThreadId () returned 0x6f8 [0221.832] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x8e2b810, dwHighDateTime=0x1d6076d)) [0221.832] FindNextFileW (in: hFindFile=0x7e6ebd8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27cda590, ftCreationTime.dwHighDateTime=0x1d5dcf3, ftLastAccessTime.dwLowDateTime=0xf55c6c40, ftLastAccessTime.dwHighDateTime=0x1d5db71, ftLastWriteTime.dwLowDateTime=0xf55c6c40, ftLastWriteTime.dwHighDateTime=0x1d5db71, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.832] GetCurrentThreadId () returned 0x6f8 [0221.832] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x8e2b810, dwHighDateTime=0x1d6076d)) [0221.832] FindNextFileW (in: hFindFile=0x7e6ebd8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78010ef0, ftCreationTime.dwHighDateTime=0x1d5e638, ftLastAccessTime.dwLowDateTime=0xd5572ba0, ftLastAccessTime.dwHighDateTime=0x1d5d82f, ftLastWriteTime.dwLowDateTime=0xd5572ba0, ftLastWriteTime.dwHighDateTime=0x1d5d82f, nFileSizeHigh=0x0, nFileSizeLow=0x68d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="4m_lVFwhVIo9K3s29cE.mp3", cAlternateFileName="4M_LVF~1.MP3")) returned 1 [0221.832] GetCurrentThreadId () returned 0x6f8 [0221.832] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0x8e2b810, dwHighDateTime=0x1d6076d)) [0221.832] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\4m_lVFwhVIo9K3s29cE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\g5ta-8tponu_t\\4m_lvfwhvio9k3s29ce.mp3")) returned 0x20 [0221.833] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\4m_lVFwhVIo9K3s29cE.mp3", dwFileAttributes=0x80) returned 1 [0221.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\4m_lVFwhVIo9K3s29cE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\g5ta-8tponu_t\\4m_lvfwhvio9k3s29ce.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1114 [0221.834] GetFileSize (in: hFile=0x1114, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x68d4 [0221.838] ReadFile (in: hFile=0x1114, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x68d4, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0x68d4, lpOverlapped=0x0) returned 1 [0221.840] GetCurrentThreadId () returned 0x6f8 [0221.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0x8e2b810, dwHighDateTime=0x1d6076d)) [0221.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0x8e2b810, dwHighDateTime=0x1d6076d)) [0221.840] GetCurrentThreadId () returned 0x6f8 [0221.841] CloseHandle (hObject=0x1114) returned 1 [0221.841] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\4m_lVFwhVIo9K3s29cE.mp3", dwFileAttributes=0x20) returned 1 [0221.841] GetCurrentThreadId () returned 0x6f8 [0221.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0x8e2b810, dwHighDateTime=0x1d6076d)) [0221.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0x8e2b810, dwHighDateTime=0x1d6076d)) [0221.841] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\4m_lVFwhVIo9K3s29cE.mp3", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\4m_lVFwhVIo9K3s29cE.mp3", piIcon=0x4e4ed50) returned 0x13010f [0221.854] GetIconInfo (in: hIcon=0x13010f, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0221.854] CreateFileW (lpFileName="IUQo.ico" (normalized: "c:\\windows\\system32\\iuqo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1118 [0221.855] GetObjectA (in: h=0xb8050770, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0221.855] GetObjectA (in: h=0xef050776, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0221.855] CreateCompatibleDC (hdc=0x0) returned 0x4b0101fb [0221.855] GetDIBits (in: hdc=0x4b0101fb, hbm=0xb8050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0221.855] GetDIBits (in: hdc=0x4b0101fb, hbm=0xb8050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0221.855] GetDIBits (in: hdc=0x4b0101fb, hbm=0xb8050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0221.855] GetDIBits (in: hdc=0x4b0101fb, hbm=0xef050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0221.855] WriteFile (in: hFile=0x1118, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0221.857] WriteFile (in: hFile=0x1118, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0221.857] WriteFile (in: hFile=0x1118, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0221.857] WriteFile (in: hFile=0x1118, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0221.857] WriteFile (in: hFile=0x1118, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0221.857] DeleteDC (hdc=0x4b0101fb) returned 1 [0221.857] CloseHandle (hObject=0x1118) returned 1 [0221.858] DeleteObject (ho=0xb8050770) returned 1 [0221.858] DeleteObject (ho=0xef050776) returned 1 [0221.858] DestroyCursor (hCursor=0x13010f) returned 1 [0221.858] GetCurrentThreadId () returned 0x6f8 [0221.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\4m_lVFwhVIo9K3s29cE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\g5ta-8tponu_t\\4m_lvfwhvio9k3s29ce.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1118 [0221.858] GetFileSize (in: hFile=0x1118, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x68d4 [0221.863] ReadFile (in: hFile=0x1118, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x68d4, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0x68d4, lpOverlapped=0x0) returned 1 [0221.863] CloseHandle (hObject=0x1118) returned 1 [0221.863] GetCurrentThreadId () returned 0x6f8 [0221.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0x8e77ad0, dwHighDateTime=0x1d6076d)) [0221.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0x8e77ad0, dwHighDateTime=0x1d6076d)) [0221.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0x8e77ad0, dwHighDateTime=0x1d6076d)) [0221.963] GetCurrentThreadId () returned 0x6f8 [0221.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0x8f5c310, dwHighDateTime=0x1d6076d)) [0221.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0x8f5c310, dwHighDateTime=0x1d6076d)) [0221.963] GetCurrentThreadId () returned 0x6f8 [0221.963] CreateFileW (lpFileName="EUUQ.exe" (normalized: "c:\\windows\\system32\\euuq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.964] CreateFileW (lpFileName="EUUQ.exe" (normalized: "c:\\windows\\system32\\euuq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.964] GetCurrentThreadId () returned 0x6f8 [0221.964] GetCurrentThreadId () returned 0x6f8 [0221.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0x8f5c310, dwHighDateTime=0x1d6076d)) [0221.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0x8f5c310, dwHighDateTime=0x1d6076d)) [0221.965] CreateFileW (lpFileName="EUUQ.exe" (normalized: "c:\\windows\\system32\\euuq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0221.965] GetCurrentThreadId () returned 0x6f8 [0221.965] BeginUpdateResourceW (pFileName="EUUQ.exe" (normalized: "c:\\windows\\system32\\euuq.exe"), bDeleteExistingResources=0) returned 0x0 [0221.965] CreateFileW (lpFileName="IUQo.ico" (normalized: "c:\\windows\\system32\\iuqo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1118 [0221.965] GetFileSize (in: hFile=0x1118, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0221.965] ReadFile (in: hFile=0x1118, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0221.965] CloseHandle (hObject=0x1118) returned 1 [0221.966] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0221.966] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0221.966] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0221.966] CopyFileW (lpExistingFileName="EUUQ.exe" (normalized: "c:\\windows\\system32\\euuq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\4m_lVFwhVIo9K3s29cE.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\g5ta-8tponu_t\\4m_lvfwhvio9k3s29ce.mp3.exe"), bFailIfExists=0) returned 0 [0221.966] SetNamedSecurityInfoW () returned 0x2 [0221.966] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\4m_lVFwhVIo9K3s29cE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\g5ta-8tponu_t\\4m_lvfwhvio9k3s29ce.mp3")) returned 1 [0221.968] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xb8, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xb8, lpOverlapped=0x0) returned 1 [0221.968] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0221.968] DeleteFileW (lpFileName="IUQo.ico" (normalized: "c:\\windows\\system32\\iuqo.ico")) returned 1 [0221.969] DeleteFileW (lpFileName="EUUQ.exe" (normalized: "c:\\windows\\system32\\euuq.exe")) returned 0 [0221.969] GetCurrentThreadId () returned 0x6f8 [0221.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0x8f5c310, dwHighDateTime=0x1d6076d)) [0221.969] GetCurrentThreadId () returned 0x6f8 [0221.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x8f5c310, dwHighDateTime=0x1d6076d)) [0221.969] FindNextFileW (in: hFindFile=0x7e6ebd8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20692bd0, ftCreationTime.dwHighDateTime=0x1d5dbb3, ftLastAccessTime.dwLowDateTime=0x88914820, ftLastAccessTime.dwHighDateTime=0x1d5e219, ftLastWriteTime.dwLowDateTime=0x88914820, ftLastWriteTime.dwHighDateTime=0x1d5e219, nFileSizeHigh=0x0, nFileSizeLow=0xcd03, dwReserved0=0x0, dwReserved1=0x0, cFileName="SCBD21D.mp3", cAlternateFileName="")) returned 1 [0221.970] GetCurrentThreadId () returned 0x6f8 [0221.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0x8f5c310, dwHighDateTime=0x1d6076d)) [0221.970] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\SCBD21D.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\g5ta-8tponu_t\\scbd21d.mp3")) returned 0x20 [0221.970] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\SCBD21D.mp3", dwFileAttributes=0x80) returned 1 [0221.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\SCBD21D.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\g5ta-8tponu_t\\scbd21d.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1118 [0221.970] GetFileSize (in: hFile=0x1118, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcd03 [0221.975] ReadFile (in: hFile=0x1118, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xcd03, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xcd03, lpOverlapped=0x0) returned 1 [0221.978] GetCurrentThreadId () returned 0x6f8 [0221.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0x8f82470, dwHighDateTime=0x1d6076d)) [0221.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0x8f82470, dwHighDateTime=0x1d6076d)) [0221.978] GetCurrentThreadId () returned 0x6f8 [0221.978] CloseHandle (hObject=0x1118) returned 1 [0221.978] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\SCBD21D.mp3", dwFileAttributes=0x20) returned 1 [0221.979] GetCurrentThreadId () returned 0x6f8 [0221.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0x8f82470, dwHighDateTime=0x1d6076d)) [0221.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0x8f82470, dwHighDateTime=0x1d6076d)) [0221.979] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\SCBD21D.mp3", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\SCBD21D.mp3", piIcon=0x4e4ed50) returned 0x14010f [0221.991] GetIconInfo (in: hIcon=0x14010f, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0221.991] CreateFileW (lpFileName="sAQw.ico" (normalized: "c:\\windows\\system32\\saqw.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1114 [0221.992] GetObjectA (in: h=0xeb050772, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0221.992] GetObjectA (in: h=0xfc0501fc, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0221.992] CreateCompatibleDC (hdc=0x0) returned 0x44010763 [0221.992] GetDIBits (in: hdc=0x44010763, hbm=0xeb050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0221.992] GetDIBits (in: hdc=0x44010763, hbm=0xeb050772, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0221.992] GetDIBits (in: hdc=0x44010763, hbm=0xeb050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0221.993] GetDIBits (in: hdc=0x44010763, hbm=0xfc0501fc, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0221.993] WriteFile (in: hFile=0x1114, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0221.994] WriteFile (in: hFile=0x1114, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0221.994] WriteFile (in: hFile=0x1114, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0221.994] WriteFile (in: hFile=0x1114, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0221.994] WriteFile (in: hFile=0x1114, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0221.994] DeleteDC (hdc=0x44010763) returned 1 [0221.994] CloseHandle (hObject=0x1114) returned 1 [0221.995] DeleteObject (ho=0xeb050772) returned 1 [0221.995] DeleteObject (ho=0xfc0501fc) returned 1 [0221.995] DestroyCursor (hCursor=0x14010f) returned 1 [0221.995] GetCurrentThreadId () returned 0x6f8 [0221.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\SCBD21D.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\g5ta-8tponu_t\\scbd21d.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1114 [0221.995] GetFileSize (in: hFile=0x1114, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcd03 [0222.000] ReadFile (in: hFile=0x1114, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xcd03, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xcd03, lpOverlapped=0x0) returned 1 [0222.000] CloseHandle (hObject=0x1114) returned 1 [0222.000] GetCurrentThreadId () returned 0x6f8 [0222.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0x8fa85d0, dwHighDateTime=0x1d6076d)) [0222.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0x8fa85d0, dwHighDateTime=0x1d6076d)) [0222.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0x8fa85d0, dwHighDateTime=0x1d6076d)) [0222.092] GetCurrentThreadId () returned 0x6f8 [0222.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0x908ce10, dwHighDateTime=0x1d6076d)) [0222.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0x908ce10, dwHighDateTime=0x1d6076d)) [0222.092] GetCurrentThreadId () returned 0x6f8 [0222.092] CreateFileW (lpFileName="MwMm.exe" (normalized: "c:\\windows\\system32\\mwmm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.093] CreateFileW (lpFileName="MwMm.exe" (normalized: "c:\\windows\\system32\\mwmm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.093] GetCurrentThreadId () returned 0x6f8 [0222.093] GetCurrentThreadId () returned 0x6f8 [0222.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0x908ce10, dwHighDateTime=0x1d6076d)) [0222.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0x908ce10, dwHighDateTime=0x1d6076d)) [0222.093] CreateFileW (lpFileName="MwMm.exe" (normalized: "c:\\windows\\system32\\mwmm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.093] GetCurrentThreadId () returned 0x6f8 [0222.093] BeginUpdateResourceW (pFileName="MwMm.exe" (normalized: "c:\\windows\\system32\\mwmm.exe"), bDeleteExistingResources=0) returned 0x0 [0222.093] CreateFileW (lpFileName="sAQw.ico" (normalized: "c:\\windows\\system32\\saqw.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1114 [0222.094] GetFileSize (in: hFile=0x1114, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0222.094] ReadFile (in: hFile=0x1114, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0222.094] CloseHandle (hObject=0x1114) returned 1 [0222.094] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0222.094] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0222.094] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0222.094] CopyFileW (lpExistingFileName="MwMm.exe" (normalized: "c:\\windows\\system32\\mwmm.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\SCBD21D.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\g5ta-8tponu_t\\scbd21d.mp3.exe"), bFailIfExists=0) returned 0 [0222.095] SetNamedSecurityInfoW () returned 0x2 [0222.095] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\g5Ta-8tpOnU_t\\SCBD21D.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\g5ta-8tponu_t\\scbd21d.mp3")) returned 1 [0222.097] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa0, lpOverlapped=0x0) returned 1 [0222.097] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0222.097] DeleteFileW (lpFileName="sAQw.ico" (normalized: "c:\\windows\\system32\\saqw.ico")) returned 1 [0222.098] DeleteFileW (lpFileName="MwMm.exe" (normalized: "c:\\windows\\system32\\mwmm.exe")) returned 0 [0222.098] GetCurrentThreadId () returned 0x6f8 [0222.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.098] GetCurrentThreadId () returned 0x6f8 [0222.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.098] FindNextFileW (in: hFindFile=0x7e6ebd8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20692bd0, ftCreationTime.dwHighDateTime=0x1d5dbb3, ftLastAccessTime.dwLowDateTime=0x88914820, ftLastAccessTime.dwHighDateTime=0x1d5e219, ftLastWriteTime.dwLowDateTime=0x88914820, ftLastWriteTime.dwHighDateTime=0x1d5e219, nFileSizeHigh=0x0, nFileSizeLow=0xcd03, dwReserved0=0x0, dwReserved1=0x0, cFileName="SCBD21D.mp3", cAlternateFileName="")) returned 0 [0222.098] GetCurrentThreadId () returned 0x6f8 [0222.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.099] FindNextFileW (in: hFindFile=0x7e6eb98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x33a23ab0, ftCreationTime.dwHighDateTime=0x1d5e636, ftLastAccessTime.dwLowDateTime=0x4df687d0, ftLastAccessTime.dwHighDateTime=0x1d5dd1d, ftLastWriteTime.dwLowDateTime=0x4df687d0, ftLastWriteTime.dwHighDateTime=0x1d5dd1d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="qQWc7W", cAlternateFileName="")) returned 1 [0222.099] GetCurrentThreadId () returned 0x6f8 [0222.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.099] GetCurrentThreadId () returned 0x6f8 [0222.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.099] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x33a23ab0, ftCreationTime.dwHighDateTime=0x1d5e636, ftLastAccessTime.dwLowDateTime=0x4df687d0, ftLastAccessTime.dwHighDateTime=0x1d5dd1d, ftLastWriteTime.dwLowDateTime=0x4df687d0, ftLastWriteTime.dwHighDateTime=0x1d5dd1d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ec18 [0222.099] GetCurrentThreadId () returned 0x6f8 [0222.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.099] FindNextFileW (in: hFindFile=0x7e6ec18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x33a23ab0, ftCreationTime.dwHighDateTime=0x1d5e636, ftLastAccessTime.dwLowDateTime=0x4df687d0, ftLastAccessTime.dwHighDateTime=0x1d5dd1d, ftLastWriteTime.dwLowDateTime=0x4df687d0, ftLastWriteTime.dwHighDateTime=0x1d5dd1d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.099] GetCurrentThreadId () returned 0x6f8 [0222.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.099] FindNextFileW (in: hFindFile=0x7e6ec18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20d035c0, ftCreationTime.dwHighDateTime=0x1d5e32c, ftLastAccessTime.dwLowDateTime=0x46812600, ftLastAccessTime.dwHighDateTime=0x1d5dd0d, ftLastWriteTime.dwLowDateTime=0x46812600, ftLastWriteTime.dwHighDateTime=0x1d5dd0d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eeJrg3PiYYolM n", cAlternateFileName="EEJRG3~1")) returned 1 [0222.099] GetCurrentThreadId () returned 0x6f8 [0222.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.099] GetCurrentThreadId () returned 0x6f8 [0222.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.100] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20d035c0, ftCreationTime.dwHighDateTime=0x1d5e32c, ftLastAccessTime.dwLowDateTime=0x46812600, ftLastAccessTime.dwHighDateTime=0x1d5dd0d, ftLastWriteTime.dwLowDateTime=0x46812600, ftLastWriteTime.dwHighDateTime=0x1d5dd0d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ec58 [0222.102] GetCurrentThreadId () returned 0x6f8 [0222.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.102] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20d035c0, ftCreationTime.dwHighDateTime=0x1d5e32c, ftLastAccessTime.dwLowDateTime=0x46812600, ftLastAccessTime.dwHighDateTime=0x1d5dd0d, ftLastWriteTime.dwLowDateTime=0x46812600, ftLastWriteTime.dwHighDateTime=0x1d5dd0d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.102] GetCurrentThreadId () returned 0x6f8 [0222.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.102] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6696abf0, ftCreationTime.dwHighDateTime=0x1d5d94c, ftLastAccessTime.dwLowDateTime=0xcf554350, ftLastAccessTime.dwHighDateTime=0x1d5e63e, ftLastWriteTime.dwLowDateTime=0xcf554350, ftLastWriteTime.dwHighDateTime=0x1d5e63e, nFileSizeHigh=0x0, nFileSizeLow=0xbea2, dwReserved0=0x0, dwReserved1=0x0, cFileName="-15OOHgTS2Dr.m4a", cAlternateFileName="-15OOH~1.M4A")) returned 1 [0222.102] GetCurrentThreadId () returned 0x6f8 [0222.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.102] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcedefc90, ftCreationTime.dwHighDateTime=0x1d5e7d8, ftLastAccessTime.dwLowDateTime=0xcaf42520, ftLastAccessTime.dwHighDateTime=0x1d5daa3, ftLastWriteTime.dwLowDateTime=0xcaf42520, ftLastWriteTime.dwHighDateTime=0x1d5daa3, nFileSizeHigh=0x0, nFileSizeLow=0xce92, dwReserved0=0x0, dwReserved1=0x0, cFileName="bzsYX4xhv2UFCyfBqzZu.wav", cAlternateFileName="BZSYX4~1.WAV")) returned 1 [0222.103] GetCurrentThreadId () returned 0x6f8 [0222.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.103] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcfcea810, ftCreationTime.dwHighDateTime=0x1d5e488, ftLastAccessTime.dwLowDateTime=0x9b866160, ftLastAccessTime.dwHighDateTime=0x1d5e131, ftLastWriteTime.dwLowDateTime=0x9b866160, ftLastWriteTime.dwHighDateTime=0x1d5e131, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="C9ieU Ela-q_cP-g", cAlternateFileName="C9IEUE~1")) returned 1 [0222.103] GetCurrentThreadId () returned 0x6f8 [0222.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.103] GetCurrentThreadId () returned 0x6f8 [0222.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.103] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\C9ieU Ela-q_cP-g\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcfcea810, ftCreationTime.dwHighDateTime=0x1d5e488, ftLastAccessTime.dwLowDateTime=0x9b866160, ftLastAccessTime.dwHighDateTime=0x1d5e131, ftLastWriteTime.dwLowDateTime=0x9b866160, ftLastWriteTime.dwHighDateTime=0x1d5e131, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ec98 [0222.108] GetCurrentThreadId () returned 0x6f8 [0222.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.108] FindNextFileW (in: hFindFile=0x7e6ec98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcfcea810, ftCreationTime.dwHighDateTime=0x1d5e488, ftLastAccessTime.dwLowDateTime=0x9b866160, ftLastAccessTime.dwHighDateTime=0x1d5e131, ftLastWriteTime.dwLowDateTime=0x9b866160, ftLastWriteTime.dwHighDateTime=0x1d5e131, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.108] GetCurrentThreadId () returned 0x6f8 [0222.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.108] FindNextFileW (in: hFindFile=0x7e6ec98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f566a0, ftCreationTime.dwHighDateTime=0x1d5d87a, ftLastAccessTime.dwLowDateTime=0x21b22970, ftLastAccessTime.dwHighDateTime=0x1d5d838, ftLastWriteTime.dwLowDateTime=0x21b22970, ftLastWriteTime.dwHighDateTime=0x1d5d838, nFileSizeHigh=0x0, nFileSizeLow=0x4dfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="dPAuBifWictoWlV.wav", cAlternateFileName="DPAUBI~1.WAV")) returned 1 [0222.108] GetCurrentThreadId () returned 0x6f8 [0222.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.108] FindNextFileW (in: hFindFile=0x7e6ec98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7b58f910, ftCreationTime.dwHighDateTime=0x1d5e141, ftLastAccessTime.dwLowDateTime=0x8df1d560, ftLastAccessTime.dwHighDateTime=0x1d5e376, ftLastWriteTime.dwLowDateTime=0x8df1d560, ftLastWriteTime.dwHighDateTime=0x1d5e376, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="m9bkmh00k-F0m6PEQ3", cAlternateFileName="M9BKMH~1")) returned 1 [0222.108] GetCurrentThreadId () returned 0x6f8 [0222.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.108] GetCurrentThreadId () returned 0x6f8 [0222.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.108] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\C9ieU Ela-q_cP-g\\m9bkmh00k-F0m6PEQ3\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7b58f910, ftCreationTime.dwHighDateTime=0x1d5e141, ftLastAccessTime.dwLowDateTime=0x8df1d560, ftLastAccessTime.dwHighDateTime=0x1d5e376, ftLastWriteTime.dwLowDateTime=0x8df1d560, ftLastWriteTime.dwHighDateTime=0x1d5e376, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ecd8 [0222.109] GetCurrentThreadId () returned 0x6f8 [0222.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.109] FindNextFileW (in: hFindFile=0x7e6ecd8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7b58f910, ftCreationTime.dwHighDateTime=0x1d5e141, ftLastAccessTime.dwLowDateTime=0x8df1d560, ftLastAccessTime.dwHighDateTime=0x1d5e376, ftLastWriteTime.dwLowDateTime=0x8df1d560, ftLastWriteTime.dwHighDateTime=0x1d5e376, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.109] GetCurrentThreadId () returned 0x6f8 [0222.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.110] FindNextFileW (in: hFindFile=0x7e6ecd8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1081600, ftCreationTime.dwHighDateTime=0x1d5dd5c, ftLastAccessTime.dwLowDateTime=0x16b91e40, ftLastAccessTime.dwHighDateTime=0x1d5d91c, ftLastWriteTime.dwLowDateTime=0x16b91e40, ftLastWriteTime.dwHighDateTime=0x1d5d91c, nFileSizeHigh=0x0, nFileSizeLow=0x150cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="esu3ob-qOx.wav", cAlternateFileName="ESU3OB~1.WAV")) returned 1 [0222.110] GetCurrentThreadId () returned 0x6f8 [0222.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.110] FindNextFileW (in: hFindFile=0x7e6ecd8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1081600, ftCreationTime.dwHighDateTime=0x1d5dd5c, ftLastAccessTime.dwLowDateTime=0x16b91e40, ftLastAccessTime.dwHighDateTime=0x1d5d91c, ftLastWriteTime.dwLowDateTime=0x16b91e40, ftLastWriteTime.dwHighDateTime=0x1d5d91c, nFileSizeHigh=0x0, nFileSizeLow=0x150cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="esu3ob-qOx.wav", cAlternateFileName="ESU3OB~1.WAV")) returned 0 [0222.110] GetCurrentThreadId () returned 0x6f8 [0222.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.110] FindNextFileW (in: hFindFile=0x7e6ec98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x116d5210, ftCreationTime.dwHighDateTime=0x1d5da9f, ftLastAccessTime.dwLowDateTime=0xa55b9110, ftLastAccessTime.dwHighDateTime=0x1d5e663, ftLastWriteTime.dwLowDateTime=0xa55b9110, ftLastWriteTime.dwHighDateTime=0x1d5e663, nFileSizeHigh=0x0, nFileSizeLow=0xfa4b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SIk0D.m4a", cAlternateFileName="")) returned 1 [0222.110] GetCurrentThreadId () returned 0x6f8 [0222.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.110] FindNextFileW (in: hFindFile=0x7e6ec98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f351bb0, ftCreationTime.dwHighDateTime=0x1d5db6a, ftLastAccessTime.dwLowDateTime=0x15942760, ftLastAccessTime.dwHighDateTime=0x1d5d9fa, ftLastWriteTime.dwLowDateTime=0x15942760, ftLastWriteTime.dwHighDateTime=0x1d5d9fa, nFileSizeHigh=0x0, nFileSizeLow=0x7ce6, dwReserved0=0x0, dwReserved1=0x0, cFileName="YKZaKByZv-LXSKOu4v.m4a", cAlternateFileName="YKZAKB~1.M4A")) returned 1 [0222.110] GetCurrentThreadId () returned 0x6f8 [0222.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.110] FindNextFileW (in: hFindFile=0x7e6ec98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x739b1540, ftCreationTime.dwHighDateTime=0x1d5e552, ftLastAccessTime.dwLowDateTime=0x599dd520, ftLastAccessTime.dwHighDateTime=0x1d5df3e, ftLastWriteTime.dwLowDateTime=0x599dd520, ftLastWriteTime.dwHighDateTime=0x1d5df3e, nFileSizeHigh=0x0, nFileSizeLow=0x2877, dwReserved0=0x0, dwReserved1=0x0, cFileName="z88R WduEXyf.m4a", cAlternateFileName="Z88RWD~1.M4A")) returned 1 [0222.110] GetCurrentThreadId () returned 0x6f8 [0222.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.110] FindNextFileW (in: hFindFile=0x7e6ec98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x739b1540, ftCreationTime.dwHighDateTime=0x1d5e552, ftLastAccessTime.dwLowDateTime=0x599dd520, ftLastAccessTime.dwHighDateTime=0x1d5df3e, ftLastWriteTime.dwLowDateTime=0x599dd520, ftLastWriteTime.dwHighDateTime=0x1d5df3e, nFileSizeHigh=0x0, nFileSizeLow=0x2877, dwReserved0=0x0, dwReserved1=0x0, cFileName="z88R WduEXyf.m4a", cAlternateFileName="Z88RWD~1.M4A")) returned 0 [0222.110] GetCurrentThreadId () returned 0x6f8 [0222.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.110] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x90455a70, ftCreationTime.dwHighDateTime=0x1d5dfd5, ftLastAccessTime.dwLowDateTime=0x5a44f330, ftLastAccessTime.dwHighDateTime=0x1d5e373, ftLastWriteTime.dwLowDateTime=0x5a44f330, ftLastWriteTime.dwHighDateTime=0x1d5e373, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GNCzln8hbgANblaM", cAlternateFileName="GNCZLN~1")) returned 1 [0222.110] GetCurrentThreadId () returned 0x6f8 [0222.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.110] GetCurrentThreadId () returned 0x6f8 [0222.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90b2f70, dwHighDateTime=0x1d6076d)) [0222.111] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\GNCzln8hbgANblaM\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x90455a70, ftCreationTime.dwHighDateTime=0x1d5dfd5, ftLastAccessTime.dwLowDateTime=0x5a44f330, ftLastAccessTime.dwHighDateTime=0x1d5e373, ftLastWriteTime.dwLowDateTime=0x5a44f330, ftLastWriteTime.dwHighDateTime=0x1d5e373, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ed18 [0222.113] GetCurrentThreadId () returned 0x6f8 [0222.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.113] FindNextFileW (in: hFindFile=0x7e6ed18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x90455a70, ftCreationTime.dwHighDateTime=0x1d5dfd5, ftLastAccessTime.dwLowDateTime=0x5a44f330, ftLastAccessTime.dwHighDateTime=0x1d5e373, ftLastWriteTime.dwLowDateTime=0x5a44f330, ftLastWriteTime.dwHighDateTime=0x1d5e373, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.113] GetCurrentThreadId () returned 0x6f8 [0222.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.113] FindNextFileW (in: hFindFile=0x7e6ed18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedcaaa40, ftCreationTime.dwHighDateTime=0x1d5e22f, ftLastAccessTime.dwLowDateTime=0xe1f0a260, ftLastAccessTime.dwHighDateTime=0x1d5de88, ftLastWriteTime.dwLowDateTime=0xe1f0a260, ftLastWriteTime.dwHighDateTime=0x1d5de88, nFileSizeHigh=0x0, nFileSizeLow=0xabd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="b KUvelWDRavlDBOz7Si.wav", cAlternateFileName="BKUVEL~1.WAV")) returned 1 [0222.114] GetCurrentThreadId () returned 0x6f8 [0222.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.114] FindNextFileW (in: hFindFile=0x7e6ed18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d8a0630, ftCreationTime.dwHighDateTime=0x1d5dd72, ftLastAccessTime.dwLowDateTime=0xf792df40, ftLastAccessTime.dwHighDateTime=0x1d5daf8, ftLastWriteTime.dwLowDateTime=0xf792df40, ftLastWriteTime.dwHighDateTime=0x1d5daf8, nFileSizeHigh=0x0, nFileSizeLow=0x2e94, dwReserved0=0x0, dwReserved1=0x0, cFileName="m9EzMY2BiQLng.wav", cAlternateFileName="M9EZMY~1.WAV")) returned 1 [0222.114] GetCurrentThreadId () returned 0x6f8 [0222.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.114] FindNextFileW (in: hFindFile=0x7e6ed18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ae295f0, ftCreationTime.dwHighDateTime=0x1d5dee3, ftLastAccessTime.dwLowDateTime=0x9210eb50, ftLastAccessTime.dwHighDateTime=0x1d5dfd8, ftLastWriteTime.dwLowDateTime=0x9210eb50, ftLastWriteTime.dwHighDateTime=0x1d5dfd8, nFileSizeHigh=0x0, nFileSizeLow=0x1872e, dwReserved0=0x0, dwReserved1=0x0, cFileName="N-jkv06WBWX04pdRe.m4a", cAlternateFileName="N-JKV0~1.M4A")) returned 1 [0222.114] GetCurrentThreadId () returned 0x6f8 [0222.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.114] FindNextFileW (in: hFindFile=0x7e6ed18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cdc2c00, ftCreationTime.dwHighDateTime=0x1d5d88e, ftLastAccessTime.dwLowDateTime=0x4e6af3d0, ftLastAccessTime.dwHighDateTime=0x1d5e7fa, ftLastWriteTime.dwLowDateTime=0x4e6af3d0, ftLastWriteTime.dwHighDateTime=0x1d5e7fa, nFileSizeHigh=0x0, nFileSizeLow=0x159d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="T14ZfJC6Z.wav", cAlternateFileName="T14ZFJ~1.WAV")) returned 1 [0222.114] GetCurrentThreadId () returned 0x6f8 [0222.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.114] FindNextFileW (in: hFindFile=0x7e6ed18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8a5d830, ftCreationTime.dwHighDateTime=0x1d5e2a7, ftLastAccessTime.dwLowDateTime=0x69e53c20, ftLastAccessTime.dwHighDateTime=0x1d5e01a, ftLastWriteTime.dwLowDateTime=0x69e53c20, ftLastWriteTime.dwHighDateTime=0x1d5e01a, nFileSizeHigh=0x0, nFileSizeLow=0x12b6a, dwReserved0=0x0, dwReserved1=0x0, cFileName="tmK_uFA.wav", cAlternateFileName="")) returned 1 [0222.114] GetCurrentThreadId () returned 0x6f8 [0222.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.114] FindNextFileW (in: hFindFile=0x7e6ed18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c762690, ftCreationTime.dwHighDateTime=0x1d5d8cf, ftLastAccessTime.dwLowDateTime=0x84facb60, ftLastAccessTime.dwHighDateTime=0x1d5dd6d, ftLastWriteTime.dwLowDateTime=0x84facb60, ftLastWriteTime.dwHighDateTime=0x1d5dd6d, nFileSizeHigh=0x0, nFileSizeLow=0x12ded, dwReserved0=0x0, dwReserved1=0x0, cFileName="TsYcT3604ow8txn.m4a", cAlternateFileName="TSYCT3~1.M4A")) returned 1 [0222.114] GetCurrentThreadId () returned 0x6f8 [0222.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.114] FindNextFileW (in: hFindFile=0x7e6ed18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b298a90, ftCreationTime.dwHighDateTime=0x1d5e3e6, ftLastAccessTime.dwLowDateTime=0x8f477e90, ftLastAccessTime.dwHighDateTime=0x1d5e03a, ftLastWriteTime.dwLowDateTime=0x8f477e90, ftLastWriteTime.dwHighDateTime=0x1d5e03a, nFileSizeHigh=0x0, nFileSizeLow=0x83db, dwReserved0=0x0, dwReserved1=0x0, cFileName="zkvkoCCwHd-8UB.wav", cAlternateFileName="ZKVKOC~1.WAV")) returned 1 [0222.114] GetCurrentThreadId () returned 0x6f8 [0222.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.114] FindNextFileW (in: hFindFile=0x7e6ed18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b298a90, ftCreationTime.dwHighDateTime=0x1d5e3e6, ftLastAccessTime.dwLowDateTime=0x8f477e90, ftLastAccessTime.dwHighDateTime=0x1d5e03a, ftLastWriteTime.dwLowDateTime=0x8f477e90, ftLastWriteTime.dwHighDateTime=0x1d5e03a, nFileSizeHigh=0x0, nFileSizeLow=0x83db, dwReserved0=0x0, dwReserved1=0x0, cFileName="zkvkoCCwHd-8UB.wav", cAlternateFileName="ZKVKOC~1.WAV")) returned 0 [0222.114] GetCurrentThreadId () returned 0x6f8 [0222.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.115] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6100e3d0, ftCreationTime.dwHighDateTime=0x1d5dfc4, ftLastAccessTime.dwLowDateTime=0x82f78900, ftLastAccessTime.dwHighDateTime=0x1d5dc07, ftLastWriteTime.dwLowDateTime=0x82f78900, ftLastWriteTime.dwHighDateTime=0x1d5dc07, nFileSizeHigh=0x0, nFileSizeLow=0x5789, dwReserved0=0x0, dwReserved1=0x0, cFileName="Igx92gNKAYXQ6D.mp3", cAlternateFileName="IGX92G~1.MP3")) returned 1 [0222.115] GetCurrentThreadId () returned 0x6f8 [0222.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eaf8 | out: lpSystemTimeAsFileTime=0x4e4eaf8*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.115] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Igx92gNKAYXQ6D.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\igx92gnkayxq6d.mp3")) returned 0x20 [0222.116] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Igx92gNKAYXQ6D.mp3", dwFileAttributes=0x80) returned 1 [0222.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Igx92gNKAYXQ6D.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\igx92gnkayxq6d.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1128 [0222.116] GetFileSize (in: hFile=0x1128, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5789 [0222.121] ReadFile (in: hFile=0x1128, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x5789, lpNumberOfBytesRead=0x4e4ead0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ead0*=0x5789, lpOverlapped=0x0) returned 1 [0222.123] GetCurrentThreadId () returned 0x6f8 [0222.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.123] GetCurrentThreadId () returned 0x6f8 [0222.123] CloseHandle (hObject=0x1128) returned 1 [0222.123] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Igx92gNKAYXQ6D.mp3", dwFileAttributes=0x20) returned 1 [0222.123] GetCurrentThreadId () returned 0x6f8 [0222.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0x90d90d0, dwHighDateTime=0x1d6076d)) [0222.124] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Igx92gNKAYXQ6D.mp3", piIcon=0x4e4eadc | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Igx92gNKAYXQ6D.mp3", piIcon=0x4e4eadc) returned 0x15010f [0222.137] GetIconInfo (in: hIcon=0x15010f, piconinfo=0x4e4eac8 | out: piconinfo=0x4e4eac8) returned 1 [0222.137] CreateFileW (lpFileName="qecM.ico" (normalized: "c:\\windows\\system32\\qecm.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x112c [0222.138] GetObjectA (in: h=0xf2050776, c=24, pv=0x4e4ea8c | out: pv=0x4e4ea8c) returned 24 [0222.138] GetObjectA (in: h=0xbd050770, c=24, pv=0x4e4eaa4 | out: pv=0x4e4eaa4) returned 24 [0222.138] CreateCompatibleDC (hdc=0x0) returned 0x8d010775 [0222.138] GetDIBits (in: hdc=0x8d010775, hbm=0xf2050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e63c) returned 1 [0222.138] GetDIBits (in: hdc=0x8d010775, hbm=0xf2050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e63c) returned 32 [0222.138] GetDIBits (in: hdc=0x8d010775, hbm=0xf2050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e214) returned 1 [0222.138] GetDIBits (in: hdc=0x8d010775, hbm=0xbd050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e214) returned 32 [0222.138] WriteFile (in: hFile=0x112c, lpBuffer=0x4e4e1f4*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1f4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x6, lpOverlapped=0x0) returned 1 [0222.139] WriteFile (in: hFile=0x112c, lpBuffer=0x4e4e1e4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1e4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x10, lpOverlapped=0x0) returned 1 [0222.139] WriteFile (in: hFile=0x112c, lpBuffer=0x4e4ea64*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4ea64*, lpNumberOfBytesWritten=0x4e4e1dc*=0x28, lpOverlapped=0x0) returned 1 [0222.139] WriteFile (in: hFile=0x112c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x1000, lpOverlapped=0x0) returned 1 [0222.140] WriteFile (in: hFile=0x112c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x80, lpOverlapped=0x0) returned 1 [0222.140] DeleteDC (hdc=0x8d010775) returned 1 [0222.140] CloseHandle (hObject=0x112c) returned 1 [0222.140] DeleteObject (ho=0xf2050776) returned 1 [0222.140] DeleteObject (ho=0xbd050770) returned 1 [0222.140] DestroyCursor (hCursor=0x15010f) returned 1 [0222.140] GetCurrentThreadId () returned 0x6f8 [0222.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Igx92gNKAYXQ6D.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\igx92gnkayxq6d.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x112c [0222.140] GetFileSize (in: hFile=0x112c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5789 [0222.145] ReadFile (in: hFile=0x112c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x5789, lpNumberOfBytesRead=0x4e4edc8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4edc8*=0x5789, lpOverlapped=0x0) returned 1 [0222.145] CloseHandle (hObject=0x112c) returned 1 [0222.146] GetCurrentThreadId () returned 0x6f8 [0222.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0x9125390, dwHighDateTime=0x1d6076d)) [0222.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0x9125390, dwHighDateTime=0x1d6076d)) [0222.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea44 | out: lpSystemTimeAsFileTime=0x4e4ea44*(dwLowDateTime=0x9125390, dwHighDateTime=0x1d6076d)) [0222.235] GetCurrentThreadId () returned 0x6f8 [0222.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0x91e3a70, dwHighDateTime=0x1d6076d)) [0222.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0x91e3a70, dwHighDateTime=0x1d6076d)) [0222.235] GetCurrentThreadId () returned 0x6f8 [0222.235] CreateFileW (lpFileName="MksW.exe" (normalized: "c:\\windows\\system32\\mksw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.236] CreateFileW (lpFileName="MksW.exe" (normalized: "c:\\windows\\system32\\mksw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.236] GetCurrentThreadId () returned 0x6f8 [0222.236] GetCurrentThreadId () returned 0x6f8 [0222.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0x91e3a70, dwHighDateTime=0x1d6076d)) [0222.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0x91e3a70, dwHighDateTime=0x1d6076d)) [0222.237] CreateFileW (lpFileName="MksW.exe" (normalized: "c:\\windows\\system32\\mksw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.237] GetCurrentThreadId () returned 0x6f8 [0222.237] BeginUpdateResourceW (pFileName="MksW.exe" (normalized: "c:\\windows\\system32\\mksw.exe"), bDeleteExistingResources=0) returned 0x0 [0222.237] CreateFileW (lpFileName="qecM.ico" (normalized: "c:\\windows\\system32\\qecm.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x112c [0222.237] GetFileSize (in: hFile=0x112c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0222.237] ReadFile (in: hFile=0x112c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4eadc, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4eadc*=0x10be, lpOverlapped=0x0) returned 1 [0222.237] CloseHandle (hObject=0x112c) returned 1 [0222.238] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0222.238] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4eac8, cb=0x14) returned 0 [0222.238] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0222.238] CopyFileW (lpExistingFileName="MksW.exe" (normalized: "c:\\windows\\system32\\mksw.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Igx92gNKAYXQ6D.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\igx92gnkayxq6d.mp3.exe"), bFailIfExists=0) returned 0 [0222.238] SetNamedSecurityInfoW () returned 0x2 [0222.238] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Igx92gNKAYXQ6D.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\igx92gnkayxq6d.mp3")) returned 1 [0222.240] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4eb20*=0xc0, lpOverlapped=0x0) returned 1 [0222.240] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4eb20*=0x4, lpOverlapped=0x0) returned 1 [0222.240] DeleteFileW (lpFileName="qecM.ico" (normalized: "c:\\windows\\system32\\qecm.ico")) returned 1 [0222.241] DeleteFileW (lpFileName="MksW.exe" (normalized: "c:\\windows\\system32\\mksw.exe")) returned 0 [0222.241] GetCurrentThreadId () returned 0x6f8 [0222.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ead0 | out: lpSystemTimeAsFileTime=0x4e4ead0*(dwLowDateTime=0x9209bd0, dwHighDateTime=0x1d6076d)) [0222.241] GetCurrentThreadId () returned 0x6f8 [0222.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x9209bd0, dwHighDateTime=0x1d6076d)) [0222.241] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4d67eca0, ftCreationTime.dwHighDateTime=0x1d5dbce, ftLastAccessTime.dwLowDateTime=0x80b662f0, ftLastAccessTime.dwHighDateTime=0x1d5e2a7, ftLastWriteTime.dwLowDateTime=0x80b662f0, ftLastWriteTime.dwHighDateTime=0x1d5e2a7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LwzoHd rIuuzn", cAlternateFileName="LWZOHD~1")) returned 1 [0222.242] GetCurrentThreadId () returned 0x6f8 [0222.242] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9209bd0, dwHighDateTime=0x1d6076d)) [0222.242] GetCurrentThreadId () returned 0x6f8 [0222.242] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9209bd0, dwHighDateTime=0x1d6076d)) [0222.242] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4d67eca0, ftCreationTime.dwHighDateTime=0x1d5dbce, ftLastAccessTime.dwLowDateTime=0x80b662f0, ftLastAccessTime.dwHighDateTime=0x1d5e2a7, ftLastWriteTime.dwLowDateTime=0x80b662f0, ftLastWriteTime.dwHighDateTime=0x1d5e2a7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ed58 [0222.244] GetCurrentThreadId () returned 0x6f8 [0222.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9209bd0, dwHighDateTime=0x1d6076d)) [0222.244] FindNextFileW (in: hFindFile=0x7e6ed58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4d67eca0, ftCreationTime.dwHighDateTime=0x1d5dbce, ftLastAccessTime.dwLowDateTime=0x80b662f0, ftLastAccessTime.dwHighDateTime=0x1d5e2a7, ftLastWriteTime.dwLowDateTime=0x80b662f0, ftLastWriteTime.dwHighDateTime=0x1d5e2a7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.244] GetCurrentThreadId () returned 0x6f8 [0222.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9209bd0, dwHighDateTime=0x1d6076d)) [0222.245] FindNextFileW (in: hFindFile=0x7e6ed58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeed65db0, ftCreationTime.dwHighDateTime=0x1d5da07, ftLastAccessTime.dwLowDateTime=0x7011b680, ftLastAccessTime.dwHighDateTime=0x1d5e549, ftLastWriteTime.dwLowDateTime=0x7011b680, ftLastWriteTime.dwHighDateTime=0x1d5e549, nFileSizeHigh=0x0, nFileSizeLow=0xfacd, dwReserved0=0x0, dwReserved1=0x0, cFileName="BUsN0IAw0uciIVTa9il.m4a", cAlternateFileName="BUSN0I~1.M4A")) returned 1 [0222.245] GetCurrentThreadId () returned 0x6f8 [0222.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9209bd0, dwHighDateTime=0x1d6076d)) [0222.245] FindNextFileW (in: hFindFile=0x7e6ed58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9f4ec90, ftCreationTime.dwHighDateTime=0x1d5e12a, ftLastAccessTime.dwLowDateTime=0x76213c30, ftLastAccessTime.dwHighDateTime=0x1d5e2e7, ftLastWriteTime.dwLowDateTime=0x76213c30, ftLastWriteTime.dwHighDateTime=0x1d5e2e7, nFileSizeHigh=0x0, nFileSizeLow=0x11a12, dwReserved0=0x0, dwReserved1=0x0, cFileName="HPQJDYQ5y3Kgy.mp3", cAlternateFileName="HPQJDY~1.MP3")) returned 1 [0222.245] GetCurrentThreadId () returned 0x6f8 [0222.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e884 | out: lpSystemTimeAsFileTime=0x4e4e884*(dwLowDateTime=0x9209bd0, dwHighDateTime=0x1d6076d)) [0222.245] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\HPQJDYQ5y3Kgy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\lwzohd riuuzn\\hpqjdyq5y3kgy.mp3")) returned 0x20 [0222.246] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\HPQJDYQ5y3Kgy.mp3", dwFileAttributes=0x80) returned 1 [0222.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\HPQJDYQ5y3Kgy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\lwzohd riuuzn\\hpqjdyq5y3kgy.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1128 [0222.247] GetFileSize (in: hFile=0x1128, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11a12 [0222.252] ReadFile (in: hFile=0x1128, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x11a12, lpNumberOfBytesRead=0x4e4e85c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e85c*=0x11a12, lpOverlapped=0x0) returned 1 [0222.254] GetCurrentThreadId () returned 0x6f8 [0222.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7e4 | out: lpSystemTimeAsFileTime=0x4e4e7e4*(dwLowDateTime=0x922fd30, dwHighDateTime=0x1d6076d)) [0222.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7e4 | out: lpSystemTimeAsFileTime=0x4e4e7e4*(dwLowDateTime=0x922fd30, dwHighDateTime=0x1d6076d)) [0222.254] GetCurrentThreadId () returned 0x6f8 [0222.254] CloseHandle (hObject=0x1128) returned 1 [0222.254] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\HPQJDYQ5y3Kgy.mp3", dwFileAttributes=0x20) returned 1 [0222.255] GetCurrentThreadId () returned 0x6f8 [0222.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df3c | out: lpSystemTimeAsFileTime=0x4e4df3c*(dwLowDateTime=0x922fd30, dwHighDateTime=0x1d6076d)) [0222.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df3c | out: lpSystemTimeAsFileTime=0x4e4df3c*(dwLowDateTime=0x922fd30, dwHighDateTime=0x1d6076d)) [0222.255] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\HPQJDYQ5y3Kgy.mp3", piIcon=0x4e4e868 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\HPQJDYQ5y3Kgy.mp3", piIcon=0x4e4e868) returned 0x16010f [0222.269] GetIconInfo (in: hIcon=0x16010f, piconinfo=0x4e4e854 | out: piconinfo=0x4e4e854) returned 1 [0222.269] CreateFileW (lpFileName="wCcs.ico" (normalized: "c:\\windows\\system32\\wccs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1130 [0222.270] GetObjectA (in: h=0xff0501fc, c=24, pv=0x4e4e818 | out: pv=0x4e4e818) returned 24 [0222.270] GetObjectA (in: h=0xf0050772, c=24, pv=0x4e4e830 | out: pv=0x4e4e830) returned 24 [0222.270] CreateCompatibleDC (hdc=0x0) returned 0xf801016f [0222.270] GetDIBits (in: hdc=0xf801016f, hbm=0xff0501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e3c8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e3c8) returned 1 [0222.270] GetDIBits (in: hdc=0xf801016f, hbm=0xff0501fc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e3c8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e3c8) returned 32 [0222.270] GetDIBits (in: hdc=0xf801016f, hbm=0xff0501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dfa0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dfa0) returned 1 [0222.270] GetDIBits (in: hdc=0xf801016f, hbm=0xf0050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4dfa0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4dfa0) returned 32 [0222.270] WriteFile (in: hFile=0x1130, lpBuffer=0x4e4df80*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4df80*, lpNumberOfBytesWritten=0x4e4df68*=0x6, lpOverlapped=0x0) returned 1 [0222.271] WriteFile (in: hFile=0x1130, lpBuffer=0x4e4df70*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4df70*, lpNumberOfBytesWritten=0x4e4df68*=0x10, lpOverlapped=0x0) returned 1 [0222.271] WriteFile (in: hFile=0x1130, lpBuffer=0x4e4e7f0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4e7f0*, lpNumberOfBytesWritten=0x4e4df68*=0x28, lpOverlapped=0x0) returned 1 [0222.271] WriteFile (in: hFile=0x1130, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4df68*=0x1000, lpOverlapped=0x0) returned 1 [0222.271] WriteFile (in: hFile=0x1130, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4df68*=0x80, lpOverlapped=0x0) returned 1 [0222.271] DeleteDC (hdc=0xf801016f) returned 1 [0222.272] CloseHandle (hObject=0x1130) returned 1 [0222.272] DeleteObject (ho=0xff0501fc) returned 1 [0222.272] DeleteObject (ho=0xf0050772) returned 1 [0222.272] DestroyCursor (hCursor=0x16010f) returned 1 [0222.272] GetCurrentThreadId () returned 0x6f8 [0222.272] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\HPQJDYQ5y3Kgy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\lwzohd riuuzn\\hpqjdyq5y3kgy.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1130 [0222.272] GetFileSize (in: hFile=0x1130, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11a12 [0222.277] ReadFile (in: hFile=0x1130, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x11a12, lpNumberOfBytesRead=0x4e4eb54, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4eb54*=0x11a12, lpOverlapped=0x0) returned 1 [0222.277] CloseHandle (hObject=0x1130) returned 1 [0222.277] GetCurrentThreadId () returned 0x6f8 [0222.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7b4 | out: lpSystemTimeAsFileTime=0x4e4e7b4*(dwLowDateTime=0x9255e90, dwHighDateTime=0x1d6076d)) [0222.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7b4 | out: lpSystemTimeAsFileTime=0x4e4e7b4*(dwLowDateTime=0x9255e90, dwHighDateTime=0x1d6076d)) [0222.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7d0 | out: lpSystemTimeAsFileTime=0x4e4e7d0*(dwLowDateTime=0x9255e90, dwHighDateTime=0x1d6076d)) [0222.386] GetCurrentThreadId () returned 0x6f8 [0222.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e784 | out: lpSystemTimeAsFileTime=0x4e4e784*(dwLowDateTime=0x9360830, dwHighDateTime=0x1d6076d)) [0222.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e784 | out: lpSystemTimeAsFileTime=0x4e4e784*(dwLowDateTime=0x9360830, dwHighDateTime=0x1d6076d)) [0222.386] GetCurrentThreadId () returned 0x6f8 [0222.386] CreateFileW (lpFileName="GIkk.exe" (normalized: "c:\\windows\\system32\\gikk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.387] CreateFileW (lpFileName="GIkk.exe" (normalized: "c:\\windows\\system32\\gikk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.387] GetCurrentThreadId () returned 0x6f8 [0222.387] GetCurrentThreadId () returned 0x6f8 [0222.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e844 | out: lpSystemTimeAsFileTime=0x4e4e844*(dwLowDateTime=0x9360830, dwHighDateTime=0x1d6076d)) [0222.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e844 | out: lpSystemTimeAsFileTime=0x4e4e844*(dwLowDateTime=0x9360830, dwHighDateTime=0x1d6076d)) [0222.387] CreateFileW (lpFileName="GIkk.exe" (normalized: "c:\\windows\\system32\\gikk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.387] GetCurrentThreadId () returned 0x6f8 [0222.387] BeginUpdateResourceW (pFileName="GIkk.exe" (normalized: "c:\\windows\\system32\\gikk.exe"), bDeleteExistingResources=0) returned 0x0 [0222.388] CreateFileW (lpFileName="wCcs.ico" (normalized: "c:\\windows\\system32\\wccs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1130 [0222.388] GetFileSize (in: hFile=0x1130, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0222.388] ReadFile (in: hFile=0x1130, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4e868, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4e868*=0x10be, lpOverlapped=0x0) returned 1 [0222.388] CloseHandle (hObject=0x1130) returned 1 [0222.388] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0222.388] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4e854, cb=0x14) returned 0 [0222.388] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0222.389] CopyFileW (lpExistingFileName="GIkk.exe" (normalized: "c:\\windows\\system32\\gikk.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\HPQJDYQ5y3Kgy.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\lwzohd riuuzn\\hpqjdyq5y3kgy.mp3.exe"), bFailIfExists=0) returned 0 [0222.389] SetNamedSecurityInfoW () returned 0x2 [0222.389] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\HPQJDYQ5y3Kgy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\lwzohd riuuzn\\hpqjdyq5y3kgy.mp3")) returned 1 [0222.391] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x4e4e8ac, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e8ac*=0xda, lpOverlapped=0x0) returned 1 [0222.391] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4e8ac, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4e8ac*=0x4, lpOverlapped=0x0) returned 1 [0222.391] DeleteFileW (lpFileName="wCcs.ico" (normalized: "c:\\windows\\system32\\wccs.ico")) returned 1 [0222.392] DeleteFileW (lpFileName="GIkk.exe" (normalized: "c:\\windows\\system32\\gikk.exe")) returned 0 [0222.392] GetCurrentThreadId () returned 0x6f8 [0222.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e85c | out: lpSystemTimeAsFileTime=0x4e4e85c*(dwLowDateTime=0x9360830, dwHighDateTime=0x1d6076d)) [0222.392] GetCurrentThreadId () returned 0x6f8 [0222.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9386990, dwHighDateTime=0x1d6076d)) [0222.393] FindNextFileW (in: hFindFile=0x7e6ed58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49fa3bf0, ftCreationTime.dwHighDateTime=0x1d5e578, ftLastAccessTime.dwLowDateTime=0xaad38ba0, ftLastAccessTime.dwHighDateTime=0x1d5ddb4, ftLastWriteTime.dwLowDateTime=0xaad38ba0, ftLastWriteTime.dwHighDateTime=0x1d5ddb4, nFileSizeHigh=0x0, nFileSizeLow=0xfb9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="pWwabxs7HAaBn.mp3", cAlternateFileName="PWWABX~1.MP3")) returned 1 [0222.393] GetCurrentThreadId () returned 0x6f8 [0222.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e884 | out: lpSystemTimeAsFileTime=0x4e4e884*(dwLowDateTime=0x9386990, dwHighDateTime=0x1d6076d)) [0222.393] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\pWwabxs7HAaBn.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\lwzohd riuuzn\\pwwabxs7haabn.mp3")) returned 0x20 [0222.393] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\pWwabxs7HAaBn.mp3", dwFileAttributes=0x80) returned 1 [0222.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\pWwabxs7HAaBn.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\lwzohd riuuzn\\pwwabxs7haabn.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1130 [0222.394] GetFileSize (in: hFile=0x1130, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfb9b [0222.398] ReadFile (in: hFile=0x1130, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xfb9b, lpNumberOfBytesRead=0x4e4e85c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e85c*=0xfb9b, lpOverlapped=0x0) returned 1 [0222.400] GetCurrentThreadId () returned 0x6f8 [0222.400] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7e4 | out: lpSystemTimeAsFileTime=0x4e4e7e4*(dwLowDateTime=0x9386990, dwHighDateTime=0x1d6076d)) [0222.400] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7e4 | out: lpSystemTimeAsFileTime=0x4e4e7e4*(dwLowDateTime=0x9386990, dwHighDateTime=0x1d6076d)) [0222.401] GetCurrentThreadId () returned 0x6f8 [0222.401] CloseHandle (hObject=0x1130) returned 1 [0222.401] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\pWwabxs7HAaBn.mp3", dwFileAttributes=0x20) returned 1 [0222.401] GetCurrentThreadId () returned 0x6f8 [0222.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df3c | out: lpSystemTimeAsFileTime=0x4e4df3c*(dwLowDateTime=0x9386990, dwHighDateTime=0x1d6076d)) [0222.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df3c | out: lpSystemTimeAsFileTime=0x4e4df3c*(dwLowDateTime=0x9386990, dwHighDateTime=0x1d6076d)) [0222.401] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\pWwabxs7HAaBn.mp3", piIcon=0x4e4e868 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\pWwabxs7HAaBn.mp3", piIcon=0x4e4e868) returned 0x17010f [0222.415] GetIconInfo (in: hIcon=0x17010f, piconinfo=0x4e4e854 | out: piconinfo=0x4e4e854) returned 1 [0222.415] CreateFileW (lpFileName="EyoM.ico" (normalized: "c:\\windows\\system32\\eyom.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1128 [0222.452] GetObjectA (in: h=0xc0050770, c=24, pv=0x4e4e818 | out: pv=0x4e4e818) returned 24 [0222.452] GetObjectA (in: h=0xf7050776, c=24, pv=0x4e4e830 | out: pv=0x4e4e830) returned 24 [0222.452] CreateCompatibleDC (hdc=0x0) returned 0x150101fe [0222.452] GetDIBits (in: hdc=0x150101fe, hbm=0xc0050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e3c8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e3c8) returned 1 [0222.452] GetDIBits (in: hdc=0x150101fe, hbm=0xc0050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e3c8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e3c8) returned 32 [0222.452] GetDIBits (in: hdc=0x150101fe, hbm=0xc0050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dfa0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dfa0) returned 1 [0222.452] GetDIBits (in: hdc=0x150101fe, hbm=0xf7050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4dfa0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4dfa0) returned 32 [0222.452] WriteFile (in: hFile=0x1128, lpBuffer=0x4e4df80*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4df80*, lpNumberOfBytesWritten=0x4e4df68*=0x6, lpOverlapped=0x0) returned 1 [0222.454] WriteFile (in: hFile=0x1128, lpBuffer=0x4e4df70*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4df70*, lpNumberOfBytesWritten=0x4e4df68*=0x10, lpOverlapped=0x0) returned 1 [0222.454] WriteFile (in: hFile=0x1128, lpBuffer=0x4e4e7f0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4e7f0*, lpNumberOfBytesWritten=0x4e4df68*=0x28, lpOverlapped=0x0) returned 1 [0222.454] WriteFile (in: hFile=0x1128, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4df68*=0x1000, lpOverlapped=0x0) returned 1 [0222.455] WriteFile (in: hFile=0x1128, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4df68*=0x80, lpOverlapped=0x0) returned 1 [0222.455] DeleteDC (hdc=0x150101fe) returned 1 [0222.455] CloseHandle (hObject=0x1128) returned 1 [0222.456] DeleteObject (ho=0xc0050770) returned 1 [0222.456] DeleteObject (ho=0xf7050776) returned 1 [0222.456] DestroyCursor (hCursor=0x17010f) returned 1 [0222.456] GetCurrentThreadId () returned 0x6f8 [0222.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\pWwabxs7HAaBn.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\lwzohd riuuzn\\pwwabxs7haabn.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1128 [0222.457] GetFileSize (in: hFile=0x1128, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfb9b [0222.462] ReadFile (in: hFile=0x1128, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xfb9b, lpNumberOfBytesRead=0x4e4eb54, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4eb54*=0xfb9b, lpOverlapped=0x0) returned 1 [0222.462] CloseHandle (hObject=0x1128) returned 1 [0222.462] GetCurrentThreadId () returned 0x6f8 [0222.462] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7b4 | out: lpSystemTimeAsFileTime=0x4e4e7b4*(dwLowDateTime=0x941ef10, dwHighDateTime=0x1d6076d)) [0222.462] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7b4 | out: lpSystemTimeAsFileTime=0x4e4e7b4*(dwLowDateTime=0x941ef10, dwHighDateTime=0x1d6076d)) [0222.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7d0 | out: lpSystemTimeAsFileTime=0x4e4e7d0*(dwLowDateTime=0x941ef10, dwHighDateTime=0x1d6076d)) [0222.601] GetCurrentThreadId () returned 0x6f8 [0222.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e784 | out: lpSystemTimeAsFileTime=0x4e4e784*(dwLowDateTime=0x9575b70, dwHighDateTime=0x1d6076d)) [0222.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e784 | out: lpSystemTimeAsFileTime=0x4e4e784*(dwLowDateTime=0x9575b70, dwHighDateTime=0x1d6076d)) [0222.602] GetCurrentThreadId () returned 0x6f8 [0222.602] CreateFileW (lpFileName="uEoQ.exe" (normalized: "c:\\windows\\system32\\ueoq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.603] CreateFileW (lpFileName="uEoQ.exe" (normalized: "c:\\windows\\system32\\ueoq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.606] GetCurrentThreadId () returned 0x6f8 [0222.606] GetCurrentThreadId () returned 0x6f8 [0222.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e844 | out: lpSystemTimeAsFileTime=0x4e4e844*(dwLowDateTime=0x9575b70, dwHighDateTime=0x1d6076d)) [0222.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e844 | out: lpSystemTimeAsFileTime=0x4e4e844*(dwLowDateTime=0x9575b70, dwHighDateTime=0x1d6076d)) [0222.606] CreateFileW (lpFileName="uEoQ.exe" (normalized: "c:\\windows\\system32\\ueoq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.606] GetCurrentThreadId () returned 0x6f8 [0222.606] BeginUpdateResourceW (pFileName="uEoQ.exe" (normalized: "c:\\windows\\system32\\ueoq.exe"), bDeleteExistingResources=0) returned 0x0 [0222.607] CreateFileW (lpFileName="EyoM.ico" (normalized: "c:\\windows\\system32\\eyom.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1128 [0222.607] GetFileSize (in: hFile=0x1128, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0222.607] ReadFile (in: hFile=0x1128, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4e868, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4e868*=0x10be, lpOverlapped=0x0) returned 1 [0222.608] CloseHandle (hObject=0x1128) returned 1 [0222.608] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0222.608] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4e854, cb=0x14) returned 0 [0222.608] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0222.608] CopyFileW (lpExistingFileName="uEoQ.exe" (normalized: "c:\\windows\\system32\\ueoq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\pWwabxs7HAaBn.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\lwzohd riuuzn\\pwwabxs7haabn.mp3.exe"), bFailIfExists=0) returned 0 [0222.608] SetNamedSecurityInfoW () returned 0x2 [0222.609] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\LwzoHd rIuuzn\\pWwabxs7HAaBn.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\lwzohd riuuzn\\pwwabxs7haabn.mp3")) returned 1 [0222.611] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x4e4e8ac, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e8ac*=0xda, lpOverlapped=0x0) returned 1 [0222.611] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4e8ac, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4e8ac*=0x4, lpOverlapped=0x0) returned 1 [0222.611] DeleteFileW (lpFileName="EyoM.ico" (normalized: "c:\\windows\\system32\\eyom.ico")) returned 1 [0222.627] DeleteFileW (lpFileName="uEoQ.exe" (normalized: "c:\\windows\\system32\\ueoq.exe")) returned 0 [0222.627] GetCurrentThreadId () returned 0x6f8 [0222.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e85c | out: lpSystemTimeAsFileTime=0x4e4e85c*(dwLowDateTime=0x95c1e30, dwHighDateTime=0x1d6076d)) [0222.627] GetCurrentThreadId () returned 0x6f8 [0222.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x95c1e30, dwHighDateTime=0x1d6076d)) [0222.627] FindNextFileW (in: hFindFile=0x7e6ed58, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49fa3bf0, ftCreationTime.dwHighDateTime=0x1d5e578, ftLastAccessTime.dwLowDateTime=0xaad38ba0, ftLastAccessTime.dwHighDateTime=0x1d5ddb4, ftLastWriteTime.dwLowDateTime=0xaad38ba0, ftLastWriteTime.dwHighDateTime=0x1d5ddb4, nFileSizeHigh=0x0, nFileSizeLow=0xfb9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="pWwabxs7HAaBn.mp3", cAlternateFileName="PWWABX~1.MP3")) returned 0 [0222.628] GetCurrentThreadId () returned 0x6f8 [0222.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x95c1e30, dwHighDateTime=0x1d6076d)) [0222.628] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x302202c0, ftCreationTime.dwHighDateTime=0x1d5d93f, ftLastAccessTime.dwLowDateTime=0x907250, ftLastAccessTime.dwHighDateTime=0x1d5e199, ftLastWriteTime.dwLowDateTime=0x907250, ftLastWriteTime.dwHighDateTime=0x1d5e199, nFileSizeHigh=0x0, nFileSizeLow=0x18280, dwReserved0=0x0, dwReserved1=0x0, cFileName="Og8t7CuXGwEITuQ-tl.mp3", cAlternateFileName="OG8T7C~1.MP3")) returned 1 [0222.628] GetCurrentThreadId () returned 0x6f8 [0222.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eaf8 | out: lpSystemTimeAsFileTime=0x4e4eaf8*(dwLowDateTime=0x95c1e30, dwHighDateTime=0x1d6076d)) [0222.628] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Og8t7CuXGwEITuQ-tl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\og8t7cuxgweituq-tl.mp3")) returned 0x20 [0222.630] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Og8t7CuXGwEITuQ-tl.mp3", dwFileAttributes=0x80) returned 1 [0222.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Og8t7CuXGwEITuQ-tl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\og8t7cuxgweituq-tl.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1128 [0222.631] GetFileSize (in: hFile=0x1128, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18280 [0222.636] ReadFile (in: hFile=0x1128, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x18280, lpNumberOfBytesRead=0x4e4ead0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ead0*=0x18280, lpOverlapped=0x0) returned 1 [0222.639] GetCurrentThreadId () returned 0x6f8 [0222.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0x95c1e30, dwHighDateTime=0x1d6076d)) [0222.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0x95c1e30, dwHighDateTime=0x1d6076d)) [0222.639] GetCurrentThreadId () returned 0x6f8 [0222.640] CloseHandle (hObject=0x1128) returned 1 [0222.640] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Og8t7CuXGwEITuQ-tl.mp3", dwFileAttributes=0x20) returned 1 [0222.640] GetCurrentThreadId () returned 0x6f8 [0222.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0x95c1e30, dwHighDateTime=0x1d6076d)) [0222.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0x95c1e30, dwHighDateTime=0x1d6076d)) [0222.640] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Og8t7CuXGwEITuQ-tl.mp3", piIcon=0x4e4eadc | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Og8t7CuXGwEITuQ-tl.mp3", piIcon=0x4e4eadc) returned 0x18010f [0222.655] GetIconInfo (in: hIcon=0x18010f, piconinfo=0x4e4eac8 | out: piconinfo=0x4e4eac8) returned 1 [0222.655] CreateFileW (lpFileName="qukE.ico" (normalized: "c:\\windows\\system32\\quke.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1130 [0222.656] GetObjectA (in: h=0xf3050772, c=24, pv=0x4e4ea8c | out: pv=0x4e4ea8c) returned 24 [0222.656] GetObjectA (in: h=0x40501fc, c=24, pv=0x4e4eaa4 | out: pv=0x4e4eaa4) returned 24 [0222.656] CreateCompatibleDC (hdc=0x0) returned 0x580101fb [0222.656] GetDIBits (in: hdc=0x580101fb, hbm=0xf3050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e63c) returned 1 [0222.656] GetDIBits (in: hdc=0x580101fb, hbm=0xf3050772, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e63c) returned 32 [0222.656] GetDIBits (in: hdc=0x580101fb, hbm=0xf3050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e214) returned 1 [0222.656] GetDIBits (in: hdc=0x580101fb, hbm=0x40501fc, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e214) returned 32 [0222.656] WriteFile (in: hFile=0x1130, lpBuffer=0x4e4e1f4*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1f4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x6, lpOverlapped=0x0) returned 1 [0222.657] WriteFile (in: hFile=0x1130, lpBuffer=0x4e4e1e4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1e4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x10, lpOverlapped=0x0) returned 1 [0222.657] WriteFile (in: hFile=0x1130, lpBuffer=0x4e4ea64*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4ea64*, lpNumberOfBytesWritten=0x4e4e1dc*=0x28, lpOverlapped=0x0) returned 1 [0222.658] WriteFile (in: hFile=0x1130, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x1000, lpOverlapped=0x0) returned 1 [0222.658] WriteFile (in: hFile=0x1130, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x80, lpOverlapped=0x0) returned 1 [0222.658] DeleteDC (hdc=0x580101fb) returned 1 [0222.658] CloseHandle (hObject=0x1130) returned 1 [0222.658] DeleteObject (ho=0xf3050772) returned 1 [0222.658] DeleteObject (ho=0x40501fc) returned 1 [0222.658] DestroyCursor (hCursor=0x18010f) returned 1 [0222.658] GetCurrentThreadId () returned 0x6f8 [0222.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Og8t7CuXGwEITuQ-tl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\og8t7cuxgweituq-tl.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1130 [0222.659] GetFileSize (in: hFile=0x1130, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18280 [0222.663] ReadFile (in: hFile=0x1130, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x18280, lpNumberOfBytesRead=0x4e4edc8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4edc8*=0x18280, lpOverlapped=0x0) returned 1 [0222.664] CloseHandle (hObject=0x1130) returned 1 [0222.664] GetCurrentThreadId () returned 0x6f8 [0222.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0x960e0f0, dwHighDateTime=0x1d6076d)) [0222.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0x960e0f0, dwHighDateTime=0x1d6076d)) [0222.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea44 | out: lpSystemTimeAsFileTime=0x4e4ea44*(dwLowDateTime=0x960e0f0, dwHighDateTime=0x1d6076d)) [0222.760] GetCurrentThreadId () returned 0x6f8 [0222.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0x96f2930, dwHighDateTime=0x1d6076d)) [0222.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0x96f2930, dwHighDateTime=0x1d6076d)) [0222.760] GetCurrentThreadId () returned 0x6f8 [0222.760] CreateFileW (lpFileName="CQoQ.exe" (normalized: "c:\\windows\\system32\\cqoq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.761] CreateFileW (lpFileName="CQoQ.exe" (normalized: "c:\\windows\\system32\\cqoq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.761] GetCurrentThreadId () returned 0x6f8 [0222.761] GetCurrentThreadId () returned 0x6f8 [0222.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0x96f2930, dwHighDateTime=0x1d6076d)) [0222.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0x96f2930, dwHighDateTime=0x1d6076d)) [0222.762] CreateFileW (lpFileName="CQoQ.exe" (normalized: "c:\\windows\\system32\\cqoq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.762] GetCurrentThreadId () returned 0x6f8 [0222.762] BeginUpdateResourceW (pFileName="CQoQ.exe" (normalized: "c:\\windows\\system32\\cqoq.exe"), bDeleteExistingResources=0) returned 0x0 [0222.762] CreateFileW (lpFileName="qukE.ico" (normalized: "c:\\windows\\system32\\quke.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1130 [0222.762] GetFileSize (in: hFile=0x1130, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0222.762] ReadFile (in: hFile=0x1130, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4eadc, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4eadc*=0x10be, lpOverlapped=0x0) returned 1 [0222.762] CloseHandle (hObject=0x1130) returned 1 [0222.763] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0222.763] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4eac8, cb=0x14) returned 0 [0222.763] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0222.763] CopyFileW (lpExistingFileName="CQoQ.exe" (normalized: "c:\\windows\\system32\\cqoq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Og8t7CuXGwEITuQ-tl.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\og8t7cuxgweituq-tl.mp3.exe"), bFailIfExists=0) returned 0 [0222.763] SetNamedSecurityInfoW () returned 0x2 [0222.763] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\Og8t7CuXGwEITuQ-tl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\og8t7cuxgweituq-tl.mp3")) returned 1 [0222.765] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xc8, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4eb20*=0xc8, lpOverlapped=0x0) returned 1 [0222.765] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4eb20*=0x4, lpOverlapped=0x0) returned 1 [0222.765] DeleteFileW (lpFileName="qukE.ico" (normalized: "c:\\windows\\system32\\quke.ico")) returned 1 [0222.767] DeleteFileW (lpFileName="CQoQ.exe" (normalized: "c:\\windows\\system32\\cqoq.exe")) returned 0 [0222.767] GetCurrentThreadId () returned 0x6f8 [0222.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ead0 | out: lpSystemTimeAsFileTime=0x4e4ead0*(dwLowDateTime=0x96f2930, dwHighDateTime=0x1d6076d)) [0222.767] GetCurrentThreadId () returned 0x6f8 [0222.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x96f2930, dwHighDateTime=0x1d6076d)) [0222.767] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9394caf0, ftCreationTime.dwHighDateTime=0x1d5e564, ftLastAccessTime.dwLowDateTime=0xd93430, ftLastAccessTime.dwHighDateTime=0x1d5e604, ftLastWriteTime.dwLowDateTime=0xd93430, ftLastWriteTime.dwHighDateTime=0x1d5e604, nFileSizeHigh=0x0, nFileSizeLow=0x13573, dwReserved0=0x0, dwReserved1=0x0, cFileName="tjSZG71etg9Kwj7.m4a", cAlternateFileName="TJSZG7~1.M4A")) returned 1 [0222.767] GetCurrentThreadId () returned 0x6f8 [0222.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.767] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x92b13af0, ftCreationTime.dwHighDateTime=0x1d5dc5f, ftLastAccessTime.dwLowDateTime=0xa1512aa0, ftLastAccessTime.dwHighDateTime=0x1d5d9a5, ftLastWriteTime.dwLowDateTime=0xa1512aa0, ftLastWriteTime.dwHighDateTime=0x1d5d9a5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uQXzSmxCBU", cAlternateFileName="UQXZSM~1")) returned 1 [0222.767] GetCurrentThreadId () returned 0x6f8 [0222.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.768] GetCurrentThreadId () returned 0x6f8 [0222.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.768] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x92b13af0, ftCreationTime.dwHighDateTime=0x1d5dc5f, ftLastAccessTime.dwLowDateTime=0xa1512aa0, ftLastAccessTime.dwHighDateTime=0x1d5d9a5, ftLastWriteTime.dwLowDateTime=0xa1512aa0, ftLastWriteTime.dwHighDateTime=0x1d5d9a5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ed98 [0222.770] GetCurrentThreadId () returned 0x6f8 [0222.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.770] FindNextFileW (in: hFindFile=0x7e6ed98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x92b13af0, ftCreationTime.dwHighDateTime=0x1d5dc5f, ftLastAccessTime.dwLowDateTime=0xa1512aa0, ftLastAccessTime.dwHighDateTime=0x1d5d9a5, ftLastWriteTime.dwLowDateTime=0xa1512aa0, ftLastWriteTime.dwHighDateTime=0x1d5d9a5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.770] GetCurrentThreadId () returned 0x6f8 [0222.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.770] FindNextFileW (in: hFindFile=0x7e6ed98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6abae140, ftCreationTime.dwHighDateTime=0x1d5d83b, ftLastAccessTime.dwLowDateTime=0xc5fdad00, ftLastAccessTime.dwHighDateTime=0x1d5da46, ftLastWriteTime.dwLowDateTime=0xc5fdad00, ftLastWriteTime.dwHighDateTime=0x1d5da46, nFileSizeHigh=0x0, nFileSizeLow=0x2a2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="0 Zh8oE.m4a", cAlternateFileName="0ZH8OE~1.M4A")) returned 1 [0222.770] GetCurrentThreadId () returned 0x6f8 [0222.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.770] FindNextFileW (in: hFindFile=0x7e6ed98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff3e99c0, ftCreationTime.dwHighDateTime=0x1d5df2e, ftLastAccessTime.dwLowDateTime=0xe0790ec0, ftLastAccessTime.dwHighDateTime=0x1d5da70, ftLastWriteTime.dwLowDateTime=0xe0790ec0, ftLastWriteTime.dwHighDateTime=0x1d5da70, nFileSizeHigh=0x0, nFileSizeLow=0x5456, dwReserved0=0x0, dwReserved1=0x0, cFileName="Td496DKV6zBjvy4NLKZ-.mp3", cAlternateFileName="TD496D~1.MP3")) returned 1 [0222.770] GetCurrentThreadId () returned 0x6f8 [0222.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e884 | out: lpSystemTimeAsFileTime=0x4e4e884*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.770] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Td496DKV6zBjvy4NLKZ-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\uqxzsmxcbu\\td496dkv6zbjvy4nlkz-.mp3")) returned 0x20 [0222.770] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Td496DKV6zBjvy4NLKZ-.mp3", dwFileAttributes=0x80) returned 1 [0222.771] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Td496DKV6zBjvy4NLKZ-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\uqxzsmxcbu\\td496dkv6zbjvy4nlkz-.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1128 [0222.771] GetFileSize (in: hFile=0x1128, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5456 [0222.776] ReadFile (in: hFile=0x1128, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x5456, lpNumberOfBytesRead=0x4e4e85c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e85c*=0x5456, lpOverlapped=0x0) returned 1 [0222.778] GetCurrentThreadId () returned 0x6f8 [0222.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7e4 | out: lpSystemTimeAsFileTime=0x4e4e7e4*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7e4 | out: lpSystemTimeAsFileTime=0x4e4e7e4*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.778] GetCurrentThreadId () returned 0x6f8 [0222.778] CloseHandle (hObject=0x1128) returned 1 [0222.778] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Td496DKV6zBjvy4NLKZ-.mp3", dwFileAttributes=0x20) returned 1 [0222.779] GetCurrentThreadId () returned 0x6f8 [0222.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df3c | out: lpSystemTimeAsFileTime=0x4e4df3c*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df3c | out: lpSystemTimeAsFileTime=0x4e4df3c*(dwLowDateTime=0x9718a90, dwHighDateTime=0x1d6076d)) [0222.779] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Td496DKV6zBjvy4NLKZ-.mp3", piIcon=0x4e4e868 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Td496DKV6zBjvy4NLKZ-.mp3", piIcon=0x4e4e868) returned 0x19010f [0222.792] GetIconInfo (in: hIcon=0x19010f, piconinfo=0x4e4e854 | out: piconinfo=0x4e4e854) returned 1 [0222.792] CreateFileW (lpFileName="IoEw.ico" (normalized: "c:\\windows\\system32\\ioew.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0222.793] GetObjectA (in: h=0xfa050776, c=24, pv=0x4e4e818 | out: pv=0x4e4e818) returned 24 [0222.793] GetObjectA (in: h=0xc5050770, c=24, pv=0x4e4e830 | out: pv=0x4e4e830) returned 24 [0222.793] CreateCompatibleDC (hdc=0x0) returned 0x51010763 [0222.793] GetDIBits (in: hdc=0x51010763, hbm=0xfa050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e3c8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e3c8) returned 1 [0222.793] GetDIBits (in: hdc=0x51010763, hbm=0xfa050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e3c8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e3c8) returned 32 [0222.793] GetDIBits (in: hdc=0x51010763, hbm=0xfa050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dfa0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dfa0) returned 1 [0222.793] GetDIBits (in: hdc=0x51010763, hbm=0xc5050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4dfa0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4dfa0) returned 32 [0222.793] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4df80*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4df80*, lpNumberOfBytesWritten=0x4e4df68*=0x6, lpOverlapped=0x0) returned 1 [0222.794] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4df70*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4df70*, lpNumberOfBytesWritten=0x4e4df68*=0x10, lpOverlapped=0x0) returned 1 [0222.794] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e7f0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4e7f0*, lpNumberOfBytesWritten=0x4e4df68*=0x28, lpOverlapped=0x0) returned 1 [0222.794] WriteFile (in: hFile=0x1134, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4df68*=0x1000, lpOverlapped=0x0) returned 1 [0222.795] WriteFile (in: hFile=0x1134, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4df68*=0x80, lpOverlapped=0x0) returned 1 [0222.795] DeleteDC (hdc=0x51010763) returned 1 [0222.795] CloseHandle (hObject=0x1134) returned 1 [0222.795] DeleteObject (ho=0xfa050776) returned 1 [0222.795] DeleteObject (ho=0xc5050770) returned 1 [0222.795] DestroyCursor (hCursor=0x19010f) returned 1 [0222.795] GetCurrentThreadId () returned 0x6f8 [0222.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Td496DKV6zBjvy4NLKZ-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\uqxzsmxcbu\\td496dkv6zbjvy4nlkz-.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0222.795] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5456 [0222.800] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x5456, lpNumberOfBytesRead=0x4e4eb54, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4eb54*=0x5456, lpOverlapped=0x0) returned 1 [0222.801] CloseHandle (hObject=0x1134) returned 1 [0222.801] GetCurrentThreadId () returned 0x6f8 [0222.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7b4 | out: lpSystemTimeAsFileTime=0x4e4e7b4*(dwLowDateTime=0x9764d50, dwHighDateTime=0x1d6076d)) [0222.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7b4 | out: lpSystemTimeAsFileTime=0x4e4e7b4*(dwLowDateTime=0x9764d50, dwHighDateTime=0x1d6076d)) [0222.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7d0 | out: lpSystemTimeAsFileTime=0x4e4e7d0*(dwLowDateTime=0x9764d50, dwHighDateTime=0x1d6076d)) [0222.910] GetCurrentThreadId () returned 0x6f8 [0222.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e784 | out: lpSystemTimeAsFileTime=0x4e4e784*(dwLowDateTime=0x986f6f0, dwHighDateTime=0x1d6076d)) [0222.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e784 | out: lpSystemTimeAsFileTime=0x4e4e784*(dwLowDateTime=0x986f6f0, dwHighDateTime=0x1d6076d)) [0222.910] GetCurrentThreadId () returned 0x6f8 [0222.910] CreateFileW (lpFileName="UAsy.exe" (normalized: "c:\\windows\\system32\\uasy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.911] CreateFileW (lpFileName="UAsy.exe" (normalized: "c:\\windows\\system32\\uasy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.912] GetCurrentThreadId () returned 0x6f8 [0222.912] GetCurrentThreadId () returned 0x6f8 [0222.912] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e844 | out: lpSystemTimeAsFileTime=0x4e4e844*(dwLowDateTime=0x986f6f0, dwHighDateTime=0x1d6076d)) [0222.912] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e844 | out: lpSystemTimeAsFileTime=0x4e4e844*(dwLowDateTime=0x986f6f0, dwHighDateTime=0x1d6076d)) [0222.912] CreateFileW (lpFileName="UAsy.exe" (normalized: "c:\\windows\\system32\\uasy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.912] GetCurrentThreadId () returned 0x6f8 [0222.912] BeginUpdateResourceW (pFileName="UAsy.exe" (normalized: "c:\\windows\\system32\\uasy.exe"), bDeleteExistingResources=0) returned 0x0 [0222.912] CreateFileW (lpFileName="IoEw.ico" (normalized: "c:\\windows\\system32\\ioew.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1134 [0222.912] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0222.912] ReadFile (in: hFile=0x1134, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4e868, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4e868*=0x10be, lpOverlapped=0x0) returned 1 [0222.913] CloseHandle (hObject=0x1134) returned 1 [0222.913] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0222.913] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4e854, cb=0x14) returned 0 [0222.913] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0222.913] CopyFileW (lpExistingFileName="UAsy.exe" (normalized: "c:\\windows\\system32\\uasy.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Td496DKV6zBjvy4NLKZ-.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\uqxzsmxcbu\\td496dkv6zbjvy4nlkz-.mp3.exe"), bFailIfExists=0) returned 0 [0222.913] SetNamedSecurityInfoW () returned 0x2 [0222.913] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Td496DKV6zBjvy4NLKZ-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\uqxzsmxcbu\\td496dkv6zbjvy4nlkz-.mp3")) returned 1 [0222.914] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x4e4e8ac, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e8ac*=0xe2, lpOverlapped=0x0) returned 1 [0222.914] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4e8ac, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4e8ac*=0x4, lpOverlapped=0x0) returned 1 [0222.914] DeleteFileW (lpFileName="IoEw.ico" (normalized: "c:\\windows\\system32\\ioew.ico")) returned 1 [0222.916] DeleteFileW (lpFileName="UAsy.exe" (normalized: "c:\\windows\\system32\\uasy.exe")) returned 0 [0222.916] GetCurrentThreadId () returned 0x6f8 [0222.916] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e85c | out: lpSystemTimeAsFileTime=0x4e4e85c*(dwLowDateTime=0x986f6f0, dwHighDateTime=0x1d6076d)) [0222.916] GetCurrentThreadId () returned 0x6f8 [0222.916] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x986f6f0, dwHighDateTime=0x1d6076d)) [0222.916] FindNextFileW (in: hFindFile=0x7e6ed98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56495930, ftCreationTime.dwHighDateTime=0x1d5e5b0, ftLastAccessTime.dwLowDateTime=0x62ef4c0, ftLastAccessTime.dwHighDateTime=0x1d5e52c, ftLastWriteTime.dwLowDateTime=0x62ef4c0, ftLastWriteTime.dwHighDateTime=0x1d5e52c, nFileSizeHigh=0x0, nFileSizeLow=0x2d59, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xt7NR_n-E.mp3", cAlternateFileName="XT7NR_~1.MP3")) returned 1 [0222.916] GetCurrentThreadId () returned 0x6f8 [0222.916] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e884 | out: lpSystemTimeAsFileTime=0x4e4e884*(dwLowDateTime=0x986f6f0, dwHighDateTime=0x1d6076d)) [0222.916] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Xt7NR_n-E.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\uqxzsmxcbu\\xt7nr_n-e.mp3")) returned 0x20 [0222.916] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Xt7NR_n-E.mp3", dwFileAttributes=0x80) returned 1 [0222.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Xt7NR_n-E.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\uqxzsmxcbu\\xt7nr_n-e.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0222.917] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d59 [0222.922] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2d59, lpNumberOfBytesRead=0x4e4e85c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4e85c*=0x2d59, lpOverlapped=0x0) returned 1 [0222.927] GetCurrentThreadId () returned 0x6f8 [0222.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7e4 | out: lpSystemTimeAsFileTime=0x4e4e7e4*(dwLowDateTime=0x9895850, dwHighDateTime=0x1d6076d)) [0222.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7e4 | out: lpSystemTimeAsFileTime=0x4e4e7e4*(dwLowDateTime=0x9895850, dwHighDateTime=0x1d6076d)) [0222.927] GetCurrentThreadId () returned 0x6f8 [0222.927] CloseHandle (hObject=0x1134) returned 1 [0222.927] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Xt7NR_n-E.mp3", dwFileAttributes=0x20) returned 1 [0222.928] GetCurrentThreadId () returned 0x6f8 [0222.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df3c | out: lpSystemTimeAsFileTime=0x4e4df3c*(dwLowDateTime=0x9895850, dwHighDateTime=0x1d6076d)) [0222.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4df3c | out: lpSystemTimeAsFileTime=0x4e4df3c*(dwLowDateTime=0x9895850, dwHighDateTime=0x1d6076d)) [0222.928] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Xt7NR_n-E.mp3", piIcon=0x4e4e868 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Xt7NR_n-E.mp3", piIcon=0x4e4e868) returned 0x1a010f [0222.938] GetIconInfo (in: hIcon=0x1a010f, piconinfo=0x4e4e854 | out: piconinfo=0x4e4e854) returned 1 [0222.938] CreateFileW (lpFileName="mkoM.ico" (normalized: "c:\\windows\\system32\\mkom.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1128 [0222.938] GetObjectA (in: h=0x70501fc, c=24, pv=0x4e4e818 | out: pv=0x4e4e818) returned 24 [0222.938] GetObjectA (in: h=0xf8050772, c=24, pv=0x4e4e830 | out: pv=0x4e4e830) returned 24 [0222.938] CreateCompatibleDC (hdc=0x0) returned 0x9a010775 [0222.938] GetDIBits (in: hdc=0x9a010775, hbm=0x70501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e3c8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e3c8) returned 1 [0222.939] GetDIBits (in: hdc=0x9a010775, hbm=0x70501fc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e3c8, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e3c8) returned 32 [0222.939] GetDIBits (in: hdc=0x9a010775, hbm=0x70501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4dfa0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4dfa0) returned 1 [0222.939] GetDIBits (in: hdc=0x9a010775, hbm=0xf8050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4dfa0, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4dfa0) returned 32 [0222.939] WriteFile (in: hFile=0x1128, lpBuffer=0x4e4df80*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4df80*, lpNumberOfBytesWritten=0x4e4df68*=0x6, lpOverlapped=0x0) returned 1 [0222.940] WriteFile (in: hFile=0x1128, lpBuffer=0x4e4df70*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4df70*, lpNumberOfBytesWritten=0x4e4df68*=0x10, lpOverlapped=0x0) returned 1 [0222.940] WriteFile (in: hFile=0x1128, lpBuffer=0x4e4e7f0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x4e4e7f0*, lpNumberOfBytesWritten=0x4e4df68*=0x28, lpOverlapped=0x0) returned 1 [0222.940] WriteFile (in: hFile=0x1128, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4df68*=0x1000, lpOverlapped=0x0) returned 1 [0222.941] WriteFile (in: hFile=0x1128, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4df68, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4df68*=0x80, lpOverlapped=0x0) returned 1 [0222.941] DeleteDC (hdc=0x9a010775) returned 1 [0222.941] CloseHandle (hObject=0x1128) returned 1 [0222.941] DeleteObject (ho=0x70501fc) returned 1 [0222.941] DeleteObject (ho=0xf8050772) returned 1 [0222.941] DestroyCursor (hCursor=0x1a010f) returned 1 [0222.941] GetCurrentThreadId () returned 0x6f8 [0222.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Xt7NR_n-E.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\uqxzsmxcbu\\xt7nr_n-e.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1128 [0222.941] GetFileSize (in: hFile=0x1128, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d59 [0222.947] ReadFile (in: hFile=0x1128, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2d59, lpNumberOfBytesRead=0x4e4eb54, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4eb54*=0x2d59, lpOverlapped=0x0) returned 1 [0222.947] CloseHandle (hObject=0x1128) returned 1 [0222.947] GetCurrentThreadId () returned 0x6f8 [0222.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7b4 | out: lpSystemTimeAsFileTime=0x4e4e7b4*(dwLowDateTime=0x98bb9b0, dwHighDateTime=0x1d6076d)) [0222.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7b4 | out: lpSystemTimeAsFileTime=0x4e4e7b4*(dwLowDateTime=0x98bb9b0, dwHighDateTime=0x1d6076d)) [0222.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e7d0 | out: lpSystemTimeAsFileTime=0x4e4e7d0*(dwLowDateTime=0x98bb9b0, dwHighDateTime=0x1d6076d)) [0223.045] GetCurrentThreadId () returned 0x6f8 [0223.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e784 | out: lpSystemTimeAsFileTime=0x4e4e784*(dwLowDateTime=0x99a01f0, dwHighDateTime=0x1d6076d)) [0223.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e784 | out: lpSystemTimeAsFileTime=0x4e4e784*(dwLowDateTime=0x99a01f0, dwHighDateTime=0x1d6076d)) [0223.045] GetCurrentThreadId () returned 0x6f8 [0223.045] CreateFileW (lpFileName="YQkC.exe" (normalized: "c:\\windows\\system32\\yqkc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.046] CreateFileW (lpFileName="YQkC.exe" (normalized: "c:\\windows\\system32\\yqkc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.046] GetCurrentThreadId () returned 0x6f8 [0223.046] GetCurrentThreadId () returned 0x6f8 [0223.046] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e844 | out: lpSystemTimeAsFileTime=0x4e4e844*(dwLowDateTime=0x99a01f0, dwHighDateTime=0x1d6076d)) [0223.046] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e844 | out: lpSystemTimeAsFileTime=0x4e4e844*(dwLowDateTime=0x99a01f0, dwHighDateTime=0x1d6076d)) [0223.046] CreateFileW (lpFileName="YQkC.exe" (normalized: "c:\\windows\\system32\\yqkc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.046] GetCurrentThreadId () returned 0x6f8 [0223.046] BeginUpdateResourceW (pFileName="YQkC.exe" (normalized: "c:\\windows\\system32\\yqkc.exe"), bDeleteExistingResources=0) returned 0x0 [0223.047] CreateFileW (lpFileName="mkoM.ico" (normalized: "c:\\windows\\system32\\mkom.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1128 [0223.047] GetFileSize (in: hFile=0x1128, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0223.047] ReadFile (in: hFile=0x1128, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4e868, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4e868*=0x10be, lpOverlapped=0x0) returned 1 [0223.047] CloseHandle (hObject=0x1128) returned 1 [0223.047] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0223.047] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4e854, cb=0x14) returned 0 [0223.047] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0223.047] CopyFileW (lpExistingFileName="YQkC.exe" (normalized: "c:\\windows\\system32\\yqkc.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Xt7NR_n-E.mp3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\uqxzsmxcbu\\xt7nr_n-e.mp3.exe"), bFailIfExists=0) returned 0 [0223.049] SetNamedSecurityInfoW () returned 0x2 [0223.049] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8qweN-IiSAnrvYNZ7\\qQWc7W\\eeJrg3PiYYolM n\\uQXzSmxCBU\\Xt7NR_n-E.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8qwen-iisanrvynz7\\qqwc7w\\eejrg3piyyolm n\\uqxzsmxcbu\\xt7nr_n-e.mp3")) returned 1 [0223.050] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xcc, lpNumberOfBytesWritten=0x4e4e8ac, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4e8ac*=0xcc, lpOverlapped=0x0) returned 1 [0223.051] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4e8ac, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4e8ac*=0x4, lpOverlapped=0x0) returned 1 [0223.051] DeleteFileW (lpFileName="mkoM.ico" (normalized: "c:\\windows\\system32\\mkom.ico")) returned 1 [0223.052] DeleteFileW (lpFileName="YQkC.exe" (normalized: "c:\\windows\\system32\\yqkc.exe")) returned 0 [0223.052] GetCurrentThreadId () returned 0x6f8 [0223.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e85c | out: lpSystemTimeAsFileTime=0x4e4e85c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.052] GetCurrentThreadId () returned 0x6f8 [0223.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.052] FindNextFileW (in: hFindFile=0x7e6ed98, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56495930, ftCreationTime.dwHighDateTime=0x1d5e5b0, ftLastAccessTime.dwLowDateTime=0x62ef4c0, ftLastAccessTime.dwHighDateTime=0x1d5e52c, ftLastWriteTime.dwLowDateTime=0x62ef4c0, ftLastWriteTime.dwHighDateTime=0x1d5e52c, nFileSizeHigh=0x0, nFileSizeLow=0x2d59, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xt7NR_n-E.mp3", cAlternateFileName="XT7NR_~1.MP3")) returned 0 [0223.052] GetCurrentThreadId () returned 0x6f8 [0223.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.052] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc957f00, ftCreationTime.dwHighDateTime=0x1d5e586, ftLastAccessTime.dwLowDateTime=0xeb733ad0, ftLastAccessTime.dwHighDateTime=0x1d5e4a2, ftLastWriteTime.dwLowDateTime=0xeb733ad0, ftLastWriteTime.dwHighDateTime=0x1d5e4a2, nFileSizeHigh=0x0, nFileSizeLow=0x1ce4, dwReserved0=0x0, dwReserved1=0x0, cFileName="VQgQ32zZecGBaUl.wav", cAlternateFileName="VQGQ32~1.WAV")) returned 1 [0223.052] GetCurrentThreadId () returned 0x6f8 [0223.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.052] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9cb0da00, ftCreationTime.dwHighDateTime=0x1d5e3d6, ftLastAccessTime.dwLowDateTime=0x8fc3c9f0, ftLastAccessTime.dwHighDateTime=0x1d5db99, ftLastWriteTime.dwLowDateTime=0x8fc3c9f0, ftLastWriteTime.dwHighDateTime=0x1d5db99, nFileSizeHigh=0x0, nFileSizeLow=0x88d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="YZHq02e.wav", cAlternateFileName="")) returned 1 [0223.052] GetCurrentThreadId () returned 0x6f8 [0223.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.052] FindNextFileW (in: hFindFile=0x7e6ec58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9cb0da00, ftCreationTime.dwHighDateTime=0x1d5e3d6, ftLastAccessTime.dwLowDateTime=0x8fc3c9f0, ftLastAccessTime.dwHighDateTime=0x1d5db99, ftLastWriteTime.dwLowDateTime=0x8fc3c9f0, ftLastWriteTime.dwHighDateTime=0x1d5db99, nFileSizeHigh=0x0, nFileSizeLow=0x88d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="YZHq02e.wav", cAlternateFileName="")) returned 0 [0223.052] GetCurrentThreadId () returned 0x6f8 [0223.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.053] FindNextFileW (in: hFindFile=0x7e6ec18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc76b640, ftCreationTime.dwHighDateTime=0x1d5dc66, ftLastAccessTime.dwLowDateTime=0xc160f5f0, ftLastAccessTime.dwHighDateTime=0x1d5e6d4, ftLastWriteTime.dwLowDateTime=0xc160f5f0, ftLastWriteTime.dwHighDateTime=0x1d5e6d4, nFileSizeHigh=0x0, nFileSizeLow=0x2d10, dwReserved0=0x0, dwReserved1=0x0, cFileName="HWLJx.wav", cAlternateFileName="")) returned 1 [0223.053] GetCurrentThreadId () returned 0x6f8 [0223.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.053] FindNextFileW (in: hFindFile=0x7e6ec18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85b93c20, ftCreationTime.dwHighDateTime=0x1d5ddeb, ftLastAccessTime.dwLowDateTime=0x258deb80, ftLastAccessTime.dwHighDateTime=0x1d5e777, ftLastWriteTime.dwLowDateTime=0x258deb80, ftLastWriteTime.dwHighDateTime=0x1d5e777, nFileSizeHigh=0x0, nFileSizeLow=0x12894, dwReserved0=0x0, dwReserved1=0x0, cFileName="MxUKTudhch.wav", cAlternateFileName="MXUKTU~1.WAV")) returned 1 [0223.053] GetCurrentThreadId () returned 0x6f8 [0223.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.053] FindNextFileW (in: hFindFile=0x7e6ec18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85b93c20, ftCreationTime.dwHighDateTime=0x1d5ddeb, ftLastAccessTime.dwLowDateTime=0x258deb80, ftLastAccessTime.dwHighDateTime=0x1d5e777, ftLastWriteTime.dwLowDateTime=0x258deb80, ftLastWriteTime.dwHighDateTime=0x1d5e777, nFileSizeHigh=0x0, nFileSizeLow=0x12894, dwReserved0=0x0, dwReserved1=0x0, cFileName="MxUKTudhch.wav", cAlternateFileName="MXUKTU~1.WAV")) returned 0 [0223.053] GetCurrentThreadId () returned 0x6f8 [0223.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.053] FindNextFileW (in: hFindFile=0x7e6eb98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9187240, ftCreationTime.dwHighDateTime=0x1d5dc75, ftLastAccessTime.dwLowDateTime=0x208f7360, ftLastAccessTime.dwHighDateTime=0x1d5dfe3, ftLastWriteTime.dwLowDateTime=0x208f7360, ftLastWriteTime.dwHighDateTime=0x1d5dfe3, nFileSizeHigh=0x0, nFileSizeLow=0x61d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="_uWul70F.m4a", cAlternateFileName="")) returned 1 [0223.053] GetCurrentThreadId () returned 0x6f8 [0223.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.053] FindNextFileW (in: hFindFile=0x7e6eb98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9187240, ftCreationTime.dwHighDateTime=0x1d5dc75, ftLastAccessTime.dwLowDateTime=0x208f7360, ftLastAccessTime.dwHighDateTime=0x1d5dfe3, ftLastWriteTime.dwLowDateTime=0x208f7360, ftLastWriteTime.dwHighDateTime=0x1d5dfe3, nFileSizeHigh=0x0, nFileSizeLow=0x61d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="_uWul70F.m4a", cAlternateFileName="")) returned 0 [0223.053] GetCurrentThreadId () returned 0x6f8 [0223.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.053] FindNextFileW (in: hFindFile=0x7e6eb58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1880bc70, ftCreationTime.dwHighDateTime=0x1d5e5e1, ftLastAccessTime.dwLowDateTime=0xe9a08d80, ftLastAccessTime.dwHighDateTime=0x1d5e2bc, ftLastWriteTime.dwLowDateTime=0xe9a08d80, ftLastWriteTime.dwHighDateTime=0x1d5e2bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="k8qweN-IiSAnrvYNZ7", cAlternateFileName="K8QWEN~1")) returned 0 [0223.053] GetCurrentThreadId () returned 0x6f8 [0223.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.053] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0223.053] GetCurrentThreadId () returned 0x6f8 [0223.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.053] GetCurrentThreadId () returned 0x6f8 [0223.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.053] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0223.054] GetCurrentThreadId () returned 0x6f8 [0223.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.054] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0223.054] GetCurrentThreadId () returned 0x6f8 [0223.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.054] GetCurrentThreadId () returned 0x6f8 [0223.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.054] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0223.054] GetCurrentThreadId () returned 0x6f8 [0223.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.054] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac805410, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xac805410, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0223.054] GetCurrentThreadId () returned 0x6f8 [0223.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.054] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xac7df2b0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0223.054] GetCurrentThreadId () returned 0x6f8 [0223.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.054] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0223.054] GetCurrentThreadId () returned 0x6f8 [0223.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.054] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0223.054] GetCurrentThreadId () returned 0x6f8 [0223.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.054] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0223.055] GetCurrentThreadId () returned 0x6f8 [0223.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.055] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0223.055] GetCurrentThreadId () returned 0x6f8 [0223.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.055] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0223.055] GetCurrentThreadId () returned 0x6f8 [0223.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.055] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda2a7640, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda2a7640, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0223.055] GetCurrentThreadId () returned 0x6f8 [0223.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.055] GetCurrentThreadId () returned 0x6f8 [0223.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.055] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda2a7640, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda2a7640, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6edd8 [0223.055] GetCurrentThreadId () returned 0x6f8 [0223.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.055] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda2a7640, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda2a7640, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0223.055] GetCurrentThreadId () returned 0x6f8 [0223.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.056] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x250af870, ftCreationTime.dwHighDateTime=0x1d5d998, ftLastAccessTime.dwLowDateTime=0xc51b71b0, ftLastAccessTime.dwHighDateTime=0x1d5e149, ftLastWriteTime.dwLowDateTime=0xc51b71b0, ftLastWriteTime.dwHighDateTime=0x1d5e149, nFileSizeHigh=0x0, nFileSizeLow=0x16eb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="10eCAvj.jpg", cAlternateFileName="")) returned 1 [0223.056] GetCurrentThreadId () returned 0x6f8 [0223.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.056] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\10eCAvj.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\10ecavj.jpg")) returned 0x20 [0223.057] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\10eCAvj.jpg", dwFileAttributes=0x80) returned 1 [0223.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\10eCAvj.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\10ecavj.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0223.057] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16eb8 [0223.062] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x16eb8, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x16eb8, lpOverlapped=0x0) returned 1 [0223.064] GetCurrentThreadId () returned 0x6f8 [0223.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x99ec4b0, dwHighDateTime=0x1d6076d)) [0223.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x99ec4b0, dwHighDateTime=0x1d6076d)) [0223.064] GetCurrentThreadId () returned 0x6f8 [0223.065] CloseHandle (hObject=0x1134) returned 1 [0223.065] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\10eCAvj.jpg", dwFileAttributes=0x20) returned 1 [0223.065] GetCurrentThreadId () returned 0x6f8 [0223.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x99ec4b0, dwHighDateTime=0x1d6076d)) [0223.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x99ec4b0, dwHighDateTime=0x1d6076d)) [0223.065] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\10eCAvj.jpg", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\10eCAvj.jpg", piIcon=0x4e4f238) returned 0x1b010f [0223.075] GetIconInfo (in: hIcon=0x1b010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0223.076] CreateFileW (lpFileName="OMAE.ico" (normalized: "c:\\windows\\system32\\omae.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.076] GetObjectA (in: h=0xc8050770, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0223.076] GetObjectA (in: h=0xff050776, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0223.076] CreateCompatibleDC (hdc=0x0) returned 0x501016f [0223.076] GetDIBits (in: hdc=0x501016f, hbm=0xc8050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0223.076] GetDIBits (in: hdc=0x501016f, hbm=0xc8050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0223.077] GetDIBits (in: hdc=0x501016f, hbm=0xc8050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0223.077] GetDIBits (in: hdc=0x501016f, hbm=0xff050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0223.077] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0223.079] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0223.080] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0223.080] WriteFile (in: hFile=0x1138, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0223.080] WriteFile (in: hFile=0x1138, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0223.080] DeleteDC (hdc=0x501016f) returned 1 [0223.080] CloseHandle (hObject=0x1138) returned 1 [0223.080] DeleteObject (ho=0xc8050770) returned 1 [0223.080] DeleteObject (ho=0xff050776) returned 1 [0223.080] DestroyCursor (hCursor=0x1b010f) returned 1 [0223.080] GetCurrentThreadId () returned 0x6f8 [0223.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\10eCAvj.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\10ecavj.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.081] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16eb8 [0223.085] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x16eb8, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x16eb8, lpOverlapped=0x0) returned 1 [0223.086] CloseHandle (hObject=0x1138) returned 1 [0223.086] GetCurrentThreadId () returned 0x6f8 [0223.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x9a12610, dwHighDateTime=0x1d6076d)) [0223.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x9a12610, dwHighDateTime=0x1d6076d)) [0223.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x9a12610, dwHighDateTime=0x1d6076d)) [0223.263] GetCurrentThreadId () returned 0x6f8 [0223.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x9bb5530, dwHighDateTime=0x1d6076d)) [0223.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x9bb5530, dwHighDateTime=0x1d6076d)) [0223.263] GetCurrentThreadId () returned 0x6f8 [0223.264] CreateFileW (lpFileName="yUcC.exe" (normalized: "c:\\windows\\system32\\yucc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.264] CreateFileW (lpFileName="yUcC.exe" (normalized: "c:\\windows\\system32\\yucc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.265] GetCurrentThreadId () returned 0x6f8 [0223.265] GetCurrentThreadId () returned 0x6f8 [0223.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x9bb5530, dwHighDateTime=0x1d6076d)) [0223.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x9bb5530, dwHighDateTime=0x1d6076d)) [0223.265] CreateFileW (lpFileName="yUcC.exe" (normalized: "c:\\windows\\system32\\yucc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.265] GetCurrentThreadId () returned 0x6f8 [0223.265] BeginUpdateResourceW (pFileName="yUcC.exe" (normalized: "c:\\windows\\system32\\yucc.exe"), bDeleteExistingResources=0) returned 0x0 [0223.265] CreateFileW (lpFileName="OMAE.ico" (normalized: "c:\\windows\\system32\\omae.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1138 [0223.265] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0223.266] ReadFile (in: hFile=0x1138, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0223.266] CloseHandle (hObject=0x1138) returned 1 [0223.266] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0223.266] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0223.266] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0223.266] CopyFileW (lpExistingFileName="yUcC.exe" (normalized: "c:\\windows\\system32\\yucc.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\10eCAvj.jpg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\10ecavj.jpg.exe"), bFailIfExists=0) returned 0 [0223.266] SetNamedSecurityInfoW () returned 0x2 [0223.267] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\10eCAvj.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\10ecavj.jpg")) returned 1 [0223.269] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x64, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x64, lpOverlapped=0x0) returned 1 [0223.269] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0223.269] DeleteFileW (lpFileName="OMAE.ico" (normalized: "c:\\windows\\system32\\omae.ico")) returned 1 [0223.271] DeleteFileW (lpFileName="yUcC.exe" (normalized: "c:\\windows\\system32\\yucc.exe")) returned 0 [0223.271] GetCurrentThreadId () returned 0x6f8 [0223.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x9bdb690, dwHighDateTime=0x1d6076d)) [0223.271] GetCurrentThreadId () returned 0x6f8 [0223.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x9bdb690, dwHighDateTime=0x1d6076d)) [0223.271] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x479fc370, ftCreationTime.dwHighDateTime=0x1d5e7e4, ftLastAccessTime.dwLowDateTime=0x271de780, ftLastAccessTime.dwHighDateTime=0x1d5dfba, ftLastWriteTime.dwLowDateTime=0x271de780, ftLastWriteTime.dwHighDateTime=0x1d5dfba, nFileSizeHigh=0x0, nFileSizeLow=0x13e36, dwReserved0=0x0, dwReserved1=0x0, cFileName="4rw7vaEjNZsnnNC54KQ1.png", cAlternateFileName="4RW7VA~1.PNG")) returned 1 [0223.271] GetCurrentThreadId () returned 0x6f8 [0223.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x9bdb690, dwHighDateTime=0x1d6076d)) [0223.271] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4rw7vaEjNZsnnNC54KQ1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4rw7vaejnzsnnnc54kq1.png")) returned 0x20 [0223.308] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4rw7vaEjNZsnnNC54KQ1.png", dwFileAttributes=0x80) returned 1 [0223.308] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4rw7vaEjNZsnnNC54KQ1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4rw7vaejnzsnnnc54kq1.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.309] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13e36 [0223.313] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x13e36, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x13e36, lpOverlapped=0x0) returned 1 [0223.315] GetCurrentThreadId () returned 0x6f8 [0223.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x9c4dab0, dwHighDateTime=0x1d6076d)) [0223.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x9c4dab0, dwHighDateTime=0x1d6076d)) [0223.315] GetCurrentThreadId () returned 0x6f8 [0223.316] CloseHandle (hObject=0x1138) returned 1 [0223.316] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4rw7vaEjNZsnnNC54KQ1.png", dwFileAttributes=0x20) returned 1 [0223.316] GetCurrentThreadId () returned 0x6f8 [0223.316] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x9c4dab0, dwHighDateTime=0x1d6076d)) [0223.316] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x9c4dab0, dwHighDateTime=0x1d6076d)) [0223.316] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4rw7vaEjNZsnnNC54KQ1.png", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4rw7vaEjNZsnnNC54KQ1.png", piIcon=0x4e4f238) returned 0x1c010f [0223.326] GetIconInfo (in: hIcon=0x1c010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0223.326] CreateFileW (lpFileName="caMk.ico" (normalized: "c:\\windows\\system32\\camk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0223.328] GetObjectA (in: h=0xfb050772, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0223.328] GetObjectA (in: h=0xc0501fc, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0223.328] CreateCompatibleDC (hdc=0x0) returned 0x220101fe [0223.328] GetDIBits (in: hdc=0x220101fe, hbm=0xfb050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0223.328] GetDIBits (in: hdc=0x220101fe, hbm=0xfb050772, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0223.328] GetDIBits (in: hdc=0x220101fe, hbm=0xfb050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0223.328] GetDIBits (in: hdc=0x220101fe, hbm=0xc0501fc, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0223.328] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0223.329] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0223.329] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0223.329] WriteFile (in: hFile=0x1134, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0223.330] WriteFile (in: hFile=0x1134, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0223.330] DeleteDC (hdc=0x220101fe) returned 1 [0223.330] CloseHandle (hObject=0x1134) returned 1 [0223.330] DeleteObject (ho=0xfb050772) returned 1 [0223.330] DeleteObject (ho=0xc0501fc) returned 1 [0223.330] DestroyCursor (hCursor=0x1c010f) returned 1 [0223.330] GetCurrentThreadId () returned 0x6f8 [0223.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4rw7vaEjNZsnnNC54KQ1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4rw7vaejnzsnnnc54kq1.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0223.330] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13e36 [0223.335] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x13e36, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x13e36, lpOverlapped=0x0) returned 1 [0223.335] CloseHandle (hObject=0x1134) returned 1 [0223.336] GetCurrentThreadId () returned 0x6f8 [0223.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x9c73c10, dwHighDateTime=0x1d6076d)) [0223.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x9c73c10, dwHighDateTime=0x1d6076d)) [0223.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x9c73c10, dwHighDateTime=0x1d6076d)) [0223.424] GetCurrentThreadId () returned 0x6f8 [0223.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x9d58450, dwHighDateTime=0x1d6076d)) [0223.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x9d58450, dwHighDateTime=0x1d6076d)) [0223.424] GetCurrentThreadId () returned 0x6f8 [0223.424] CreateFileW (lpFileName="oMcM.exe" (normalized: "c:\\windows\\system32\\omcm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.425] CreateFileW (lpFileName="oMcM.exe" (normalized: "c:\\windows\\system32\\omcm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.425] GetCurrentThreadId () returned 0x6f8 [0223.425] GetCurrentThreadId () returned 0x6f8 [0223.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x9d58450, dwHighDateTime=0x1d6076d)) [0223.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x9d58450, dwHighDateTime=0x1d6076d)) [0223.426] CreateFileW (lpFileName="oMcM.exe" (normalized: "c:\\windows\\system32\\omcm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.426] GetCurrentThreadId () returned 0x6f8 [0223.426] BeginUpdateResourceW (pFileName="oMcM.exe" (normalized: "c:\\windows\\system32\\omcm.exe"), bDeleteExistingResources=0) returned 0x0 [0223.426] CreateFileW (lpFileName="caMk.ico" (normalized: "c:\\windows\\system32\\camk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1134 [0223.426] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0223.426] ReadFile (in: hFile=0x1134, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0223.426] CloseHandle (hObject=0x1134) returned 1 [0223.426] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0223.426] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0223.426] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0223.427] CopyFileW (lpExistingFileName="oMcM.exe" (normalized: "c:\\windows\\system32\\omcm.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4rw7vaEjNZsnnNC54KQ1.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4rw7vaejnzsnnnc54kq1.png.exe"), bFailIfExists=0) returned 0 [0223.427] SetNamedSecurityInfoW () returned 0x2 [0223.427] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4rw7vaEjNZsnnNC54KQ1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4rw7vaejnzsnnnc54kq1.png")) returned 1 [0223.436] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x7e, lpOverlapped=0x0) returned 1 [0223.437] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0223.437] DeleteFileW (lpFileName="caMk.ico" (normalized: "c:\\windows\\system32\\camk.ico")) returned 1 [0223.437] DeleteFileW (lpFileName="oMcM.exe" (normalized: "c:\\windows\\system32\\omcm.exe")) returned 0 [0223.437] GetCurrentThreadId () returned 0x6f8 [0223.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x9d58450, dwHighDateTime=0x1d6076d)) [0223.437] GetCurrentThreadId () returned 0x6f8 [0223.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x9d58450, dwHighDateTime=0x1d6076d)) [0223.437] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77169c90, ftCreationTime.dwHighDateTime=0x1d5e1d2, ftLastAccessTime.dwLowDateTime=0xe8ac4370, ftLastAccessTime.dwHighDateTime=0x1d5e522, ftLastWriteTime.dwLowDateTime=0xe8ac4370, ftLastWriteTime.dwHighDateTime=0x1d5e522, nFileSizeHigh=0x0, nFileSizeLow=0x53d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="78BglU.jpg", cAlternateFileName="")) returned 1 [0223.437] GetCurrentThreadId () returned 0x6f8 [0223.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x9d58450, dwHighDateTime=0x1d6076d)) [0223.438] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\78BglU.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\78bglu.jpg")) returned 0x20 [0223.438] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\78BglU.jpg", dwFileAttributes=0x80) returned 1 [0223.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\78BglU.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\78bglu.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0223.438] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x53d1 [0223.443] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x53d1, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x53d1, lpOverlapped=0x0) returned 1 [0223.444] GetCurrentThreadId () returned 0x6f8 [0223.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x9d7e5b0, dwHighDateTime=0x1d6076d)) [0223.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x9d7e5b0, dwHighDateTime=0x1d6076d)) [0223.445] GetCurrentThreadId () returned 0x6f8 [0223.445] CloseHandle (hObject=0x1134) returned 1 [0223.445] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\78BglU.jpg", dwFileAttributes=0x20) returned 1 [0223.445] GetCurrentThreadId () returned 0x6f8 [0223.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x9d7e5b0, dwHighDateTime=0x1d6076d)) [0223.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x9d7e5b0, dwHighDateTime=0x1d6076d)) [0223.445] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\78BglU.jpg", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\78BglU.jpg", piIcon=0x4e4f238) returned 0x1d010f [0223.457] GetIconInfo (in: hIcon=0x1d010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0223.457] CreateFileW (lpFileName="iUwM.ico" (normalized: "c:\\windows\\system32\\iuwm.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.459] GetObjectA (in: h=0x2050776, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0223.459] GetObjectA (in: h=0xcd050770, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0223.459] CreateCompatibleDC (hdc=0x0) returned 0x650101fb [0223.459] GetDIBits (in: hdc=0x650101fb, hbm=0x2050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0223.459] GetDIBits (in: hdc=0x650101fb, hbm=0x2050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0223.460] GetDIBits (in: hdc=0x650101fb, hbm=0x2050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0223.460] GetDIBits (in: hdc=0x650101fb, hbm=0xcd050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0223.460] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0223.461] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0223.461] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0223.461] WriteFile (in: hFile=0x1138, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0223.461] WriteFile (in: hFile=0x1138, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0223.461] DeleteDC (hdc=0x650101fb) returned 1 [0223.461] CloseHandle (hObject=0x1138) returned 1 [0223.461] DeleteObject (ho=0x2050776) returned 1 [0223.461] DeleteObject (ho=0xcd050770) returned 1 [0223.461] DestroyCursor (hCursor=0x1d010f) returned 1 [0223.461] GetCurrentThreadId () returned 0x6f8 [0223.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\78BglU.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\78bglu.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.462] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x53d1 [0223.466] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x53d1, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x53d1, lpOverlapped=0x0) returned 1 [0223.466] CloseHandle (hObject=0x1138) returned 1 [0223.466] GetCurrentThreadId () returned 0x6f8 [0223.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x9da4710, dwHighDateTime=0x1d6076d)) [0223.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x9da4710, dwHighDateTime=0x1d6076d)) [0223.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x9da4710, dwHighDateTime=0x1d6076d)) [0223.558] GetCurrentThreadId () returned 0x6f8 [0223.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x9e88f50, dwHighDateTime=0x1d6076d)) [0223.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x9e88f50, dwHighDateTime=0x1d6076d)) [0223.558] GetCurrentThreadId () returned 0x6f8 [0223.558] CreateFileW (lpFileName="UQAG.exe" (normalized: "c:\\windows\\system32\\uqag.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.558] CreateFileW (lpFileName="UQAG.exe" (normalized: "c:\\windows\\system32\\uqag.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.559] GetCurrentThreadId () returned 0x6f8 [0223.559] GetCurrentThreadId () returned 0x6f8 [0223.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x9e88f50, dwHighDateTime=0x1d6076d)) [0223.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x9e88f50, dwHighDateTime=0x1d6076d)) [0223.559] CreateFileW (lpFileName="UQAG.exe" (normalized: "c:\\windows\\system32\\uqag.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.559] GetCurrentThreadId () returned 0x6f8 [0223.559] BeginUpdateResourceW (pFileName="UQAG.exe" (normalized: "c:\\windows\\system32\\uqag.exe"), bDeleteExistingResources=0) returned 0x0 [0223.559] CreateFileW (lpFileName="iUwM.ico" (normalized: "c:\\windows\\system32\\iuwm.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1138 [0223.559] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0223.560] ReadFile (in: hFile=0x1138, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0223.560] CloseHandle (hObject=0x1138) returned 1 [0223.560] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0223.560] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0223.560] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0223.560] CopyFileW (lpExistingFileName="UQAG.exe" (normalized: "c:\\windows\\system32\\uqag.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\78BglU.jpg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\78bglu.jpg.exe"), bFailIfExists=0) returned 0 [0223.560] SetNamedSecurityInfoW () returned 0x2 [0223.560] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\78BglU.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\78bglu.jpg")) returned 1 [0223.563] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x62, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x62, lpOverlapped=0x0) returned 1 [0223.563] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0223.564] DeleteFileW (lpFileName="iUwM.ico" (normalized: "c:\\windows\\system32\\iuwm.ico")) returned 1 [0223.566] DeleteFileW (lpFileName="UQAG.exe" (normalized: "c:\\windows\\system32\\uqag.exe")) returned 0 [0223.566] GetCurrentThreadId () returned 0x6f8 [0223.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x9eaf0b0, dwHighDateTime=0x1d6076d)) [0223.566] GetCurrentThreadId () returned 0x6f8 [0223.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x9eaf0b0, dwHighDateTime=0x1d6076d)) [0223.566] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1197bf60, ftCreationTime.dwHighDateTime=0x1d5e2a0, ftLastAccessTime.dwLowDateTime=0x4444ff10, ftLastAccessTime.dwHighDateTime=0x1d5e357, ftLastWriteTime.dwLowDateTime=0x4444ff10, ftLastWriteTime.dwHighDateTime=0x1d5e357, nFileSizeHigh=0x0, nFileSizeLow=0xd9c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="8Mwv5DNYyrtv1aafOHyX.png", cAlternateFileName="8MWV5D~1.PNG")) returned 1 [0223.566] GetCurrentThreadId () returned 0x6f8 [0223.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x9eaf0b0, dwHighDateTime=0x1d6076d)) [0223.566] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8Mwv5DNYyrtv1aafOHyX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8mwv5dnyyrtv1aafohyx.png")) returned 0x20 [0223.566] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8Mwv5DNYyrtv1aafOHyX.png", dwFileAttributes=0x80) returned 1 [0223.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8Mwv5DNYyrtv1aafOHyX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8mwv5dnyyrtv1aafohyx.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.567] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd9c5 [0223.571] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xd9c5, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xd9c5, lpOverlapped=0x0) returned 1 [0223.573] GetCurrentThreadId () returned 0x6f8 [0223.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x9eaf0b0, dwHighDateTime=0x1d6076d)) [0223.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x9eaf0b0, dwHighDateTime=0x1d6076d)) [0223.573] GetCurrentThreadId () returned 0x6f8 [0223.573] CloseHandle (hObject=0x1138) returned 1 [0223.574] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8Mwv5DNYyrtv1aafOHyX.png", dwFileAttributes=0x20) returned 1 [0223.574] GetCurrentThreadId () returned 0x6f8 [0223.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x9eaf0b0, dwHighDateTime=0x1d6076d)) [0223.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x9eaf0b0, dwHighDateTime=0x1d6076d)) [0223.574] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8Mwv5DNYyrtv1aafOHyX.png", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8Mwv5DNYyrtv1aafOHyX.png", piIcon=0x4e4f238) returned 0x1e010f [0223.584] GetIconInfo (in: hIcon=0x1e010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0223.584] CreateFileW (lpFileName="CEMo.ico" (normalized: "c:\\windows\\system32\\cemo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0223.585] GetObjectA (in: h=0xf0501fc, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0223.585] GetObjectA (in: h=0x50772, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0223.585] CreateCompatibleDC (hdc=0x0) returned 0x5e010763 [0223.585] GetDIBits (in: hdc=0x5e010763, hbm=0xf0501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0223.585] GetDIBits (in: hdc=0x5e010763, hbm=0xf0501fc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0223.585] GetDIBits (in: hdc=0x5e010763, hbm=0xf0501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0223.585] GetDIBits (in: hdc=0x5e010763, hbm=0x50772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0223.585] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0223.586] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0223.586] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0223.586] WriteFile (in: hFile=0x1134, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0223.586] WriteFile (in: hFile=0x1134, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0223.587] DeleteDC (hdc=0x5e010763) returned 1 [0223.587] CloseHandle (hObject=0x1134) returned 1 [0223.587] DeleteObject (ho=0xf0501fc) returned 1 [0223.587] DeleteObject (ho=0x50772) returned 1 [0223.587] DestroyCursor (hCursor=0x1e010f) returned 1 [0223.587] GetCurrentThreadId () returned 0x6f8 [0223.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8Mwv5DNYyrtv1aafOHyX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8mwv5dnyyrtv1aafohyx.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0223.587] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd9c5 [0223.592] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xd9c5, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xd9c5, lpOverlapped=0x0) returned 1 [0223.592] CloseHandle (hObject=0x1134) returned 1 [0223.592] GetCurrentThreadId () returned 0x6f8 [0223.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x9ed5210, dwHighDateTime=0x1d6076d)) [0223.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0x9ed5210, dwHighDateTime=0x1d6076d)) [0223.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0x9ed5210, dwHighDateTime=0x1d6076d)) [0223.670] GetCurrentThreadId () returned 0x6f8 [0223.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x9f938f0, dwHighDateTime=0x1d6076d)) [0223.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0x9f938f0, dwHighDateTime=0x1d6076d)) [0223.670] GetCurrentThreadId () returned 0x6f8 [0223.670] CreateFileW (lpFileName="kkQi.exe" (normalized: "c:\\windows\\system32\\kkqi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.671] CreateFileW (lpFileName="kkQi.exe" (normalized: "c:\\windows\\system32\\kkqi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.671] GetCurrentThreadId () returned 0x6f8 [0223.671] GetCurrentThreadId () returned 0x6f8 [0223.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x9f938f0, dwHighDateTime=0x1d6076d)) [0223.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0x9f938f0, dwHighDateTime=0x1d6076d)) [0223.671] CreateFileW (lpFileName="kkQi.exe" (normalized: "c:\\windows\\system32\\kkqi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.671] GetCurrentThreadId () returned 0x6f8 [0223.671] BeginUpdateResourceW (pFileName="kkQi.exe" (normalized: "c:\\windows\\system32\\kkqi.exe"), bDeleteExistingResources=0) returned 0x0 [0223.671] CreateFileW (lpFileName="CEMo.ico" (normalized: "c:\\windows\\system32\\cemo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1134 [0223.671] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0223.672] ReadFile (in: hFile=0x1134, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0223.672] CloseHandle (hObject=0x1134) returned 1 [0223.673] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0223.673] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0223.673] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0223.673] CopyFileW (lpExistingFileName="kkQi.exe" (normalized: "c:\\windows\\system32\\kkqi.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8Mwv5DNYyrtv1aafOHyX.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8mwv5dnyyrtv1aafohyx.png.exe"), bFailIfExists=0) returned 0 [0223.674] SetNamedSecurityInfoW () returned 0x2 [0223.674] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8Mwv5DNYyrtv1aafOHyX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8mwv5dnyyrtv1aafohyx.png")) returned 1 [0223.675] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x7e, lpOverlapped=0x0) returned 1 [0223.676] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0223.676] DeleteFileW (lpFileName="CEMo.ico" (normalized: "c:\\windows\\system32\\cemo.ico")) returned 1 [0223.677] DeleteFileW (lpFileName="kkQi.exe" (normalized: "c:\\windows\\system32\\kkqi.exe")) returned 0 [0223.677] GetCurrentThreadId () returned 0x6f8 [0223.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0x9fb9a50, dwHighDateTime=0x1d6076d)) [0223.677] GetCurrentThreadId () returned 0x6f8 [0223.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x9fb9a50, dwHighDateTime=0x1d6076d)) [0223.677] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb10a40d0, ftCreationTime.dwHighDateTime=0x1d5db30, ftLastAccessTime.dwLowDateTime=0x3ff23760, ftLastAccessTime.dwHighDateTime=0x1d5e141, ftLastWriteTime.dwLowDateTime=0x3ff23760, ftLastWriteTime.dwHighDateTime=0x1d5e141, nFileSizeHigh=0x0, nFileSizeLow=0xaef6, dwReserved0=0x0, dwReserved1=0x0, cFileName="8u3vAjhVmgVFEJGJJiS.jpg", cAlternateFileName="8U3VAJ~1.JPG")) returned 1 [0223.677] GetCurrentThreadId () returned 0x6f8 [0223.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0x9fb9a50, dwHighDateTime=0x1d6076d)) [0223.677] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8u3vAjhVmgVFEJGJJiS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8u3vajhvmgvfejgjjis.jpg")) returned 0x20 [0223.678] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8u3vAjhVmgVFEJGJJiS.jpg", dwFileAttributes=0x80) returned 1 [0223.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8u3vAjhVmgVFEJGJJiS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8u3vajhvmgvfejgjjis.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0223.679] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaef6 [0223.684] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xaef6, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0xaef6, lpOverlapped=0x0) returned 1 [0223.685] GetCurrentThreadId () returned 0x6f8 [0223.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x9fb9a50, dwHighDateTime=0x1d6076d)) [0223.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0x9fb9a50, dwHighDateTime=0x1d6076d)) [0223.685] GetCurrentThreadId () returned 0x6f8 [0223.686] CloseHandle (hObject=0x1134) returned 1 [0223.686] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8u3vAjhVmgVFEJGJJiS.jpg", dwFileAttributes=0x20) returned 1 [0223.686] GetCurrentThreadId () returned 0x6f8 [0223.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x9fb9a50, dwHighDateTime=0x1d6076d)) [0223.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0x9fb9a50, dwHighDateTime=0x1d6076d)) [0223.686] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8u3vAjhVmgVFEJGJJiS.jpg", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8u3vAjhVmgVFEJGJJiS.jpg", piIcon=0x4e4f238) returned 0x1f010f [0223.696] GetIconInfo (in: hIcon=0x1f010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0223.696] CreateFileW (lpFileName="KMYc.ico" (normalized: "c:\\windows\\system32\\kmyc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.697] GetObjectA (in: h=0xd0050770, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0223.697] GetObjectA (in: h=0x7050776, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0223.697] CreateCompatibleDC (hdc=0x0) returned 0xa7010775 [0223.697] GetDIBits (in: hdc=0xa7010775, hbm=0xd0050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0223.697] GetDIBits (in: hdc=0xa7010775, hbm=0xd0050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0223.697] GetDIBits (in: hdc=0xa7010775, hbm=0xd0050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0223.697] GetDIBits (in: hdc=0xa7010775, hbm=0x7050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0223.697] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0223.698] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0223.699] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0223.699] WriteFile (in: hFile=0x1138, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0223.699] WriteFile (in: hFile=0x1138, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0223.699] DeleteDC (hdc=0xa7010775) returned 1 [0223.699] CloseHandle (hObject=0x1138) returned 1 [0223.699] DeleteObject (ho=0xd0050770) returned 1 [0223.699] DeleteObject (ho=0x7050776) returned 1 [0223.699] DestroyCursor (hCursor=0x1f010f) returned 1 [0223.699] GetCurrentThreadId () returned 0x6f8 [0223.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8u3vAjhVmgVFEJGJJiS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8u3vajhvmgvfejgjjis.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.700] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaef6 [0223.705] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xaef6, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0xaef6, lpOverlapped=0x0) returned 1 [0223.705] CloseHandle (hObject=0x1138) returned 1 [0223.705] GetCurrentThreadId () returned 0x6f8 [0223.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa005d10, dwHighDateTime=0x1d6076d)) [0223.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa005d10, dwHighDateTime=0x1d6076d)) [0223.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xa005d10, dwHighDateTime=0x1d6076d)) [0223.807] GetCurrentThreadId () returned 0x6f8 [0223.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa0ea550, dwHighDateTime=0x1d6076d)) [0223.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa0ea550, dwHighDateTime=0x1d6076d)) [0223.807] GetCurrentThreadId () returned 0x6f8 [0223.807] CreateFileW (lpFileName="CIIM.exe" (normalized: "c:\\windows\\system32\\ciim.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.808] CreateFileW (lpFileName="CIIM.exe" (normalized: "c:\\windows\\system32\\ciim.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.808] GetCurrentThreadId () returned 0x6f8 [0223.808] GetCurrentThreadId () returned 0x6f8 [0223.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa0ea550, dwHighDateTime=0x1d6076d)) [0223.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa0ea550, dwHighDateTime=0x1d6076d)) [0223.808] CreateFileW (lpFileName="CIIM.exe" (normalized: "c:\\windows\\system32\\ciim.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.808] GetCurrentThreadId () returned 0x6f8 [0223.808] BeginUpdateResourceW (pFileName="CIIM.exe" (normalized: "c:\\windows\\system32\\ciim.exe"), bDeleteExistingResources=0) returned 0x0 [0223.809] CreateFileW (lpFileName="KMYc.ico" (normalized: "c:\\windows\\system32\\kmyc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1138 [0223.809] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0223.809] ReadFile (in: hFile=0x1138, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0223.809] CloseHandle (hObject=0x1138) returned 1 [0223.809] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0223.809] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0223.810] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0223.810] CopyFileW (lpExistingFileName="CIIM.exe" (normalized: "c:\\windows\\system32\\ciim.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8u3vAjhVmgVFEJGJJiS.jpg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8u3vajhvmgvfejgjjis.jpg.exe"), bFailIfExists=0) returned 0 [0223.810] SetNamedSecurityInfoW () returned 0x2 [0223.810] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8u3vAjhVmgVFEJGJJiS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8u3vajhvmgvfejgjjis.jpg")) returned 1 [0223.813] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7c, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x7c, lpOverlapped=0x0) returned 1 [0223.813] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0223.813] DeleteFileW (lpFileName="KMYc.ico" (normalized: "c:\\windows\\system32\\kmyc.ico")) returned 1 [0223.815] DeleteFileW (lpFileName="CIIM.exe" (normalized: "c:\\windows\\system32\\ciim.exe")) returned 0 [0223.815] GetCurrentThreadId () returned 0x6f8 [0223.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xa1106b0, dwHighDateTime=0x1d6076d)) [0223.815] GetCurrentThreadId () returned 0x6f8 [0223.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa1106b0, dwHighDateTime=0x1d6076d)) [0223.815] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf619fba0, ftCreationTime.dwHighDateTime=0x1d5ddfd, ftLastAccessTime.dwLowDateTime=0xad108e90, ftLastAccessTime.dwHighDateTime=0x1d5df0d, ftLastWriteTime.dwLowDateTime=0xad108e90, ftLastWriteTime.dwHighDateTime=0x1d5df0d, nFileSizeHigh=0x0, nFileSizeLow=0x18907, dwReserved0=0x0, dwReserved1=0x0, cFileName="bk8hocTy38s.bmp", cAlternateFileName="BK8HOC~1.BMP")) returned 1 [0223.815] GetCurrentThreadId () returned 0x6f8 [0223.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa1106b0, dwHighDateTime=0x1d6076d)) [0223.815] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bk8hocTy38s.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bk8hocty38s.bmp")) returned 0x20 [0223.817] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bk8hocTy38s.bmp", dwFileAttributes=0x80) returned 1 [0223.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bk8hocTy38s.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bk8hocty38s.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.818] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18907 [0223.823] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x18907, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x18907, lpOverlapped=0x0) returned 1 [0223.826] GetCurrentThreadId () returned 0x6f8 [0223.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa1106b0, dwHighDateTime=0x1d6076d)) [0223.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa1106b0, dwHighDateTime=0x1d6076d)) [0223.827] GetCurrentThreadId () returned 0x6f8 [0223.827] CloseHandle (hObject=0x1138) returned 1 [0223.827] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bk8hocTy38s.bmp", dwFileAttributes=0x20) returned 1 [0223.828] GetCurrentThreadId () returned 0x6f8 [0223.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa136810, dwHighDateTime=0x1d6076d)) [0223.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa136810, dwHighDateTime=0x1d6076d)) [0223.828] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bk8hocTy38s.bmp", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bk8hocTy38s.bmp", piIcon=0x4e4f238) returned 0x20010f [0223.833] GetIconInfo (in: hIcon=0x20010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0223.834] CreateFileW (lpFileName="Eykg.ico" (normalized: "c:\\windows\\system32\\eykg.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.834] GetObjectA (in: h=0x140501fc, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0223.834] GetObjectA (in: h=0x63050763, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0223.834] CreateCompatibleDC (hdc=0x0) returned 0x1301016f [0223.835] GetDIBits (in: hdc=0x1301016f, hbm=0x140501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0223.835] GetDIBits (in: hdc=0x1301016f, hbm=0x140501fc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0223.835] GetDIBits (in: hdc=0x1301016f, hbm=0x140501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0223.835] GetDIBits (in: hdc=0x1301016f, hbm=0x63050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0223.835] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0223.836] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0223.836] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0223.837] WriteFile (in: hFile=0x1138, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0223.837] WriteFile (in: hFile=0x1138, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0223.837] DeleteDC (hdc=0x1301016f) returned 1 [0223.837] CloseHandle (hObject=0x1138) returned 1 [0223.840] DeleteObject (ho=0x140501fc) returned 1 [0223.840] DeleteObject (ho=0x63050763) returned 1 [0223.840] DestroyCursor (hCursor=0x20010f) returned 1 [0223.840] GetCurrentThreadId () returned 0x6f8 [0223.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bk8hocTy38s.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bk8hocty38s.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.840] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18907 [0223.847] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x18907, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x18907, lpOverlapped=0x0) returned 1 [0223.847] CloseHandle (hObject=0x1138) returned 1 [0223.848] GetCurrentThreadId () returned 0x6f8 [0223.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa15c970, dwHighDateTime=0x1d6076d)) [0223.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa15c970, dwHighDateTime=0x1d6076d)) [0223.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xa15c970, dwHighDateTime=0x1d6076d)) [0223.949] GetCurrentThreadId () returned 0x6f8 [0223.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa2411b0, dwHighDateTime=0x1d6076d)) [0223.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa2411b0, dwHighDateTime=0x1d6076d)) [0223.949] GetCurrentThreadId () returned 0x6f8 [0223.949] CreateFileW (lpFileName="oEYY.exe" (normalized: "c:\\windows\\system32\\oeyy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.950] CreateFileW (lpFileName="oEYY.exe" (normalized: "c:\\windows\\system32\\oeyy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.950] GetCurrentThreadId () returned 0x6f8 [0223.950] GetCurrentThreadId () returned 0x6f8 [0223.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa2411b0, dwHighDateTime=0x1d6076d)) [0223.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa2411b0, dwHighDateTime=0x1d6076d)) [0223.950] CreateFileW (lpFileName="oEYY.exe" (normalized: "c:\\windows\\system32\\oeyy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0223.950] GetCurrentThreadId () returned 0x6f8 [0223.950] BeginUpdateResourceW (pFileName="oEYY.exe" (normalized: "c:\\windows\\system32\\oeyy.exe"), bDeleteExistingResources=0) returned 0x0 [0223.951] CreateFileW (lpFileName="Eykg.ico" (normalized: "c:\\windows\\system32\\eykg.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1138 [0223.951] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0223.951] ReadFile (in: hFile=0x1138, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0223.951] CloseHandle (hObject=0x1138) returned 1 [0223.951] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0223.951] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0223.951] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0223.951] CopyFileW (lpExistingFileName="oEYY.exe" (normalized: "c:\\windows\\system32\\oeyy.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bk8hocTy38s.bmp.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bk8hocty38s.bmp.exe"), bFailIfExists=0) returned 0 [0223.952] SetNamedSecurityInfoW () returned 0x2 [0223.952] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bk8hocTy38s.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bk8hocty38s.bmp")) returned 1 [0223.954] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6c, lpOverlapped=0x0) returned 1 [0223.954] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0223.954] DeleteFileW (lpFileName="Eykg.ico" (normalized: "c:\\windows\\system32\\eykg.ico")) returned 1 [0223.955] DeleteFileW (lpFileName="oEYY.exe" (normalized: "c:\\windows\\system32\\oeyy.exe")) returned 0 [0223.955] GetCurrentThreadId () returned 0x6f8 [0223.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xa267310, dwHighDateTime=0x1d6076d)) [0223.955] GetCurrentThreadId () returned 0x6f8 [0223.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa267310, dwHighDateTime=0x1d6076d)) [0223.955] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0223.955] GetCurrentThreadId () returned 0x6f8 [0223.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa267310, dwHighDateTime=0x1d6076d)) [0223.955] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0e23530, ftCreationTime.dwHighDateTime=0x1d5da67, ftLastAccessTime.dwLowDateTime=0xcb5be8a0, ftLastAccessTime.dwHighDateTime=0x1d5dd09, ftLastWriteTime.dwLowDateTime=0xcb5be8a0, ftLastWriteTime.dwHighDateTime=0x1d5dd09, nFileSizeHigh=0x0, nFileSizeLow=0x14bcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="hMSdm6gnno4.jpg", cAlternateFileName="HMSDM6~1.JPG")) returned 1 [0223.956] GetCurrentThreadId () returned 0x6f8 [0223.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa267310, dwHighDateTime=0x1d6076d)) [0223.956] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hMSdm6gnno4.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hmsdm6gnno4.jpg")) returned 0x20 [0223.957] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hMSdm6gnno4.jpg", dwFileAttributes=0x80) returned 1 [0223.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hMSdm6gnno4.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hmsdm6gnno4.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0223.957] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14bcc [0223.962] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x14bcc, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x14bcc, lpOverlapped=0x0) returned 1 [0223.964] GetCurrentThreadId () returned 0x6f8 [0223.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa267310, dwHighDateTime=0x1d6076d)) [0223.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa267310, dwHighDateTime=0x1d6076d)) [0223.964] GetCurrentThreadId () returned 0x6f8 [0223.964] CloseHandle (hObject=0x1138) returned 1 [0223.964] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hMSdm6gnno4.jpg", dwFileAttributes=0x20) returned 1 [0223.964] GetCurrentThreadId () returned 0x6f8 [0223.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa267310, dwHighDateTime=0x1d6076d)) [0223.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa267310, dwHighDateTime=0x1d6076d)) [0223.965] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hMSdm6gnno4.jpg", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hMSdm6gnno4.jpg", piIcon=0x4e4f238) returned 0x21010f [0223.975] GetIconInfo (in: hIcon=0x21010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0223.975] CreateFileW (lpFileName="CksM.ico" (normalized: "c:\\windows\\system32\\cksm.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0223.976] GetObjectA (in: h=0xa050776, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0223.976] GetObjectA (in: h=0xd5050770, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0223.976] CreateCompatibleDC (hdc=0x0) returned 0x2d0101fe [0223.976] GetDIBits (in: hdc=0x2d0101fe, hbm=0xa050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0223.976] GetDIBits (in: hdc=0x2d0101fe, hbm=0xa050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0223.976] GetDIBits (in: hdc=0x2d0101fe, hbm=0xa050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0223.976] GetDIBits (in: hdc=0x2d0101fe, hbm=0xd5050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0223.976] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0223.978] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0223.978] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0223.978] WriteFile (in: hFile=0x1134, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0223.978] WriteFile (in: hFile=0x1134, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0223.978] DeleteDC (hdc=0x2d0101fe) returned 1 [0223.978] CloseHandle (hObject=0x1134) returned 1 [0223.979] DeleteObject (ho=0xa050776) returned 1 [0223.979] DeleteObject (ho=0xd5050770) returned 1 [0223.979] DestroyCursor (hCursor=0x21010f) returned 1 [0223.979] GetCurrentThreadId () returned 0x6f8 [0223.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hMSdm6gnno4.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hmsdm6gnno4.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0223.979] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14bcc [0223.984] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x14bcc, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x14bcc, lpOverlapped=0x0) returned 1 [0223.985] CloseHandle (hObject=0x1134) returned 1 [0223.985] GetCurrentThreadId () returned 0x6f8 [0223.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa2b35d0, dwHighDateTime=0x1d6076d)) [0223.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa2b35d0, dwHighDateTime=0x1d6076d)) [0223.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xa2b35d0, dwHighDateTime=0x1d6076d)) [0224.093] GetCurrentThreadId () returned 0x6f8 [0224.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa3bdf70, dwHighDateTime=0x1d6076d)) [0224.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa3bdf70, dwHighDateTime=0x1d6076d)) [0224.093] GetCurrentThreadId () returned 0x6f8 [0224.093] CreateFileW (lpFileName="WkQE.exe" (normalized: "c:\\windows\\system32\\wkqe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.094] CreateFileW (lpFileName="WkQE.exe" (normalized: "c:\\windows\\system32\\wkqe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.094] GetCurrentThreadId () returned 0x6f8 [0224.094] GetCurrentThreadId () returned 0x6f8 [0224.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa3bdf70, dwHighDateTime=0x1d6076d)) [0224.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa3bdf70, dwHighDateTime=0x1d6076d)) [0224.095] CreateFileW (lpFileName="WkQE.exe" (normalized: "c:\\windows\\system32\\wkqe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.095] GetCurrentThreadId () returned 0x6f8 [0224.095] BeginUpdateResourceW (pFileName="WkQE.exe" (normalized: "c:\\windows\\system32\\wkqe.exe"), bDeleteExistingResources=0) returned 0x0 [0224.095] CreateFileW (lpFileName="CksM.ico" (normalized: "c:\\windows\\system32\\cksm.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1134 [0224.095] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0224.095] ReadFile (in: hFile=0x1134, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0224.095] CloseHandle (hObject=0x1134) returned 1 [0224.096] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0224.096] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0224.096] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0224.096] CopyFileW (lpExistingFileName="WkQE.exe" (normalized: "c:\\windows\\system32\\wkqe.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hMSdm6gnno4.jpg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hmsdm6gnno4.jpg.exe"), bFailIfExists=0) returned 0 [0224.096] SetNamedSecurityInfoW () returned 0x2 [0224.096] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hMSdm6gnno4.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hmsdm6gnno4.jpg")) returned 1 [0224.099] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6c, lpOverlapped=0x0) returned 1 [0224.099] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0224.099] DeleteFileW (lpFileName="CksM.ico" (normalized: "c:\\windows\\system32\\cksm.ico")) returned 1 [0224.100] DeleteFileW (lpFileName="WkQE.exe" (normalized: "c:\\windows\\system32\\wkqe.exe")) returned 0 [0224.100] GetCurrentThreadId () returned 0x6f8 [0224.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xa3bdf70, dwHighDateTime=0x1d6076d)) [0224.100] GetCurrentThreadId () returned 0x6f8 [0224.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa3bdf70, dwHighDateTime=0x1d6076d)) [0224.101] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a3354e0, ftCreationTime.dwHighDateTime=0x1d5e7e4, ftLastAccessTime.dwLowDateTime=0x27700670, ftLastAccessTime.dwHighDateTime=0x1d5db99, ftLastWriteTime.dwLowDateTime=0x27700670, ftLastWriteTime.dwHighDateTime=0x1d5db99, nFileSizeHigh=0x0, nFileSizeLow=0x1652e, dwReserved0=0x0, dwReserved1=0x0, cFileName="j0IStif.png", cAlternateFileName="")) returned 1 [0224.101] GetCurrentThreadId () returned 0x6f8 [0224.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa3bdf70, dwHighDateTime=0x1d6076d)) [0224.101] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j0IStif.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j0istif.png")) returned 0x20 [0224.101] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j0IStif.png", dwFileAttributes=0x80) returned 1 [0224.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j0IStif.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j0istif.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0224.102] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1652e [0224.107] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1652e, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x1652e, lpOverlapped=0x0) returned 1 [0224.111] GetCurrentThreadId () returned 0x6f8 [0224.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa3e40d0, dwHighDateTime=0x1d6076d)) [0224.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa3e40d0, dwHighDateTime=0x1d6076d)) [0224.111] GetCurrentThreadId () returned 0x6f8 [0224.112] CloseHandle (hObject=0x1134) returned 1 [0224.112] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j0IStif.png", dwFileAttributes=0x20) returned 1 [0224.112] GetCurrentThreadId () returned 0x6f8 [0224.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa3e40d0, dwHighDateTime=0x1d6076d)) [0224.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa3e40d0, dwHighDateTime=0x1d6076d)) [0224.112] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j0IStif.png", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j0IStif.png", piIcon=0x4e4f238) returned 0x22010f [0224.126] GetIconInfo (in: hIcon=0x22010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0224.126] CreateFileW (lpFileName="oyEo.ico" (normalized: "c:\\windows\\system32\\oyeo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.126] GetObjectA (in: h=0x66050763, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0224.126] GetObjectA (in: h=0x190501fc, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0224.127] CreateCompatibleDC (hdc=0x0) returned 0x720101fb [0224.127] GetDIBits (in: hdc=0x720101fb, hbm=0x66050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0224.127] GetDIBits (in: hdc=0x720101fb, hbm=0x66050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0224.127] GetDIBits (in: hdc=0x720101fb, hbm=0x66050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0224.127] GetDIBits (in: hdc=0x720101fb, hbm=0x190501fc, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0224.127] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0224.128] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0224.128] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0224.128] WriteFile (in: hFile=0x1138, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0224.129] WriteFile (in: hFile=0x1138, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0224.129] DeleteDC (hdc=0x720101fb) returned 1 [0224.129] CloseHandle (hObject=0x1138) returned 1 [0224.129] DeleteObject (ho=0x66050763) returned 1 [0224.129] DeleteObject (ho=0x190501fc) returned 1 [0224.129] DestroyCursor (hCursor=0x22010f) returned 1 [0224.130] GetCurrentThreadId () returned 0x6f8 [0224.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j0IStif.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j0istif.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.130] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1652e [0224.135] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1652e, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x1652e, lpOverlapped=0x0) returned 1 [0224.135] CloseHandle (hObject=0x1138) returned 1 [0224.136] GetCurrentThreadId () returned 0x6f8 [0224.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa40a230, dwHighDateTime=0x1d6076d)) [0224.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa40a230, dwHighDateTime=0x1d6076d)) [0224.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xa40a230, dwHighDateTime=0x1d6076d)) [0224.248] GetCurrentThreadId () returned 0x6f8 [0224.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa514bd0, dwHighDateTime=0x1d6076d)) [0224.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa514bd0, dwHighDateTime=0x1d6076d)) [0224.248] GetCurrentThreadId () returned 0x6f8 [0224.248] CreateFileW (lpFileName="ycIU.exe" (normalized: "c:\\windows\\system32\\yciu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.249] CreateFileW (lpFileName="ycIU.exe" (normalized: "c:\\windows\\system32\\yciu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.249] GetCurrentThreadId () returned 0x6f8 [0224.249] GetCurrentThreadId () returned 0x6f8 [0224.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.249] CreateFileW (lpFileName="ycIU.exe" (normalized: "c:\\windows\\system32\\yciu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.249] GetCurrentThreadId () returned 0x6f8 [0224.249] BeginUpdateResourceW (pFileName="ycIU.exe" (normalized: "c:\\windows\\system32\\yciu.exe"), bDeleteExistingResources=0) returned 0x0 [0224.250] CreateFileW (lpFileName="oyEo.ico" (normalized: "c:\\windows\\system32\\oyeo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1138 [0224.250] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0224.250] ReadFile (in: hFile=0x1138, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0224.250] CloseHandle (hObject=0x1138) returned 1 [0224.250] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0224.250] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0224.250] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0224.250] CopyFileW (lpExistingFileName="ycIU.exe" (normalized: "c:\\windows\\system32\\yciu.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j0IStif.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j0istif.png.exe"), bFailIfExists=0) returned 0 [0224.251] SetNamedSecurityInfoW () returned 0x2 [0224.251] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j0IStif.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j0istif.png")) returned 1 [0224.253] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x64, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x64, lpOverlapped=0x0) returned 1 [0224.253] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0224.253] DeleteFileW (lpFileName="oyEo.ico" (normalized: "c:\\windows\\system32\\oyeo.ico")) returned 1 [0224.254] DeleteFileW (lpFileName="ycIU.exe" (normalized: "c:\\windows\\system32\\yciu.exe")) returned 0 [0224.254] GetCurrentThreadId () returned 0x6f8 [0224.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.255] GetCurrentThreadId () returned 0x6f8 [0224.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.255] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4daa8a90, ftCreationTime.dwHighDateTime=0x1d5e5f8, ftLastAccessTime.dwLowDateTime=0x5c6a9740, ftLastAccessTime.dwHighDateTime=0x1d5e400, ftLastWriteTime.dwLowDateTime=0x5c6a9740, ftLastWriteTime.dwHighDateTime=0x1d5e400, nFileSizeHigh=0x0, nFileSizeLow=0x4ce6, dwReserved0=0x0, dwReserved1=0x0, cFileName="myKsW57tzCY.png", cAlternateFileName="MYKSW5~1.PNG")) returned 1 [0224.255] GetCurrentThreadId () returned 0x6f8 [0224.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.255] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\myKsW57tzCY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\myksw57tzcy.png")) returned 0x20 [0224.255] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\myKsW57tzCY.png", dwFileAttributes=0x80) returned 1 [0224.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\myKsW57tzCY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\myksw57tzcy.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.255] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4ce6 [0224.260] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x4ce6, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x4ce6, lpOverlapped=0x0) returned 1 [0224.262] GetCurrentThreadId () returned 0x6f8 [0224.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.262] GetCurrentThreadId () returned 0x6f8 [0224.262] CloseHandle (hObject=0x1138) returned 1 [0224.262] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\myKsW57tzCY.png", dwFileAttributes=0x20) returned 1 [0224.262] GetCurrentThreadId () returned 0x6f8 [0224.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.262] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\myKsW57tzCY.png", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\myKsW57tzCY.png", piIcon=0x4e4f238) returned 0x23010f [0224.272] GetIconInfo (in: hIcon=0x23010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0224.272] CreateFileW (lpFileName="KWUY.ico" (normalized: "c:\\windows\\system32\\kwuy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0224.272] GetObjectA (in: h=0xd8050770, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0224.272] GetObjectA (in: h=0xf050776, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0224.272] CreateCompatibleDC (hdc=0x0) returned 0xc010772 [0224.273] GetDIBits (in: hdc=0xc010772, hbm=0xd8050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0224.273] GetDIBits (in: hdc=0xc010772, hbm=0xd8050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0224.273] GetDIBits (in: hdc=0xc010772, hbm=0xd8050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0224.273] GetDIBits (in: hdc=0xc010772, hbm=0xf050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0224.273] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0224.274] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0224.274] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0224.274] WriteFile (in: hFile=0x1134, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0224.274] WriteFile (in: hFile=0x1134, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0224.274] DeleteDC (hdc=0xc010772) returned 1 [0224.274] CloseHandle (hObject=0x1134) returned 1 [0224.274] DeleteObject (ho=0xd8050770) returned 1 [0224.275] DeleteObject (ho=0xf050776) returned 1 [0224.275] DestroyCursor (hCursor=0x23010f) returned 1 [0224.275] GetCurrentThreadId () returned 0x6f8 [0224.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\myKsW57tzCY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\myksw57tzcy.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0224.275] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4ce6 [0224.279] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x4ce6, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x4ce6, lpOverlapped=0x0) returned 1 [0224.280] CloseHandle (hObject=0x1134) returned 1 [0224.280] GetCurrentThreadId () returned 0x6f8 [0224.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa560e90, dwHighDateTime=0x1d6076d)) [0224.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa560e90, dwHighDateTime=0x1d6076d)) [0224.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xa560e90, dwHighDateTime=0x1d6076d)) [0224.376] GetCurrentThreadId () returned 0x6f8 [0224.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa66b830, dwHighDateTime=0x1d6076d)) [0224.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa66b830, dwHighDateTime=0x1d6076d)) [0224.376] GetCurrentThreadId () returned 0x6f8 [0224.376] CreateFileW (lpFileName="kowE.exe" (normalized: "c:\\windows\\system32\\kowe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.377] CreateFileW (lpFileName="kowE.exe" (normalized: "c:\\windows\\system32\\kowe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.377] GetCurrentThreadId () returned 0x6f8 [0224.377] GetCurrentThreadId () returned 0x6f8 [0224.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa66b830, dwHighDateTime=0x1d6076d)) [0224.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa66b830, dwHighDateTime=0x1d6076d)) [0224.377] CreateFileW (lpFileName="kowE.exe" (normalized: "c:\\windows\\system32\\kowe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.377] GetCurrentThreadId () returned 0x6f8 [0224.377] BeginUpdateResourceW (pFileName="kowE.exe" (normalized: "c:\\windows\\system32\\kowe.exe"), bDeleteExistingResources=0) returned 0x0 [0224.378] CreateFileW (lpFileName="KWUY.ico" (normalized: "c:\\windows\\system32\\kwuy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1134 [0224.378] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0224.378] ReadFile (in: hFile=0x1134, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0224.378] CloseHandle (hObject=0x1134) returned 1 [0224.378] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0224.378] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0224.378] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0224.379] CopyFileW (lpExistingFileName="kowE.exe" (normalized: "c:\\windows\\system32\\kowe.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\myKsW57tzCY.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\myksw57tzcy.png.exe"), bFailIfExists=0) returned 0 [0224.379] SetNamedSecurityInfoW () returned 0x2 [0224.379] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\myKsW57tzCY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\myksw57tzcy.png")) returned 1 [0224.382] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6c, lpOverlapped=0x0) returned 1 [0224.382] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0224.382] DeleteFileW (lpFileName="KWUY.ico" (normalized: "c:\\windows\\system32\\kwuy.ico")) returned 1 [0224.384] DeleteFileW (lpFileName="kowE.exe" (normalized: "c:\\windows\\system32\\kowe.exe")) returned 0 [0224.384] GetCurrentThreadId () returned 0x6f8 [0224.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xa66b830, dwHighDateTime=0x1d6076d)) [0224.384] GetCurrentThreadId () returned 0x6f8 [0224.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa66b830, dwHighDateTime=0x1d6076d)) [0224.384] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4de68e0, ftCreationTime.dwHighDateTime=0x1d5da69, ftLastAccessTime.dwLowDateTime=0x5424e8f0, ftLastAccessTime.dwHighDateTime=0x1d5df15, ftLastWriteTime.dwLowDateTime=0x5424e8f0, ftLastWriteTime.dwHighDateTime=0x1d5df15, nFileSizeHigh=0x0, nFileSizeLow=0x985d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q-fAoy7DIswlc14E0gQM.png", cAlternateFileName="Q-FAOY~1.PNG")) returned 1 [0224.384] GetCurrentThreadId () returned 0x6f8 [0224.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa66b830, dwHighDateTime=0x1d6076d)) [0224.384] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q-fAoy7DIswlc14E0gQM.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\q-faoy7diswlc14e0gqm.png")) returned 0x20 [0224.384] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q-fAoy7DIswlc14E0gQM.png", dwFileAttributes=0x80) returned 1 [0224.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q-fAoy7DIswlc14E0gQM.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\q-faoy7diswlc14e0gqm.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0224.385] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x985d [0224.390] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x985d, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x985d, lpOverlapped=0x0) returned 1 [0224.392] GetCurrentThreadId () returned 0x6f8 [0224.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa691990, dwHighDateTime=0x1d6076d)) [0224.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa691990, dwHighDateTime=0x1d6076d)) [0224.392] GetCurrentThreadId () returned 0x6f8 [0224.393] CloseHandle (hObject=0x1134) returned 1 [0224.393] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q-fAoy7DIswlc14E0gQM.png", dwFileAttributes=0x20) returned 1 [0224.393] GetCurrentThreadId () returned 0x6f8 [0224.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa691990, dwHighDateTime=0x1d6076d)) [0224.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa691990, dwHighDateTime=0x1d6076d)) [0224.393] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q-fAoy7DIswlc14E0gQM.png", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q-fAoy7DIswlc14E0gQM.png", piIcon=0x4e4f238) returned 0x24010f [0224.404] GetIconInfo (in: hIcon=0x24010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0224.404] CreateFileW (lpFileName="AmEM.ico" (normalized: "c:\\windows\\system32\\amem.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.406] GetObjectA (in: h=0x1c0501fc, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0224.406] GetObjectA (in: h=0x6b050763, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0224.406] CreateCompatibleDC (hdc=0x0) returned 0xb4010775 [0224.406] GetDIBits (in: hdc=0xb4010775, hbm=0x1c0501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0224.406] GetDIBits (in: hdc=0xb4010775, hbm=0x1c0501fc, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0224.406] GetDIBits (in: hdc=0xb4010775, hbm=0x1c0501fc, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0224.406] GetDIBits (in: hdc=0xb4010775, hbm=0x6b050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0224.406] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0224.407] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0224.408] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0224.408] WriteFile (in: hFile=0x1138, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0224.408] WriteFile (in: hFile=0x1138, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0224.408] DeleteDC (hdc=0xb4010775) returned 1 [0224.408] CloseHandle (hObject=0x1138) returned 1 [0224.409] DeleteObject (ho=0x1c0501fc) returned 1 [0224.409] DeleteObject (ho=0x6b050763) returned 1 [0224.409] DestroyCursor (hCursor=0x24010f) returned 1 [0224.409] GetCurrentThreadId () returned 0x6f8 [0224.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q-fAoy7DIswlc14E0gQM.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\q-faoy7diswlc14e0gqm.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.409] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x985d [0224.414] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x985d, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x985d, lpOverlapped=0x0) returned 1 [0224.414] CloseHandle (hObject=0x1138) returned 1 [0224.414] GetCurrentThreadId () returned 0x6f8 [0224.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa6b7af0, dwHighDateTime=0x1d6076d)) [0224.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa6b7af0, dwHighDateTime=0x1d6076d)) [0224.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xa6b7af0, dwHighDateTime=0x1d6076d)) [0224.483] GetCurrentThreadId () returned 0x6f8 [0224.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa750070, dwHighDateTime=0x1d6076d)) [0224.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa7761d0, dwHighDateTime=0x1d6076d)) [0224.483] GetCurrentThreadId () returned 0x6f8 [0224.483] CreateFileW (lpFileName="EYAE.exe" (normalized: "c:\\windows\\system32\\eyae.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.484] CreateFileW (lpFileName="EYAE.exe" (normalized: "c:\\windows\\system32\\eyae.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.484] GetCurrentThreadId () returned 0x6f8 [0224.484] GetCurrentThreadId () returned 0x6f8 [0224.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa7761d0, dwHighDateTime=0x1d6076d)) [0224.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa7761d0, dwHighDateTime=0x1d6076d)) [0224.484] CreateFileW (lpFileName="EYAE.exe" (normalized: "c:\\windows\\system32\\eyae.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.484] GetCurrentThreadId () returned 0x6f8 [0224.484] BeginUpdateResourceW (pFileName="EYAE.exe" (normalized: "c:\\windows\\system32\\eyae.exe"), bDeleteExistingResources=0) returned 0x0 [0224.485] CreateFileW (lpFileName="AmEM.ico" (normalized: "c:\\windows\\system32\\amem.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1138 [0224.485] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0224.485] ReadFile (in: hFile=0x1138, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0224.485] CloseHandle (hObject=0x1138) returned 1 [0224.485] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0224.485] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0224.485] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0224.485] CopyFileW (lpExistingFileName="EYAE.exe" (normalized: "c:\\windows\\system32\\eyae.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q-fAoy7DIswlc14E0gQM.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\q-faoy7diswlc14e0gqm.png.exe"), bFailIfExists=0) returned 0 [0224.486] SetNamedSecurityInfoW () returned 0x2 [0224.486] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q-fAoy7DIswlc14E0gQM.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\q-faoy7diswlc14e0gqm.png")) returned 1 [0224.487] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x7e, lpOverlapped=0x0) returned 1 [0224.487] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0224.488] DeleteFileW (lpFileName="AmEM.ico" (normalized: "c:\\windows\\system32\\amem.ico")) returned 1 [0224.489] DeleteFileW (lpFileName="EYAE.exe" (normalized: "c:\\windows\\system32\\eyae.exe")) returned 0 [0224.489] GetCurrentThreadId () returned 0x6f8 [0224.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xa7761d0, dwHighDateTime=0x1d6076d)) [0224.489] GetCurrentThreadId () returned 0x6f8 [0224.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa7761d0, dwHighDateTime=0x1d6076d)) [0224.489] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63c220, ftCreationTime.dwHighDateTime=0x1d5dfda, ftLastAccessTime.dwLowDateTime=0x778de980, ftLastAccessTime.dwHighDateTime=0x1d5e632, ftLastWriteTime.dwLowDateTime=0x778de980, ftLastWriteTime.dwHighDateTime=0x1d5e632, nFileSizeHigh=0x0, nFileSizeLow=0x1102a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q0VMV.gif", cAlternateFileName="")) returned 1 [0224.489] GetCurrentThreadId () returned 0x6f8 [0224.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa7761d0, dwHighDateTime=0x1d6076d)) [0224.489] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q0VMV.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\q0vmv.gif")) returned 0x20 [0224.489] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q0VMV.gif", dwFileAttributes=0x80) returned 1 [0224.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q0VMV.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\q0vmv.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.490] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1102a [0224.494] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1102a, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x1102a, lpOverlapped=0x0) returned 1 [0224.496] GetCurrentThreadId () returned 0x6f8 [0224.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa7761d0, dwHighDateTime=0x1d6076d)) [0224.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa7761d0, dwHighDateTime=0x1d6076d)) [0224.496] GetCurrentThreadId () returned 0x6f8 [0224.497] CloseHandle (hObject=0x1138) returned 1 [0224.497] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q0VMV.gif", dwFileAttributes=0x20) returned 1 [0224.497] GetCurrentThreadId () returned 0x6f8 [0224.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa7761d0, dwHighDateTime=0x1d6076d)) [0224.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa7761d0, dwHighDateTime=0x1d6076d)) [0224.497] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q0VMV.gif", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q0VMV.gif", piIcon=0x4e4f238) returned 0xd0143 [0224.507] GetIconInfo (in: hIcon=0xd0143, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0224.507] CreateFileW (lpFileName="yykk.ico" (normalized: "c:\\windows\\system32\\yykk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0224.508] GetObjectA (in: h=0xd20501fa, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0224.508] GetObjectA (in: h=0x3505018d, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0224.508] CreateCompatibleDC (hdc=0x0) returned 0xdf010770 [0224.508] GetDIBits (in: hdc=0xdf010770, hbm=0xd20501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0224.508] GetDIBits (in: hdc=0xdf010770, hbm=0xd20501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0224.508] GetDIBits (in: hdc=0xdf010770, hbm=0xd20501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0224.508] GetDIBits (in: hdc=0xdf010770, hbm=0x3505018d, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0224.508] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0224.509] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0224.509] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0224.509] WriteFile (in: hFile=0x1134, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0224.510] WriteFile (in: hFile=0x1134, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0224.510] DeleteDC (hdc=0xdf010770) returned 1 [0224.510] CloseHandle (hObject=0x1134) returned 1 [0224.510] DeleteObject (ho=0xd20501fa) returned 1 [0224.510] DeleteObject (ho=0x3505018d) returned 1 [0224.510] DestroyCursor (hCursor=0xd0143) returned 1 [0224.510] GetCurrentThreadId () returned 0x6f8 [0224.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q0VMV.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\q0vmv.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0224.510] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1102a [0224.535] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1102a, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x1102a, lpOverlapped=0x0) returned 1 [0224.536] CloseHandle (hObject=0x1134) returned 1 [0224.536] GetCurrentThreadId () returned 0x6f8 [0224.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa7e85f0, dwHighDateTime=0x1d6076d)) [0224.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa7e85f0, dwHighDateTime=0x1d6076d)) [0224.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xa7e85f0, dwHighDateTime=0x1d6076d)) [0224.617] GetCurrentThreadId () returned 0x6f8 [0224.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa8a6cd0, dwHighDateTime=0x1d6076d)) [0224.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa8a6cd0, dwHighDateTime=0x1d6076d)) [0224.617] GetCurrentThreadId () returned 0x6f8 [0224.617] CreateFileW (lpFileName="Kkcw.exe" (normalized: "c:\\windows\\system32\\kkcw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.618] CreateFileW (lpFileName="Kkcw.exe" (normalized: "c:\\windows\\system32\\kkcw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.618] GetCurrentThreadId () returned 0x6f8 [0224.618] GetCurrentThreadId () returned 0x6f8 [0224.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa8a6cd0, dwHighDateTime=0x1d6076d)) [0224.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xa8a6cd0, dwHighDateTime=0x1d6076d)) [0224.618] CreateFileW (lpFileName="Kkcw.exe" (normalized: "c:\\windows\\system32\\kkcw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.618] GetCurrentThreadId () returned 0x6f8 [0224.618] BeginUpdateResourceW (pFileName="Kkcw.exe" (normalized: "c:\\windows\\system32\\kkcw.exe"), bDeleteExistingResources=0) returned 0x0 [0224.619] CreateFileW (lpFileName="yykk.ico" (normalized: "c:\\windows\\system32\\yykk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1134 [0224.619] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0224.619] ReadFile (in: hFile=0x1134, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0224.619] CloseHandle (hObject=0x1134) returned 1 [0224.619] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0224.619] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0224.619] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0224.619] CopyFileW (lpExistingFileName="Kkcw.exe" (normalized: "c:\\windows\\system32\\kkcw.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q0VMV.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\q0vmv.gif.exe"), bFailIfExists=0) returned 0 [0224.620] SetNamedSecurityInfoW () returned 0x2 [0224.620] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Q0VMV.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\q0vmv.gif")) returned 1 [0224.622] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x60, lpOverlapped=0x0) returned 1 [0224.622] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0224.622] DeleteFileW (lpFileName="yykk.ico" (normalized: "c:\\windows\\system32\\yykk.ico")) returned 1 [0224.623] DeleteFileW (lpFileName="Kkcw.exe" (normalized: "c:\\windows\\system32\\kkcw.exe")) returned 0 [0224.623] GetCurrentThreadId () returned 0x6f8 [0224.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xa8a6cd0, dwHighDateTime=0x1d6076d)) [0224.623] GetCurrentThreadId () returned 0x6f8 [0224.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xa8a6cd0, dwHighDateTime=0x1d6076d)) [0224.623] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x965aa6b0, ftCreationTime.dwHighDateTime=0x1d5e04b, ftLastAccessTime.dwLowDateTime=0x59fd69d0, ftLastAccessTime.dwHighDateTime=0x1d5d7b5, ftLastWriteTime.dwLowDateTime=0x59fd69d0, ftLastWriteTime.dwHighDateTime=0x1d5d7b5, nFileSizeHigh=0x0, nFileSizeLow=0x10f2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="QEhgyk foyuP.png", cAlternateFileName="QEHGYK~1.PNG")) returned 1 [0224.623] GetCurrentThreadId () returned 0x6f8 [0224.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xa8cce30, dwHighDateTime=0x1d6076d)) [0224.624] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\QEhgyk foyuP.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\qehgyk foyup.png")) returned 0x20 [0224.624] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\QEhgyk foyuP.png", dwFileAttributes=0x80) returned 1 [0224.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\QEhgyk foyuP.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\qehgyk foyup.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0224.624] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10f2d [0224.629] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x10f2d, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x10f2d, lpOverlapped=0x0) returned 1 [0224.645] GetCurrentThreadId () returned 0x6f8 [0224.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa8f2f90, dwHighDateTime=0x1d6076d)) [0224.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xa8f2f90, dwHighDateTime=0x1d6076d)) [0224.646] GetCurrentThreadId () returned 0x6f8 [0224.646] CloseHandle (hObject=0x1134) returned 1 [0224.646] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\QEhgyk foyuP.png", dwFileAttributes=0x20) returned 1 [0224.646] GetCurrentThreadId () returned 0x6f8 [0224.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa8f2f90, dwHighDateTime=0x1d6076d)) [0224.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xa8f2f90, dwHighDateTime=0x1d6076d)) [0224.647] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\QEhgyk foyuP.png", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\QEhgyk foyuP.png", piIcon=0x4e4f238) returned 0x25010f [0224.658] GetIconInfo (in: hIcon=0x25010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0224.658] CreateFileW (lpFileName="USII.ico" (normalized: "c:\\windows\\system32\\usii.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.659] GetObjectA (in: h=0x26050776, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0224.659] GetObjectA (in: h=0x79050763, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0224.659] CreateCompatibleDC (hdc=0x0) returned 0x2a01016f [0224.660] GetDIBits (in: hdc=0x2a01016f, hbm=0x26050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0224.660] GetDIBits (in: hdc=0x2a01016f, hbm=0x26050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0224.660] GetDIBits (in: hdc=0x2a01016f, hbm=0x26050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0224.660] GetDIBits (in: hdc=0x2a01016f, hbm=0x79050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0224.660] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0224.661] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0224.662] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0224.662] WriteFile (in: hFile=0x1138, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0224.662] WriteFile (in: hFile=0x1138, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0224.662] DeleteDC (hdc=0x2a01016f) returned 1 [0224.662] CloseHandle (hObject=0x1138) returned 1 [0224.663] DeleteObject (ho=0x26050776) returned 1 [0224.663] DeleteObject (ho=0x79050763) returned 1 [0224.663] DestroyCursor (hCursor=0x25010f) returned 1 [0224.663] GetCurrentThreadId () returned 0x6f8 [0224.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\QEhgyk foyuP.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\qehgyk foyup.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.663] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10f2d [0224.668] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x10f2d, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x10f2d, lpOverlapped=0x0) returned 1 [0224.668] CloseHandle (hObject=0x1138) returned 1 [0224.669] GetCurrentThreadId () returned 0x6f8 [0224.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa9190f0, dwHighDateTime=0x1d6076d)) [0224.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xa9190f0, dwHighDateTime=0x1d6076d)) [0224.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xa9190f0, dwHighDateTime=0x1d6076d)) [0224.764] GetCurrentThreadId () returned 0x6f8 [0224.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xa9fd930, dwHighDateTime=0x1d6076d)) [0224.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xaa23a90, dwHighDateTime=0x1d6076d)) [0224.764] GetCurrentThreadId () returned 0x6f8 [0224.764] CreateFileW (lpFileName="OYUM.exe" (normalized: "c:\\windows\\system32\\oyum.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.765] CreateFileW (lpFileName="OYUM.exe" (normalized: "c:\\windows\\system32\\oyum.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.765] GetCurrentThreadId () returned 0x6f8 [0224.765] GetCurrentThreadId () returned 0x6f8 [0224.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xaa23a90, dwHighDateTime=0x1d6076d)) [0224.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xaa23a90, dwHighDateTime=0x1d6076d)) [0224.765] CreateFileW (lpFileName="OYUM.exe" (normalized: "c:\\windows\\system32\\oyum.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.766] GetCurrentThreadId () returned 0x6f8 [0224.766] BeginUpdateResourceW (pFileName="OYUM.exe" (normalized: "c:\\windows\\system32\\oyum.exe"), bDeleteExistingResources=0) returned 0x0 [0224.766] CreateFileW (lpFileName="USII.ico" (normalized: "c:\\windows\\system32\\usii.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1138 [0224.766] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0224.766] ReadFile (in: hFile=0x1138, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0224.766] CloseHandle (hObject=0x1138) returned 1 [0224.766] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0224.767] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0224.767] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0224.767] CopyFileW (lpExistingFileName="OYUM.exe" (normalized: "c:\\windows\\system32\\oyum.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\QEhgyk foyuP.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\qehgyk foyup.png.exe"), bFailIfExists=0) returned 0 [0224.767] SetNamedSecurityInfoW () returned 0x2 [0224.767] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\QEhgyk foyuP.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\qehgyk foyup.png")) returned 1 [0224.769] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x6e, lpOverlapped=0x0) returned 1 [0224.769] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0224.770] DeleteFileW (lpFileName="USII.ico" (normalized: "c:\\windows\\system32\\usii.ico")) returned 1 [0224.771] DeleteFileW (lpFileName="OYUM.exe" (normalized: "c:\\windows\\system32\\oyum.exe")) returned 0 [0224.771] GetCurrentThreadId () returned 0x6f8 [0224.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xaa23a90, dwHighDateTime=0x1d6076d)) [0224.771] GetCurrentThreadId () returned 0x6f8 [0224.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xaa23a90, dwHighDateTime=0x1d6076d)) [0224.771] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ebc5b0, ftCreationTime.dwHighDateTime=0x1d5e36b, ftLastAccessTime.dwLowDateTime=0x50082040, ftLastAccessTime.dwHighDateTime=0x1d5e3a0, ftLastWriteTime.dwLowDateTime=0x50082040, ftLastWriteTime.dwHighDateTime=0x1d5e3a0, nFileSizeHigh=0x0, nFileSizeLow=0x12783, dwReserved0=0x0, dwReserved1=0x0, cFileName="S0hxY4y7RcgUxJ5MN5.gif", cAlternateFileName="S0HXY4~1.GIF")) returned 1 [0224.771] GetCurrentThreadId () returned 0x6f8 [0224.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xaa23a90, dwHighDateTime=0x1d6076d)) [0224.771] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\S0hxY4y7RcgUxJ5MN5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\s0hxy4y7rcguxj5mn5.gif")) returned 0x20 [0224.772] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\S0hxY4y7RcgUxJ5MN5.gif", dwFileAttributes=0x80) returned 1 [0224.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\S0hxY4y7RcgUxJ5MN5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\s0hxy4y7rcguxj5mn5.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.773] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12783 [0224.778] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x12783, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x12783, lpOverlapped=0x0) returned 1 [0224.780] GetCurrentThreadId () returned 0x6f8 [0224.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xaa49bf0, dwHighDateTime=0x1d6076d)) [0224.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xaa49bf0, dwHighDateTime=0x1d6076d)) [0224.780] GetCurrentThreadId () returned 0x6f8 [0224.781] CloseHandle (hObject=0x1138) returned 1 [0224.781] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\S0hxY4y7RcgUxJ5MN5.gif", dwFileAttributes=0x20) returned 1 [0224.781] GetCurrentThreadId () returned 0x6f8 [0224.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xaa49bf0, dwHighDateTime=0x1d6076d)) [0224.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xaa49bf0, dwHighDateTime=0x1d6076d)) [0224.781] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\S0hxY4y7RcgUxJ5MN5.gif", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\S0hxY4y7RcgUxJ5MN5.gif", piIcon=0x4e4f238) returned 0x26010f [0224.793] GetIconInfo (in: hIcon=0x26010f, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0224.793] CreateFileW (lpFileName="YcMM.ico" (normalized: "c:\\windows\\system32\\ycmm.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0224.794] GetObjectA (in: h=0xdf050771, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0224.794] GetObjectA (in: h=0xec050770, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0224.794] CreateCompatibleDC (hdc=0x0) returned 0x4401018d [0224.794] GetDIBits (in: hdc=0x4401018d, hbm=0xdf050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0224.795] GetDIBits (in: hdc=0x4401018d, hbm=0xdf050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0224.795] GetDIBits (in: hdc=0x4401018d, hbm=0xdf050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0224.795] GetDIBits (in: hdc=0x4401018d, hbm=0xec050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0224.795] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0224.798] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0224.798] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0224.798] WriteFile (in: hFile=0x1134, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0224.799] WriteFile (in: hFile=0x1134, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0224.799] DeleteDC (hdc=0x4401018d) returned 1 [0224.799] CloseHandle (hObject=0x1134) returned 1 [0224.799] DeleteObject (ho=0xdf050771) returned 1 [0224.799] DeleteObject (ho=0xec050770) returned 1 [0224.799] DestroyCursor (hCursor=0x26010f) returned 1 [0224.799] GetCurrentThreadId () returned 0x6f8 [0224.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\S0hxY4y7RcgUxJ5MN5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\s0hxy4y7rcguxj5mn5.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0224.799] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12783 [0224.804] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x12783, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x12783, lpOverlapped=0x0) returned 1 [0224.805] CloseHandle (hObject=0x1134) returned 1 [0224.805] GetCurrentThreadId () returned 0x6f8 [0224.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xaa6fd50, dwHighDateTime=0x1d6076d)) [0224.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xaa6fd50, dwHighDateTime=0x1d6076d)) [0224.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xaa6fd50, dwHighDateTime=0x1d6076d)) [0224.932] GetCurrentThreadId () returned 0x6f8 [0224.932] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xaba0850, dwHighDateTime=0x1d6076d)) [0224.932] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xaba0850, dwHighDateTime=0x1d6076d)) [0224.932] GetCurrentThreadId () returned 0x6f8 [0224.932] CreateFileW (lpFileName="cUUC.exe" (normalized: "c:\\windows\\system32\\cuuc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.932] CreateFileW (lpFileName="cUUC.exe" (normalized: "c:\\windows\\system32\\cuuc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.933] GetCurrentThreadId () returned 0x6f8 [0224.933] GetCurrentThreadId () returned 0x6f8 [0224.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xaba0850, dwHighDateTime=0x1d6076d)) [0224.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xaba0850, dwHighDateTime=0x1d6076d)) [0224.933] CreateFileW (lpFileName="cUUC.exe" (normalized: "c:\\windows\\system32\\cuuc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.933] GetCurrentThreadId () returned 0x6f8 [0224.933] BeginUpdateResourceW (pFileName="cUUC.exe" (normalized: "c:\\windows\\system32\\cuuc.exe"), bDeleteExistingResources=0) returned 0x0 [0224.933] CreateFileW (lpFileName="YcMM.ico" (normalized: "c:\\windows\\system32\\ycmm.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1134 [0224.933] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0224.934] ReadFile (in: hFile=0x1134, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0224.934] CloseHandle (hObject=0x1134) returned 1 [0224.934] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0224.934] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0224.934] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0224.934] CopyFileW (lpExistingFileName="cUUC.exe" (normalized: "c:\\windows\\system32\\cuuc.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\S0hxY4y7RcgUxJ5MN5.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\s0hxy4y7rcguxj5mn5.gif.exe"), bFailIfExists=0) returned 0 [0224.934] SetNamedSecurityInfoW () returned 0x2 [0224.935] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\S0hxY4y7RcgUxJ5MN5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\s0hxy4y7rcguxj5mn5.gif")) returned 1 [0224.937] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x7a, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x7a, lpOverlapped=0x0) returned 1 [0224.937] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0224.937] DeleteFileW (lpFileName="YcMM.ico" (normalized: "c:\\windows\\system32\\ycmm.ico")) returned 1 [0224.938] DeleteFileW (lpFileName="cUUC.exe" (normalized: "c:\\windows\\system32\\cuuc.exe")) returned 0 [0224.939] GetCurrentThreadId () returned 0x6f8 [0224.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xabc69b0, dwHighDateTime=0x1d6076d)) [0224.939] GetCurrentThreadId () returned 0x6f8 [0224.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xabc69b0, dwHighDateTime=0x1d6076d)) [0224.939] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec72f990, ftCreationTime.dwHighDateTime=0x1d5e48c, ftLastAccessTime.dwLowDateTime=0xebae9df0, ftLastAccessTime.dwHighDateTime=0x1d5df43, ftLastWriteTime.dwLowDateTime=0xebae9df0, ftLastWriteTime.dwHighDateTime=0x1d5df43, nFileSizeHigh=0x0, nFileSizeLow=0x12d91, dwReserved0=0x0, dwReserved1=0x0, cFileName="UQgw2.png", cAlternateFileName="")) returned 1 [0224.939] GetCurrentThreadId () returned 0x6f8 [0224.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xabc69b0, dwHighDateTime=0x1d6076d)) [0224.939] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UQgw2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uqgw2.png")) returned 0x20 [0224.939] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UQgw2.png", dwFileAttributes=0x80) returned 1 [0224.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UQgw2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uqgw2.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0224.940] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12d91 [0224.945] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x12d91, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x12d91, lpOverlapped=0x0) returned 1 [0224.947] GetCurrentThreadId () returned 0x6f8 [0224.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xabc69b0, dwHighDateTime=0x1d6076d)) [0224.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xabc69b0, dwHighDateTime=0x1d6076d)) [0224.947] GetCurrentThreadId () returned 0x6f8 [0224.948] CloseHandle (hObject=0x1134) returned 1 [0224.948] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UQgw2.png", dwFileAttributes=0x20) returned 1 [0224.948] GetCurrentThreadId () returned 0x6f8 [0224.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xabc69b0, dwHighDateTime=0x1d6076d)) [0224.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xabc69b0, dwHighDateTime=0x1d6076d)) [0224.948] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UQgw2.png", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UQgw2.png", piIcon=0x4e4f238) returned 0xf0143 [0224.961] GetIconInfo (in: hIcon=0xf0143, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0224.961] CreateFileW (lpFileName="gYIs.ico" (normalized: "c:\\windows\\system32\\gyis.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.962] GetObjectA (in: h=0x81050763, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0224.962] GetObjectA (in: h=0x2e050776, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0224.962] CreateCompatibleDC (hdc=0x0) returned 0xde0101fa [0224.962] GetDIBits (in: hdc=0xde0101fa, hbm=0x81050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0224.962] GetDIBits (in: hdc=0xde0101fa, hbm=0x81050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0224.962] GetDIBits (in: hdc=0xde0101fa, hbm=0x81050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0224.962] GetDIBits (in: hdc=0xde0101fa, hbm=0x2e050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0224.962] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0224.963] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0224.963] WriteFile (in: hFile=0x1138, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0224.964] WriteFile (in: hFile=0x1138, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0224.964] WriteFile (in: hFile=0x1138, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0224.964] DeleteDC (hdc=0xde0101fa) returned 1 [0224.964] CloseHandle (hObject=0x1138) returned 1 [0224.964] DeleteObject (ho=0x81050763) returned 1 [0224.964] DeleteObject (ho=0x2e050776) returned 1 [0224.964] DestroyCursor (hCursor=0xf0143) returned 1 [0224.964] GetCurrentThreadId () returned 0x6f8 [0224.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UQgw2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uqgw2.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1138 [0224.965] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12d91 [0224.970] ReadFile (in: hFile=0x1138, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x12d91, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x12d91, lpOverlapped=0x0) returned 1 [0224.970] CloseHandle (hObject=0x1138) returned 1 [0224.970] GetCurrentThreadId () returned 0x6f8 [0224.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xac12c70, dwHighDateTime=0x1d6076d)) [0224.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xac12c70, dwHighDateTime=0x1d6076d)) [0224.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xac12c70, dwHighDateTime=0x1d6076d)) [0225.115] GetCurrentThreadId () returned 0x6f8 [0225.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xad698d0, dwHighDateTime=0x1d6076d)) [0225.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xad698d0, dwHighDateTime=0x1d6076d)) [0225.115] GetCurrentThreadId () returned 0x6f8 [0225.115] CreateFileW (lpFileName="GAYU.exe" (normalized: "c:\\windows\\system32\\gayu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.116] CreateFileW (lpFileName="GAYU.exe" (normalized: "c:\\windows\\system32\\gayu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.116] GetCurrentThreadId () returned 0x6f8 [0225.117] GetCurrentThreadId () returned 0x6f8 [0225.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xad698d0, dwHighDateTime=0x1d6076d)) [0225.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xad698d0, dwHighDateTime=0x1d6076d)) [0225.117] CreateFileW (lpFileName="GAYU.exe" (normalized: "c:\\windows\\system32\\gayu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.117] GetCurrentThreadId () returned 0x6f8 [0225.117] BeginUpdateResourceW (pFileName="GAYU.exe" (normalized: "c:\\windows\\system32\\gayu.exe"), bDeleteExistingResources=0) returned 0x0 [0225.117] CreateFileW (lpFileName="gYIs.ico" (normalized: "c:\\windows\\system32\\gyis.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1138 [0225.117] GetFileSize (in: hFile=0x1138, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0225.118] ReadFile (in: hFile=0x1138, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0225.118] CloseHandle (hObject=0x1138) returned 1 [0225.118] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0225.118] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0225.118] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0225.118] CopyFileW (lpExistingFileName="GAYU.exe" (normalized: "c:\\windows\\system32\\gayu.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UQgw2.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uqgw2.png.exe"), bFailIfExists=0) returned 0 [0225.118] SetNamedSecurityInfoW () returned 0x2 [0225.118] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UQgw2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uqgw2.png")) returned 1 [0225.121] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x60, lpOverlapped=0x0) returned 1 [0225.121] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0225.121] DeleteFileW (lpFileName="gYIs.ico" (normalized: "c:\\windows\\system32\\gyis.ico")) returned 1 [0225.122] DeleteFileW (lpFileName="GAYU.exe" (normalized: "c:\\windows\\system32\\gayu.exe")) returned 0 [0225.123] GetCurrentThreadId () returned 0x6f8 [0225.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.123] GetCurrentThreadId () returned 0x6f8 [0225.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.123] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6e45820, ftCreationTime.dwHighDateTime=0x1d5d804, ftLastAccessTime.dwLowDateTime=0x613f29f0, ftLastAccessTime.dwHighDateTime=0x1d5da61, ftLastWriteTime.dwLowDateTime=0x613f29f0, ftLastWriteTime.dwHighDateTime=0x1d5da61, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wADGM-Om NZHxCf", cAlternateFileName="WADGM-~1")) returned 1 [0225.123] GetCurrentThreadId () returned 0x6f8 [0225.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.123] GetCurrentThreadId () returned 0x6f8 [0225.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.123] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6e45820, ftCreationTime.dwHighDateTime=0x1d5d804, ftLastAccessTime.dwLowDateTime=0x613f29f0, ftLastAccessTime.dwHighDateTime=0x1d5da61, ftLastWriteTime.dwLowDateTime=0x613f29f0, ftLastWriteTime.dwHighDateTime=0x1d5da61, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ee18 [0225.126] GetCurrentThreadId () returned 0x6f8 [0225.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.126] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6e45820, ftCreationTime.dwHighDateTime=0x1d5d804, ftLastAccessTime.dwLowDateTime=0x613f29f0, ftLastAccessTime.dwHighDateTime=0x1d5da61, ftLastWriteTime.dwLowDateTime=0x613f29f0, ftLastWriteTime.dwHighDateTime=0x1d5da61, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0225.126] GetCurrentThreadId () returned 0x6f8 [0225.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.126] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b3f9540, ftCreationTime.dwHighDateTime=0x1d5dae6, ftLastAccessTime.dwLowDateTime=0x48f118d0, ftLastAccessTime.dwHighDateTime=0x1d5e606, ftLastWriteTime.dwLowDateTime=0x48f118d0, ftLastWriteTime.dwHighDateTime=0x1d5e606, nFileSizeHigh=0x0, nFileSizeLow=0x1159b, dwReserved0=0x0, dwReserved1=0x0, cFileName="0x8VAeJ hT.gif", cAlternateFileName="0X8VAE~1.GIF")) returned 1 [0225.126] GetCurrentThreadId () returned 0x6f8 [0225.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.126] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\0x8VAeJ hT.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\0x8vaej ht.gif")) returned 0x20 [0225.127] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\0x8VAeJ hT.gif", dwFileAttributes=0x80) returned 1 [0225.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\0x8VAeJ hT.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\0x8vaej ht.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0225.128] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1159b [0225.133] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1159b, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x1159b, lpOverlapped=0x0) returned 1 [0225.135] GetCurrentThreadId () returned 0x6f8 [0225.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.135] GetCurrentThreadId () returned 0x6f8 [0225.135] CloseHandle (hObject=0x1134) returned 1 [0225.136] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\0x8VAeJ hT.gif", dwFileAttributes=0x20) returned 1 [0225.136] GetCurrentThreadId () returned 0x6f8 [0225.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xad8fa30, dwHighDateTime=0x1d6076d)) [0225.136] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\0x8VAeJ hT.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\0x8VAeJ hT.gif", piIcon=0x4e4efc4) returned 0x100143 [0225.147] GetIconInfo (in: hIcon=0x100143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0225.147] CreateFileW (lpFileName="AMsI.ico" (normalized: "c:\\windows\\system32\\amsi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0225.147] GetObjectA (in: h=0xef050770, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0225.147] GetObjectA (in: h=0xe4050771, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0225.147] CreateCompatibleDC (hdc=0x0) returned 0x29010772 [0225.148] GetDIBits (in: hdc=0x29010772, hbm=0xef050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0225.148] GetDIBits (in: hdc=0x29010772, hbm=0xef050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0225.148] GetDIBits (in: hdc=0x29010772, hbm=0xef050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0225.148] GetDIBits (in: hdc=0x29010772, hbm=0xe4050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0225.148] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0225.149] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0225.149] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0225.149] WriteFile (in: hFile=0x113c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0225.150] WriteFile (in: hFile=0x113c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0225.150] DeleteDC (hdc=0x29010772) returned 1 [0225.150] CloseHandle (hObject=0x113c) returned 1 [0225.150] DeleteObject (ho=0xef050770) returned 1 [0225.150] DeleteObject (ho=0xe4050771) returned 1 [0225.150] DestroyCursor (hCursor=0x100143) returned 1 [0225.150] GetCurrentThreadId () returned 0x6f8 [0225.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\0x8VAeJ hT.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\0x8vaej ht.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0225.151] GetFileSize (in: hFile=0x113c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1159b [0225.169] ReadFile (in: hFile=0x113c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1159b, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x1159b, lpOverlapped=0x0) returned 1 [0225.169] CloseHandle (hObject=0x113c) returned 1 [0225.169] GetCurrentThreadId () returned 0x6f8 [0225.170] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xae01e50, dwHighDateTime=0x1d6076d)) [0225.170] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xae01e50, dwHighDateTime=0x1d6076d)) [0225.170] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xae01e50, dwHighDateTime=0x1d6076d)) [0225.244] GetCurrentThreadId () returned 0x6f8 [0225.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xae9a3d0, dwHighDateTime=0x1d6076d)) [0225.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xae9a3d0, dwHighDateTime=0x1d6076d)) [0225.245] GetCurrentThreadId () returned 0x6f8 [0225.245] CreateFileW (lpFileName="sMQA.exe" (normalized: "c:\\windows\\system32\\smqa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.245] CreateFileW (lpFileName="sMQA.exe" (normalized: "c:\\windows\\system32\\smqa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.246] GetCurrentThreadId () returned 0x6f8 [0225.246] GetCurrentThreadId () returned 0x6f8 [0225.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xae9a3d0, dwHighDateTime=0x1d6076d)) [0225.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xae9a3d0, dwHighDateTime=0x1d6076d)) [0225.246] CreateFileW (lpFileName="sMQA.exe" (normalized: "c:\\windows\\system32\\smqa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.246] GetCurrentThreadId () returned 0x6f8 [0225.246] BeginUpdateResourceW (pFileName="sMQA.exe" (normalized: "c:\\windows\\system32\\smqa.exe"), bDeleteExistingResources=0) returned 0x0 [0225.246] CreateFileW (lpFileName="AMsI.ico" (normalized: "c:\\windows\\system32\\amsi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x113c [0225.246] GetFileSize (in: hFile=0x113c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0225.247] ReadFile (in: hFile=0x113c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0225.247] CloseHandle (hObject=0x113c) returned 1 [0225.247] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0225.247] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0225.247] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0225.247] CopyFileW (lpExistingFileName="sMQA.exe" (normalized: "c:\\windows\\system32\\smqa.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\0x8VAeJ hT.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\0x8vaej ht.gif.exe"), bFailIfExists=0) returned 0 [0225.251] SetNamedSecurityInfoW () returned 0x2 [0225.252] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\0x8VAeJ hT.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\0x8vaej ht.gif")) returned 1 [0225.254] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x8a, lpOverlapped=0x0) returned 1 [0225.254] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0225.254] DeleteFileW (lpFileName="AMsI.ico" (normalized: "c:\\windows\\system32\\amsi.ico")) returned 1 [0225.255] DeleteFileW (lpFileName="sMQA.exe" (normalized: "c:\\windows\\system32\\smqa.exe")) returned 0 [0225.255] GetCurrentThreadId () returned 0x6f8 [0225.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xaec0530, dwHighDateTime=0x1d6076d)) [0225.255] GetCurrentThreadId () returned 0x6f8 [0225.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xaec0530, dwHighDateTime=0x1d6076d)) [0225.256] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac360660, ftCreationTime.dwHighDateTime=0x1d5e7bb, ftLastAccessTime.dwLowDateTime=0xb60f3270, ftLastAccessTime.dwHighDateTime=0x1d5e602, ftLastWriteTime.dwLowDateTime=0xb60f3270, ftLastWriteTime.dwHighDateTime=0x1d5e602, nFileSizeHigh=0x0, nFileSizeLow=0x11ad2, dwReserved0=0x0, dwReserved1=0x0, cFileName="1 P01gEwYd.bmp", cAlternateFileName="1P01GE~1.BMP")) returned 1 [0225.256] GetCurrentThreadId () returned 0x6f8 [0225.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xaec0530, dwHighDateTime=0x1d6076d)) [0225.256] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\1 P01gEwYd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\1 p01gewyd.bmp")) returned 0x20 [0225.257] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\1 P01gEwYd.bmp", dwFileAttributes=0x80) returned 1 [0225.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\1 P01gEwYd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\1 p01gewyd.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0225.257] GetFileSize (in: hFile=0x113c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11ad2 [0225.262] ReadFile (in: hFile=0x113c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x11ad2, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x11ad2, lpOverlapped=0x0) returned 1 [0225.264] GetCurrentThreadId () returned 0x6f8 [0225.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xaee6690, dwHighDateTime=0x1d6076d)) [0225.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xaee6690, dwHighDateTime=0x1d6076d)) [0225.264] GetCurrentThreadId () returned 0x6f8 [0225.265] CloseHandle (hObject=0x113c) returned 1 [0225.265] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\1 P01gEwYd.bmp", dwFileAttributes=0x20) returned 1 [0225.265] GetCurrentThreadId () returned 0x6f8 [0225.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xaee6690, dwHighDateTime=0x1d6076d)) [0225.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xaee6690, dwHighDateTime=0x1d6076d)) [0225.265] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\1 P01gEwYd.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\1 P01gEwYd.bmp", piIcon=0x4e4efc4) returned 0x110143 [0225.270] GetIconInfo (in: hIcon=0x110143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0225.270] CreateFileW (lpFileName="KysQ.ico" (normalized: "c:\\windows\\system32\\kysq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0225.271] GetObjectA (in: h=0x86050763, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0225.271] GetObjectA (in: h=0xe30501fa, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0225.271] CreateCompatibleDC (hdc=0x0) returned 0x900101fb [0225.271] GetDIBits (in: hdc=0x900101fb, hbm=0x86050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0225.271] GetDIBits (in: hdc=0x900101fb, hbm=0x86050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0225.271] GetDIBits (in: hdc=0x900101fb, hbm=0x86050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0225.271] GetDIBits (in: hdc=0x900101fb, hbm=0xe30501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0225.271] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0225.272] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0225.272] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0225.272] WriteFile (in: hFile=0x113c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0225.273] WriteFile (in: hFile=0x113c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0225.273] DeleteDC (hdc=0x900101fb) returned 1 [0225.273] CloseHandle (hObject=0x113c) returned 1 [0225.277] DeleteObject (ho=0x86050763) returned 1 [0225.277] DeleteObject (ho=0xe30501fa) returned 1 [0225.277] DestroyCursor (hCursor=0x110143) returned 1 [0225.277] GetCurrentThreadId () returned 0x6f8 [0225.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\1 P01gEwYd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\1 p01gewyd.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0225.277] GetFileSize (in: hFile=0x113c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11ad2 [0225.283] ReadFile (in: hFile=0x113c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x11ad2, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x11ad2, lpOverlapped=0x0) returned 1 [0225.283] CloseHandle (hObject=0x113c) returned 1 [0225.283] GetCurrentThreadId () returned 0x6f8 [0225.283] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xaf0c7f0, dwHighDateTime=0x1d6076d)) [0225.283] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xaf0c7f0, dwHighDateTime=0x1d6076d)) [0225.283] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xaf0c7f0, dwHighDateTime=0x1d6076d)) [0225.484] GetCurrentThreadId () returned 0x6f8 [0225.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xb0fb9d0, dwHighDateTime=0x1d6076d)) [0225.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xb0fb9d0, dwHighDateTime=0x1d6076d)) [0225.484] GetCurrentThreadId () returned 0x6f8 [0225.484] CreateFileW (lpFileName="MkcA.exe" (normalized: "c:\\windows\\system32\\mkca.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.486] CreateFileW (lpFileName="MkcA.exe" (normalized: "c:\\windows\\system32\\mkca.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.486] GetCurrentThreadId () returned 0x6f8 [0225.486] GetCurrentThreadId () returned 0x6f8 [0225.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xb0fb9d0, dwHighDateTime=0x1d6076d)) [0225.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xb0fb9d0, dwHighDateTime=0x1d6076d)) [0225.486] CreateFileW (lpFileName="MkcA.exe" (normalized: "c:\\windows\\system32\\mkca.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.486] GetCurrentThreadId () returned 0x6f8 [0225.486] BeginUpdateResourceW (pFileName="MkcA.exe" (normalized: "c:\\windows\\system32\\mkca.exe"), bDeleteExistingResources=0) returned 0x0 [0225.487] CreateFileW (lpFileName="KysQ.ico" (normalized: "c:\\windows\\system32\\kysq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x113c [0225.487] GetFileSize (in: hFile=0x113c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0225.490] ReadFile (in: hFile=0x113c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0225.491] CloseHandle (hObject=0x113c) returned 1 [0225.491] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0225.491] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0225.491] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0225.491] CopyFileW (lpExistingFileName="MkcA.exe" (normalized: "c:\\windows\\system32\\mkca.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\1 P01gEwYd.bmp.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\1 p01gewyd.bmp.exe"), bFailIfExists=0) returned 0 [0225.491] SetNamedSecurityInfoW () returned 0x2 [0225.491] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\1 P01gEwYd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\1 p01gewyd.bmp")) returned 1 [0225.493] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x8a, lpOverlapped=0x0) returned 1 [0225.493] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0225.493] DeleteFileW (lpFileName="KysQ.ico" (normalized: "c:\\windows\\system32\\kysq.ico")) returned 1 [0225.494] DeleteFileW (lpFileName="MkcA.exe" (normalized: "c:\\windows\\system32\\mkca.exe")) returned 0 [0225.494] GetCurrentThreadId () returned 0x6f8 [0225.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xb0fb9d0, dwHighDateTime=0x1d6076d)) [0225.494] GetCurrentThreadId () returned 0x6f8 [0225.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xb0fb9d0, dwHighDateTime=0x1d6076d)) [0225.494] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ce684a0, ftCreationTime.dwHighDateTime=0x1d5e628, ftLastAccessTime.dwLowDateTime=0x71f64f30, ftLastAccessTime.dwHighDateTime=0x1d5e821, ftLastWriteTime.dwLowDateTime=0x71f64f30, ftLastWriteTime.dwHighDateTime=0x1d5e821, nFileSizeHigh=0x0, nFileSizeLow=0x6075, dwReserved0=0x0, dwReserved1=0x0, cFileName="7I1WHWQa4 Pt.gif", cAlternateFileName="7I1WHW~1.GIF")) returned 1 [0225.495] GetCurrentThreadId () returned 0x6f8 [0225.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xb0fb9d0, dwHighDateTime=0x1d6076d)) [0225.495] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7I1WHWQa4 Pt.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\7i1whwqa4 pt.gif")) returned 0x20 [0225.498] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7I1WHWQa4 Pt.gif", dwFileAttributes=0x80) returned 1 [0225.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7I1WHWQa4 Pt.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\7i1whwqa4 pt.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0225.498] GetFileSize (in: hFile=0x113c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6075 [0225.578] ReadFile (in: hFile=0x113c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6075, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x6075, lpOverlapped=0x0) returned 1 [0225.580] GetCurrentThreadId () returned 0x6f8 [0225.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xb1e0210, dwHighDateTime=0x1d6076d)) [0225.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xb1e0210, dwHighDateTime=0x1d6076d)) [0225.580] GetCurrentThreadId () returned 0x6f8 [0225.580] CloseHandle (hObject=0x113c) returned 1 [0225.581] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7I1WHWQa4 Pt.gif", dwFileAttributes=0x20) returned 1 [0225.581] GetCurrentThreadId () returned 0x6f8 [0225.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xb1e0210, dwHighDateTime=0x1d6076d)) [0225.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xb1e0210, dwHighDateTime=0x1d6076d)) [0225.581] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7I1WHWQa4 Pt.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7I1WHWQa4 Pt.gif", piIcon=0x4e4efc4) returned 0x120143 [0225.596] GetIconInfo (in: hIcon=0x120143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0225.596] CreateFileW (lpFileName="uGUU.ico" (normalized: "c:\\windows\\system32\\uguu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0225.597] GetObjectA (in: h=0xe7050771, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0225.597] GetObjectA (in: h=0xf4050770, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0225.597] CreateCompatibleDC (hdc=0x0) returned 0x3801016f [0225.597] GetDIBits (in: hdc=0x3801016f, hbm=0xe7050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0225.597] GetDIBits (in: hdc=0x3801016f, hbm=0xe7050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0225.597] GetDIBits (in: hdc=0x3801016f, hbm=0xe7050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0225.597] GetDIBits (in: hdc=0x3801016f, hbm=0xf4050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0225.597] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0225.598] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0225.598] WriteFile (in: hFile=0x1134, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0225.599] WriteFile (in: hFile=0x1134, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0225.599] WriteFile (in: hFile=0x1134, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0225.599] DeleteDC (hdc=0x3801016f) returned 1 [0225.599] CloseHandle (hObject=0x1134) returned 1 [0225.599] DeleteObject (ho=0xe7050771) returned 1 [0225.599] DeleteObject (ho=0xf4050770) returned 1 [0225.600] DestroyCursor (hCursor=0x120143) returned 1 [0225.600] GetCurrentThreadId () returned 0x6f8 [0225.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7I1WHWQa4 Pt.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\7i1whwqa4 pt.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0225.600] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6075 [0225.605] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6075, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x6075, lpOverlapped=0x0) returned 1 [0225.605] CloseHandle (hObject=0x1134) returned 1 [0225.605] GetCurrentThreadId () returned 0x6f8 [0225.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xb206370, dwHighDateTime=0x1d6076d)) [0225.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xb206370, dwHighDateTime=0x1d6076d)) [0225.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xb206370, dwHighDateTime=0x1d6076d)) [0225.839] GetCurrentThreadId () returned 0x6f8 [0225.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xb441810, dwHighDateTime=0x1d6076d)) [0225.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xb441810, dwHighDateTime=0x1d6076d)) [0225.840] GetCurrentThreadId () returned 0x6f8 [0225.840] CreateFileW (lpFileName="OUgE.exe" (normalized: "c:\\windows\\system32\\ouge.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.841] CreateFileW (lpFileName="OUgE.exe" (normalized: "c:\\windows\\system32\\ouge.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.841] GetCurrentThreadId () returned 0x6f8 [0225.841] GetCurrentThreadId () returned 0x6f8 [0225.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xb467970, dwHighDateTime=0x1d6076d)) [0225.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xb467970, dwHighDateTime=0x1d6076d)) [0225.841] CreateFileW (lpFileName="OUgE.exe" (normalized: "c:\\windows\\system32\\ouge.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.841] GetCurrentThreadId () returned 0x6f8 [0225.841] BeginUpdateResourceW (pFileName="OUgE.exe" (normalized: "c:\\windows\\system32\\ouge.exe"), bDeleteExistingResources=0) returned 0x0 [0225.841] CreateFileW (lpFileName="uGUU.ico" (normalized: "c:\\windows\\system32\\uguu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1134 [0225.842] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0225.842] ReadFile (in: hFile=0x1134, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0225.842] CloseHandle (hObject=0x1134) returned 1 [0225.842] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0225.842] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0225.842] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0225.842] CopyFileW (lpExistingFileName="OUgE.exe" (normalized: "c:\\windows\\system32\\ouge.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7I1WHWQa4 Pt.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\7i1whwqa4 pt.gif.exe"), bFailIfExists=0) returned 0 [0225.843] SetNamedSecurityInfoW () returned 0x2 [0225.843] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7I1WHWQa4 Pt.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\7i1whwqa4 pt.gif")) returned 1 [0225.845] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x8e, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x8e, lpOverlapped=0x0) returned 1 [0225.845] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0225.845] DeleteFileW (lpFileName="uGUU.ico" (normalized: "c:\\windows\\system32\\uguu.ico")) returned 1 [0225.847] DeleteFileW (lpFileName="OUgE.exe" (normalized: "c:\\windows\\system32\\ouge.exe")) returned 0 [0225.847] GetCurrentThreadId () returned 0x6f8 [0225.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xb467970, dwHighDateTime=0x1d6076d)) [0225.847] GetCurrentThreadId () returned 0x6f8 [0225.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xb467970, dwHighDateTime=0x1d6076d)) [0225.847] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2b89cd0, ftCreationTime.dwHighDateTime=0x1d5d94a, ftLastAccessTime.dwLowDateTime=0xf640be20, ftLastAccessTime.dwHighDateTime=0x1d5db37, ftLastWriteTime.dwLowDateTime=0xf640be20, ftLastWriteTime.dwHighDateTime=0x1d5db37, nFileSizeHigh=0x0, nFileSizeLow=0x48d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="7PLBEF97cmxKYRh.gif", cAlternateFileName="7PLBEF~1.GIF")) returned 1 [0225.847] GetCurrentThreadId () returned 0x6f8 [0225.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xb467970, dwHighDateTime=0x1d6076d)) [0225.847] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7PLBEF97cmxKYRh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\7plbef97cmxkyrh.gif")) returned 0x20 [0225.847] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7PLBEF97cmxKYRh.gif", dwFileAttributes=0x80) returned 1 [0225.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7PLBEF97cmxKYRh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\7plbef97cmxkyrh.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1134 [0225.848] GetFileSize (in: hFile=0x1134, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x48d2 [0225.853] ReadFile (in: hFile=0x1134, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x48d2, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x48d2, lpOverlapped=0x0) returned 1 [0225.855] GetCurrentThreadId () returned 0x6f8 [0225.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xb467970, dwHighDateTime=0x1d6076d)) [0225.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xb467970, dwHighDateTime=0x1d6076d)) [0225.855] GetCurrentThreadId () returned 0x6f8 [0225.855] CloseHandle (hObject=0x1134) returned 1 [0225.855] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7PLBEF97cmxKYRh.gif", dwFileAttributes=0x20) returned 1 [0225.855] GetCurrentThreadId () returned 0x6f8 [0225.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xb467970, dwHighDateTime=0x1d6076d)) [0225.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xb467970, dwHighDateTime=0x1d6076d)) [0225.856] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7PLBEF97cmxKYRh.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7PLBEF97cmxKYRh.gif", piIcon=0x4e4efc4) returned 0x130143 [0225.867] GetIconInfo (in: hIcon=0x130143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0225.867] CreateFileW (lpFileName="ckAM.ico" (normalized: "c:\\windows\\system32\\ckam.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0225.868] GetObjectA (in: h=0xe60501fa, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0225.868] GetObjectA (in: h=0x8b050763, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0225.868] CreateCompatibleDC (hdc=0x0) returned 0x5101018d [0225.868] GetDIBits (in: hdc=0x5101018d, hbm=0xe60501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0225.868] GetDIBits (in: hdc=0x5101018d, hbm=0xe60501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0225.868] GetDIBits (in: hdc=0x5101018d, hbm=0xe60501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0225.868] GetDIBits (in: hdc=0x5101018d, hbm=0x8b050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0225.868] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0225.869] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0225.870] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0225.870] WriteFile (in: hFile=0x113c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0225.870] WriteFile (in: hFile=0x113c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0225.870] DeleteDC (hdc=0x5101018d) returned 1 [0225.870] CloseHandle (hObject=0x113c) returned 1 [0225.870] DeleteObject (ho=0xe60501fa) returned 1 [0225.870] DeleteObject (ho=0x8b050763) returned 1 [0225.871] DestroyCursor (hCursor=0x130143) returned 1 [0225.871] GetCurrentThreadId () returned 0x6f8 [0225.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7PLBEF97cmxKYRh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\7plbef97cmxkyrh.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0225.871] GetFileSize (in: hFile=0x113c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x48d2 [0225.876] ReadFile (in: hFile=0x113c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x48d2, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x48d2, lpOverlapped=0x0) returned 1 [0225.876] CloseHandle (hObject=0x113c) returned 1 [0225.876] GetCurrentThreadId () returned 0x6f8 [0225.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xb4b3c30, dwHighDateTime=0x1d6076d)) [0225.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xb4b3c30, dwHighDateTime=0x1d6076d)) [0225.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xb4b3c30, dwHighDateTime=0x1d6076d)) [0225.958] GetCurrentThreadId () returned 0x6f8 [0225.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xb572310, dwHighDateTime=0x1d6076d)) [0225.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xb572310, dwHighDateTime=0x1d6076d)) [0225.958] GetCurrentThreadId () returned 0x6f8 [0225.958] CreateFileW (lpFileName="UAAM.exe" (normalized: "c:\\windows\\system32\\uaam.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.960] CreateFileW (lpFileName="UAAM.exe" (normalized: "c:\\windows\\system32\\uaam.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.960] GetCurrentThreadId () returned 0x6f8 [0225.960] GetCurrentThreadId () returned 0x6f8 [0225.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xb572310, dwHighDateTime=0x1d6076d)) [0225.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xb572310, dwHighDateTime=0x1d6076d)) [0225.961] CreateFileW (lpFileName="UAAM.exe" (normalized: "c:\\windows\\system32\\uaam.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.961] GetCurrentThreadId () returned 0x6f8 [0225.961] BeginUpdateResourceW (pFileName="UAAM.exe" (normalized: "c:\\windows\\system32\\uaam.exe"), bDeleteExistingResources=0) returned 0x0 [0225.961] CreateFileW (lpFileName="ckAM.ico" (normalized: "c:\\windows\\system32\\ckam.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x113c [0225.961] GetFileSize (in: hFile=0x113c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0225.961] ReadFile (in: hFile=0x113c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0225.961] CloseHandle (hObject=0x113c) returned 1 [0225.962] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0225.962] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0225.962] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0225.962] CopyFileW (lpExistingFileName="UAAM.exe" (normalized: "c:\\windows\\system32\\uaam.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7PLBEF97cmxKYRh.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\7plbef97cmxkyrh.gif.exe"), bFailIfExists=0) returned 0 [0225.962] SetNamedSecurityInfoW () returned 0x2 [0225.962] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\7PLBEF97cmxKYRh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\7plbef97cmxkyrh.gif")) returned 1 [0225.964] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x94, lpOverlapped=0x0) returned 1 [0225.964] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0225.964] DeleteFileW (lpFileName="ckAM.ico" (normalized: "c:\\windows\\system32\\ckam.ico")) returned 1 [0225.966] DeleteFileW (lpFileName="UAAM.exe" (normalized: "c:\\windows\\system32\\uaam.exe")) returned 0 [0225.966] GetCurrentThreadId () returned 0x6f8 [0225.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.966] GetCurrentThreadId () returned 0x6f8 [0225.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.966] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24059410, ftCreationTime.dwHighDateTime=0x1d5e746, ftLastAccessTime.dwLowDateTime=0x36785670, ftLastAccessTime.dwHighDateTime=0x1d5e096, ftLastWriteTime.dwLowDateTime=0x36785670, ftLastWriteTime.dwHighDateTime=0x1d5e096, nFileSizeHigh=0x0, nFileSizeLow=0xa2b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="98wDbPH43ILPC_.bmp", cAlternateFileName="98WDBP~1.BMP")) returned 1 [0225.966] GetCurrentThreadId () returned 0x6f8 [0225.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.966] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\98wDbPH43ILPC_.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\98wdbph43ilpc_.bmp")) returned 0x20 [0225.967] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\98wDbPH43ILPC_.bmp", dwFileAttributes=0x80) returned 1 [0225.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\98wDbPH43ILPC_.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\98wdbph43ilpc_.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0225.967] GetFileSize (in: hFile=0x113c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa2b0 [0225.972] ReadFile (in: hFile=0x113c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa2b0, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xa2b0, lpOverlapped=0x0) returned 1 [0225.978] GetCurrentThreadId () returned 0x6f8 [0225.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.978] GetCurrentThreadId () returned 0x6f8 [0225.978] CloseHandle (hObject=0x113c) returned 1 [0225.978] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\98wDbPH43ILPC_.bmp", dwFileAttributes=0x20) returned 1 [0225.978] GetCurrentThreadId () returned 0x6f8 [0225.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xb598470, dwHighDateTime=0x1d6076d)) [0225.979] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\98wDbPH43ILPC_.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\98wDbPH43ILPC_.bmp", piIcon=0x4e4efc4) returned 0x140143 [0225.984] GetIconInfo (in: hIcon=0x140143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0225.984] CreateFileW (lpFileName="gkAs.ico" (normalized: "c:\\windows\\system32\\gkas.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0225.985] GetObjectA (in: h=0xec050771, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0225.985] GetObjectA (in: h=0x3d05016f, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0225.985] CreateCompatibleDC (hdc=0x0) returned 0x3b010776 [0225.985] GetDIBits (in: hdc=0x3b010776, hbm=0xec050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0225.985] GetDIBits (in: hdc=0x3b010776, hbm=0xec050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0225.985] GetDIBits (in: hdc=0x3b010776, hbm=0xec050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0225.985] GetDIBits (in: hdc=0x3b010776, hbm=0x3d05016f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0225.985] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0225.986] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0225.987] WriteFile (in: hFile=0x113c, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0225.987] WriteFile (in: hFile=0x113c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0225.987] WriteFile (in: hFile=0x113c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0225.987] DeleteDC (hdc=0x3b010776) returned 1 [0225.987] CloseHandle (hObject=0x113c) returned 1 [0226.087] DeleteObject (ho=0xec050771) returned 1 [0226.087] DeleteObject (ho=0x3d05016f) returned 1 [0226.087] DestroyCursor (hCursor=0x140143) returned 1 [0226.087] GetCurrentThreadId () returned 0x6f8 [0226.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\98wDbPH43ILPC_.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\98wdbph43ilpc_.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x113c [0226.087] GetFileSize (in: hFile=0x113c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa2b0 [0226.092] ReadFile (in: hFile=0x113c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa2b0, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xa2b0, lpOverlapped=0x0) returned 1 [0226.092] CloseHandle (hObject=0x113c) returned 1 [0226.093] GetCurrentThreadId () returned 0x6f8 [0226.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xb656b50, dwHighDateTime=0x1d6076d)) [0226.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xb656b50, dwHighDateTime=0x1d6076d)) [0226.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xb656b50, dwHighDateTime=0x1d6076d)) [0226.282] GetCurrentThreadId () returned 0x6f8 [0226.283] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xb81fbd0, dwHighDateTime=0x1d6076d)) [0226.283] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xb81fbd0, dwHighDateTime=0x1d6076d)) [0226.283] GetCurrentThreadId () returned 0x6f8 [0226.283] CreateFileW (lpFileName="AgUm.exe" (normalized: "c:\\windows\\system32\\agum.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.283] CreateFileW (lpFileName="AgUm.exe" (normalized: "c:\\windows\\system32\\agum.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.284] GetCurrentThreadId () returned 0x6f8 [0226.284] GetCurrentThreadId () returned 0x6f8 [0226.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xb81fbd0, dwHighDateTime=0x1d6076d)) [0226.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xb81fbd0, dwHighDateTime=0x1d6076d)) [0226.284] CreateFileW (lpFileName="AgUm.exe" (normalized: "c:\\windows\\system32\\agum.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.285] GetCurrentThreadId () returned 0x6f8 [0226.285] BeginUpdateResourceW (pFileName="AgUm.exe" (normalized: "c:\\windows\\system32\\agum.exe"), bDeleteExistingResources=0) returned 0x0 [0226.285] CreateFileW (lpFileName="gkAs.ico" (normalized: "c:\\windows\\system32\\gkas.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1154 [0226.285] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0226.285] ReadFile (in: hFile=0x1154, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0226.285] CloseHandle (hObject=0x1154) returned 1 [0226.286] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0226.286] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0226.286] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0226.286] CopyFileW (lpExistingFileName="AgUm.exe" (normalized: "c:\\windows\\system32\\agum.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\98wDbPH43ILPC_.bmp.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\98wdbph43ilpc_.bmp.exe"), bFailIfExists=0) returned 0 [0226.286] SetNamedSecurityInfoW () returned 0x2 [0226.286] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\98wDbPH43ILPC_.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\98wdbph43ilpc_.bmp")) returned 1 [0226.288] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x92, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x92, lpOverlapped=0x0) returned 1 [0226.288] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0226.288] DeleteFileW (lpFileName="gkAs.ico" (normalized: "c:\\windows\\system32\\gkas.ico")) returned 1 [0226.290] DeleteFileW (lpFileName="AgUm.exe" (normalized: "c:\\windows\\system32\\agum.exe")) returned 0 [0226.290] GetCurrentThreadId () returned 0x6f8 [0226.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xb81fbd0, dwHighDateTime=0x1d6076d)) [0226.290] GetCurrentThreadId () returned 0x6f8 [0226.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xb81fbd0, dwHighDateTime=0x1d6076d)) [0226.290] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47810590, ftCreationTime.dwHighDateTime=0x1d5ddd8, ftLastAccessTime.dwLowDateTime=0x4d1a1480, ftLastAccessTime.dwHighDateTime=0x1d5e673, ftLastWriteTime.dwLowDateTime=0x4d1a1480, ftLastWriteTime.dwHighDateTime=0x1d5e673, nFileSizeHigh=0x0, nFileSizeLow=0x17b96, dwReserved0=0x0, dwReserved1=0x0, cFileName="9RW6e1n-GCBYX2lDor.gif", cAlternateFileName="9RW6E1~1.GIF")) returned 1 [0226.290] GetCurrentThreadId () returned 0x6f8 [0226.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xb81fbd0, dwHighDateTime=0x1d6076d)) [0226.290] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\9RW6e1n-GCBYX2lDor.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\9rw6e1n-gcbyx2ldor.gif")) returned 0x20 [0226.291] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\9RW6e1n-GCBYX2lDor.gif", dwFileAttributes=0x80) returned 1 [0226.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\9RW6e1n-GCBYX2lDor.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\9rw6e1n-gcbyx2ldor.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0226.291] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17b96 [0226.296] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x17b96, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x17b96, lpOverlapped=0x0) returned 1 [0226.301] GetCurrentThreadId () returned 0x6f8 [0226.301] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xb845d30, dwHighDateTime=0x1d6076d)) [0226.301] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xb845d30, dwHighDateTime=0x1d6076d)) [0226.301] GetCurrentThreadId () returned 0x6f8 [0226.301] CloseHandle (hObject=0x1154) returned 1 [0226.301] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\9RW6e1n-GCBYX2lDor.gif", dwFileAttributes=0x20) returned 1 [0226.302] GetCurrentThreadId () returned 0x6f8 [0226.302] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xb845d30, dwHighDateTime=0x1d6076d)) [0226.302] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xb845d30, dwHighDateTime=0x1d6076d)) [0226.302] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\9RW6e1n-GCBYX2lDor.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\9RW6e1n-GCBYX2lDor.gif", piIcon=0x4e4efc4) returned 0x150143 [0226.314] GetIconInfo (in: hIcon=0x150143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0226.315] CreateFileW (lpFileName="aeks.ico" (normalized: "c:\\windows\\system32\\aeks.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0226.315] GetObjectA (in: h=0x8e050763, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0226.315] GetObjectA (in: h=0xeb0501fa, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0226.315] CreateCompatibleDC (hdc=0x0) returned 0x34010772 [0226.316] GetDIBits (in: hdc=0x34010772, hbm=0x8e050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0226.316] GetDIBits (in: hdc=0x34010772, hbm=0x8e050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0226.316] GetDIBits (in: hdc=0x34010772, hbm=0x8e050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0226.316] GetDIBits (in: hdc=0x34010772, hbm=0xeb0501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0226.316] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0226.317] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0226.317] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0226.317] WriteFile (in: hFile=0x1158, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0226.318] WriteFile (in: hFile=0x1158, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0226.318] DeleteDC (hdc=0x34010772) returned 1 [0226.318] CloseHandle (hObject=0x1158) returned 1 [0226.318] DeleteObject (ho=0x8e050763) returned 1 [0226.318] DeleteObject (ho=0xeb0501fa) returned 1 [0226.318] DestroyCursor (hCursor=0x150143) returned 1 [0226.318] GetCurrentThreadId () returned 0x6f8 [0226.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\9RW6e1n-GCBYX2lDor.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\9rw6e1n-gcbyx2ldor.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0226.319] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17b96 [0226.324] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x17b96, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x17b96, lpOverlapped=0x0) returned 1 [0226.325] CloseHandle (hObject=0x1158) returned 1 [0226.325] GetCurrentThreadId () returned 0x6f8 [0226.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xb891ff0, dwHighDateTime=0x1d6076d)) [0226.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xb891ff0, dwHighDateTime=0x1d6076d)) [0226.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xb891ff0, dwHighDateTime=0x1d6076d)) [0226.454] GetCurrentThreadId () returned 0x6f8 [0226.454] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xb9c2af0, dwHighDateTime=0x1d6076d)) [0226.454] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xb9c2af0, dwHighDateTime=0x1d6076d)) [0226.455] GetCurrentThreadId () returned 0x6f8 [0226.455] CreateFileW (lpFileName="UQwq.exe" (normalized: "c:\\windows\\system32\\uqwq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.456] CreateFileW (lpFileName="UQwq.exe" (normalized: "c:\\windows\\system32\\uqwq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.456] GetCurrentThreadId () returned 0x6f8 [0226.456] GetCurrentThreadId () returned 0x6f8 [0226.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xb9c2af0, dwHighDateTime=0x1d6076d)) [0226.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xb9c2af0, dwHighDateTime=0x1d6076d)) [0226.457] CreateFileW (lpFileName="UQwq.exe" (normalized: "c:\\windows\\system32\\uqwq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.457] GetCurrentThreadId () returned 0x6f8 [0226.457] BeginUpdateResourceW (pFileName="UQwq.exe" (normalized: "c:\\windows\\system32\\uqwq.exe"), bDeleteExistingResources=0) returned 0x0 [0226.457] CreateFileW (lpFileName="aeks.ico" (normalized: "c:\\windows\\system32\\aeks.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1158 [0226.457] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0226.457] ReadFile (in: hFile=0x1158, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0226.457] CloseHandle (hObject=0x1158) returned 1 [0226.457] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0226.458] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0226.458] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0226.458] CopyFileW (lpExistingFileName="UQwq.exe" (normalized: "c:\\windows\\system32\\uqwq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\9RW6e1n-GCBYX2lDor.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\9rw6e1n-gcbyx2ldor.gif.exe"), bFailIfExists=0) returned 0 [0226.458] SetNamedSecurityInfoW () returned 0x2 [0226.458] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\9RW6e1n-GCBYX2lDor.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\9rw6e1n-gcbyx2ldor.gif")) returned 1 [0226.462] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9a, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9a, lpOverlapped=0x0) returned 1 [0226.462] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0226.462] DeleteFileW (lpFileName="aeks.ico" (normalized: "c:\\windows\\system32\\aeks.ico")) returned 1 [0226.464] DeleteFileW (lpFileName="UQwq.exe" (normalized: "c:\\windows\\system32\\uqwq.exe")) returned 0 [0226.464] GetCurrentThreadId () returned 0x6f8 [0226.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xb9e8c50, dwHighDateTime=0x1d6076d)) [0226.465] GetCurrentThreadId () returned 0x6f8 [0226.465] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xb9e8c50, dwHighDateTime=0x1d6076d)) [0226.465] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab6ee710, ftCreationTime.dwHighDateTime=0x1d5e22f, ftLastAccessTime.dwLowDateTime=0x7c0f5390, ftLastAccessTime.dwHighDateTime=0x1d5de8a, ftLastWriteTime.dwLowDateTime=0x7c0f5390, ftLastWriteTime.dwHighDateTime=0x1d5de8a, nFileSizeHigh=0x0, nFileSizeLow=0x2c60, dwReserved0=0x0, dwReserved1=0x0, cFileName="cei_aLrIfi.png", cAlternateFileName="CEI_AL~1.PNG")) returned 1 [0226.465] GetCurrentThreadId () returned 0x6f8 [0226.465] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xb9e8c50, dwHighDateTime=0x1d6076d)) [0226.465] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\cei_aLrIfi.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\cei_alrifi.png")) returned 0x20 [0226.466] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\cei_aLrIfi.png", dwFileAttributes=0x80) returned 1 [0226.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\cei_aLrIfi.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\cei_alrifi.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0226.475] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2c60 [0226.480] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2c60, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x2c60, lpOverlapped=0x0) returned 1 [0226.481] GetCurrentThreadId () returned 0x6f8 [0226.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xba0edb0, dwHighDateTime=0x1d6076d)) [0226.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xba0edb0, dwHighDateTime=0x1d6076d)) [0226.482] GetCurrentThreadId () returned 0x6f8 [0226.482] CloseHandle (hObject=0x1158) returned 1 [0226.482] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\cei_aLrIfi.png", dwFileAttributes=0x20) returned 1 [0226.482] GetCurrentThreadId () returned 0x6f8 [0226.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xba0edb0, dwHighDateTime=0x1d6076d)) [0226.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xba0edb0, dwHighDateTime=0x1d6076d)) [0226.482] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\cei_aLrIfi.png", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\cei_aLrIfi.png", piIcon=0x4e4efc4) returned 0x160143 [0226.494] GetIconInfo (in: hIcon=0x160143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0226.494] CreateFileW (lpFileName="okMk.ico" (normalized: "c:\\windows\\system32\\okmk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0226.495] GetObjectA (in: h=0x4005016f, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0226.495] GetObjectA (in: h=0xf1050771, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0226.495] CreateCompatibleDC (hdc=0x0) returned 0x9d0101fb [0226.495] GetDIBits (in: hdc=0x9d0101fb, hbm=0x4005016f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0226.496] GetDIBits (in: hdc=0x9d0101fb, hbm=0x4005016f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0226.496] GetDIBits (in: hdc=0x9d0101fb, hbm=0x4005016f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0226.496] GetDIBits (in: hdc=0x9d0101fb, hbm=0xf1050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0226.496] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0226.497] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0226.498] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0226.498] WriteFile (in: hFile=0x1154, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0226.498] WriteFile (in: hFile=0x1154, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0226.498] DeleteDC (hdc=0x9d0101fb) returned 1 [0226.498] CloseHandle (hObject=0x1154) returned 1 [0226.499] DeleteObject (ho=0x4005016f) returned 1 [0226.499] DeleteObject (ho=0xf1050771) returned 1 [0226.499] DestroyCursor (hCursor=0x160143) returned 1 [0226.499] GetCurrentThreadId () returned 0x6f8 [0226.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\cei_aLrIfi.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\cei_alrifi.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0226.499] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2c60 [0226.504] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2c60, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x2c60, lpOverlapped=0x0) returned 1 [0226.504] CloseHandle (hObject=0x1154) returned 1 [0226.505] GetCurrentThreadId () returned 0x6f8 [0226.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xba34f10, dwHighDateTime=0x1d6076d)) [0226.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xba34f10, dwHighDateTime=0x1d6076d)) [0226.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xba34f10, dwHighDateTime=0x1d6076d)) [0226.641] GetCurrentThreadId () returned 0x6f8 [0226.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xbb8bb70, dwHighDateTime=0x1d6076d)) [0226.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xbb8bb70, dwHighDateTime=0x1d6076d)) [0226.642] GetCurrentThreadId () returned 0x6f8 [0226.642] CreateFileW (lpFileName="UsQY.exe" (normalized: "c:\\windows\\system32\\usqy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.642] CreateFileW (lpFileName="UsQY.exe" (normalized: "c:\\windows\\system32\\usqy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.643] GetCurrentThreadId () returned 0x6f8 [0226.643] GetCurrentThreadId () returned 0x6f8 [0226.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xbb8bb70, dwHighDateTime=0x1d6076d)) [0226.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xbb8bb70, dwHighDateTime=0x1d6076d)) [0226.643] CreateFileW (lpFileName="UsQY.exe" (normalized: "c:\\windows\\system32\\usqy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.643] GetCurrentThreadId () returned 0x6f8 [0226.643] BeginUpdateResourceW (pFileName="UsQY.exe" (normalized: "c:\\windows\\system32\\usqy.exe"), bDeleteExistingResources=0) returned 0x0 [0226.643] CreateFileW (lpFileName="okMk.ico" (normalized: "c:\\windows\\system32\\okmk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1154 [0226.643] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0226.644] ReadFile (in: hFile=0x1154, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0226.644] CloseHandle (hObject=0x1154) returned 1 [0226.644] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0226.644] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0226.644] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0226.644] CopyFileW (lpExistingFileName="UsQY.exe" (normalized: "c:\\windows\\system32\\usqy.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\cei_aLrIfi.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\cei_alrifi.png.exe"), bFailIfExists=0) returned 0 [0226.644] SetNamedSecurityInfoW () returned 0x2 [0226.645] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\cei_aLrIfi.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\cei_alrifi.png")) returned 1 [0226.646] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x8a, lpOverlapped=0x0) returned 1 [0226.647] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0226.647] DeleteFileW (lpFileName="okMk.ico" (normalized: "c:\\windows\\system32\\okmk.ico")) returned 1 [0226.648] DeleteFileW (lpFileName="UsQY.exe" (normalized: "c:\\windows\\system32\\usqy.exe")) returned 0 [0226.648] GetCurrentThreadId () returned 0x6f8 [0226.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xbb8bb70, dwHighDateTime=0x1d6076d)) [0226.648] GetCurrentThreadId () returned 0x6f8 [0226.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xbb8bb70, dwHighDateTime=0x1d6076d)) [0226.648] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x570c8f00, ftCreationTime.dwHighDateTime=0x1d5dce5, ftLastAccessTime.dwLowDateTime=0x6ec39240, ftLastAccessTime.dwHighDateTime=0x1d5e241, ftLastWriteTime.dwLowDateTime=0x6ec39240, ftLastWriteTime.dwHighDateTime=0x1d5e241, nFileSizeHigh=0x0, nFileSizeLow=0x133b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_hGjv.gif", cAlternateFileName="")) returned 1 [0226.648] GetCurrentThreadId () returned 0x6f8 [0226.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xbb8bb70, dwHighDateTime=0x1d6076d)) [0226.649] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\F_hGjv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\f_hgjv.gif")) returned 0x20 [0226.650] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\F_hGjv.gif", dwFileAttributes=0x80) returned 1 [0226.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\F_hGjv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\f_hgjv.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0226.650] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x133b2 [0226.656] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x133b2, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x133b2, lpOverlapped=0x0) returned 1 [0226.677] GetCurrentThreadId () returned 0x6f8 [0226.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xbbd7e30, dwHighDateTime=0x1d6076d)) [0226.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xbbd7e30, dwHighDateTime=0x1d6076d)) [0226.677] GetCurrentThreadId () returned 0x6f8 [0226.678] CloseHandle (hObject=0x1154) returned 1 [0226.678] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\F_hGjv.gif", dwFileAttributes=0x20) returned 1 [0226.678] GetCurrentThreadId () returned 0x6f8 [0226.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xbbd7e30, dwHighDateTime=0x1d6076d)) [0226.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xbbd7e30, dwHighDateTime=0x1d6076d)) [0226.678] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\F_hGjv.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\F_hGjv.gif", piIcon=0x4e4efc4) returned 0x170143 [0226.690] GetIconInfo (in: hIcon=0x170143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0226.690] CreateFileW (lpFileName="CyUk.ico" (normalized: "c:\\windows\\system32\\cyuk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0226.691] GetObjectA (in: h=0xee0501fa, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0226.691] GetObjectA (in: h=0x93050763, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0226.691] CreateCompatibleDC (hdc=0x0) returned 0x10770 [0226.691] GetDIBits (in: hdc=0x10770, hbm=0xee0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0226.691] GetDIBits (in: hdc=0x10770, hbm=0xee0501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0226.691] GetDIBits (in: hdc=0x10770, hbm=0xee0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0226.691] GetDIBits (in: hdc=0x10770, hbm=0x93050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0226.691] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0226.692] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0226.692] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0226.692] WriteFile (in: hFile=0x1158, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0226.693] WriteFile (in: hFile=0x1158, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0226.693] DeleteDC (hdc=0x10770) returned 1 [0226.693] CloseHandle (hObject=0x1158) returned 1 [0226.693] DeleteObject (ho=0xee0501fa) returned 1 [0226.693] DeleteObject (ho=0x93050763) returned 1 [0226.693] DestroyCursor (hCursor=0x170143) returned 1 [0226.693] GetCurrentThreadId () returned 0x6f8 [0226.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\F_hGjv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\f_hgjv.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0226.693] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x133b2 [0226.699] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x133b2, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x133b2, lpOverlapped=0x0) returned 1 [0226.699] CloseHandle (hObject=0x1158) returned 1 [0226.699] GetCurrentThreadId () returned 0x6f8 [0226.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xbc240f0, dwHighDateTime=0x1d6076d)) [0226.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xbc240f0, dwHighDateTime=0x1d6076d)) [0226.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xbc240f0, dwHighDateTime=0x1d6076d)) [0226.867] GetCurrentThreadId () returned 0x6f8 [0226.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xbda0eb0, dwHighDateTime=0x1d6076d)) [0226.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xbda0eb0, dwHighDateTime=0x1d6076d)) [0226.867] GetCurrentThreadId () returned 0x6f8 [0226.867] CreateFileW (lpFileName="YEQM.exe" (normalized: "c:\\windows\\system32\\yeqm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.871] CreateFileW (lpFileName="YEQM.exe" (normalized: "c:\\windows\\system32\\yeqm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.871] GetCurrentThreadId () returned 0x6f8 [0226.871] GetCurrentThreadId () returned 0x6f8 [0226.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.871] CreateFileW (lpFileName="YEQM.exe" (normalized: "c:\\windows\\system32\\yeqm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.871] GetCurrentThreadId () returned 0x6f8 [0226.871] BeginUpdateResourceW (pFileName="YEQM.exe" (normalized: "c:\\windows\\system32\\yeqm.exe"), bDeleteExistingResources=0) returned 0x0 [0226.871] CreateFileW (lpFileName="CyUk.ico" (normalized: "c:\\windows\\system32\\cyuk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1158 [0226.872] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0226.872] ReadFile (in: hFile=0x1158, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0226.872] CloseHandle (hObject=0x1158) returned 1 [0226.872] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0226.872] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0226.872] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0226.872] CopyFileW (lpExistingFileName="YEQM.exe" (normalized: "c:\\windows\\system32\\yeqm.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\F_hGjv.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\f_hgjv.gif.exe"), bFailIfExists=0) returned 0 [0226.873] SetNamedSecurityInfoW () returned 0x2 [0226.873] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\F_hGjv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\f_hgjv.gif")) returned 1 [0226.875] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x82, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x82, lpOverlapped=0x0) returned 1 [0226.875] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0226.875] DeleteFileW (lpFileName="CyUk.ico" (normalized: "c:\\windows\\system32\\cyuk.ico")) returned 1 [0226.876] DeleteFileW (lpFileName="YEQM.exe" (normalized: "c:\\windows\\system32\\yeqm.exe")) returned 0 [0226.876] GetCurrentThreadId () returned 0x6f8 [0226.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.876] GetCurrentThreadId () returned 0x6f8 [0226.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.876] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798fa6b0, ftCreationTime.dwHighDateTime=0x1d5d86d, ftLastAccessTime.dwLowDateTime=0xaeb91c30, ftLastAccessTime.dwHighDateTime=0x1d5e3f4, ftLastWriteTime.dwLowDateTime=0xaeb91c30, ftLastWriteTime.dwHighDateTime=0x1d5e3f4, nFileSizeHigh=0x0, nFileSizeLow=0x2c29, dwReserved0=0x0, dwReserved1=0x0, cFileName="g1_X_hewKjDbJqRQoGji.jpg", cAlternateFileName="G1_X_H~1.JPG")) returned 1 [0226.877] GetCurrentThreadId () returned 0x6f8 [0226.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.877] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\g1_X_hewKjDbJqRQoGji.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\g1_x_hewkjdbjqrqogji.jpg")) returned 0x20 [0226.877] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\g1_X_hewKjDbJqRQoGji.jpg", dwFileAttributes=0x80) returned 1 [0226.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\g1_X_hewKjDbJqRQoGji.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\g1_x_hewkjdbjqrqogji.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0226.877] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2c29 [0226.883] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2c29, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x2c29, lpOverlapped=0x0) returned 1 [0226.884] GetCurrentThreadId () returned 0x6f8 [0226.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.884] GetCurrentThreadId () returned 0x6f8 [0226.885] CloseHandle (hObject=0x1158) returned 1 [0226.885] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\g1_X_hewKjDbJqRQoGji.jpg", dwFileAttributes=0x20) returned 1 [0226.885] GetCurrentThreadId () returned 0x6f8 [0226.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.885] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\g1_X_hewKjDbJqRQoGji.jpg", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\g1_X_hewKjDbJqRQoGji.jpg", piIcon=0x4e4efc4) returned 0x180143 [0226.897] GetIconInfo (in: hIcon=0x180143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0226.897] CreateFileW (lpFileName="aKAc.ico" (normalized: "c:\\windows\\system32\\akac.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0226.898] GetObjectA (in: h=0xf4050771, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0226.898] GetObjectA (in: h=0x4505016f, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0226.898] CreateCompatibleDC (hdc=0x0) returned 0x5e01018d [0226.898] GetDIBits (in: hdc=0x5e01018d, hbm=0xf4050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0226.898] GetDIBits (in: hdc=0x5e01018d, hbm=0xf4050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0226.898] GetDIBits (in: hdc=0x5e01018d, hbm=0xf4050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0226.898] GetDIBits (in: hdc=0x5e01018d, hbm=0x4505016f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0226.899] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0226.902] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0226.902] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0226.902] WriteFile (in: hFile=0x1154, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0226.902] WriteFile (in: hFile=0x1154, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0226.903] DeleteDC (hdc=0x5e01018d) returned 1 [0226.903] CloseHandle (hObject=0x1154) returned 1 [0226.903] DeleteObject (ho=0xf4050771) returned 1 [0226.903] DeleteObject (ho=0x4505016f) returned 1 [0226.903] DestroyCursor (hCursor=0x180143) returned 1 [0226.903] GetCurrentThreadId () returned 0x6f8 [0226.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\g1_X_hewKjDbJqRQoGji.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\g1_x_hewkjdbjqrqogji.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0226.903] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2c29 [0226.908] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2c29, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x2c29, lpOverlapped=0x0) returned 1 [0226.909] CloseHandle (hObject=0x1154) returned 1 [0226.909] GetCurrentThreadId () returned 0x6f8 [0226.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xbe132d0, dwHighDateTime=0x1d6076d)) [0226.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xbe132d0, dwHighDateTime=0x1d6076d)) [0226.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xbe132d0, dwHighDateTime=0x1d6076d)) [0226.974] GetCurrentThreadId () returned 0x6f8 [0226.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xbeab850, dwHighDateTime=0x1d6076d)) [0226.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xbeab850, dwHighDateTime=0x1d6076d)) [0226.974] GetCurrentThreadId () returned 0x6f8 [0226.974] CreateFileW (lpFileName="wYQW.exe" (normalized: "c:\\windows\\system32\\wyqw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.975] CreateFileW (lpFileName="wYQW.exe" (normalized: "c:\\windows\\system32\\wyqw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.975] GetCurrentThreadId () returned 0x6f8 [0226.975] GetCurrentThreadId () returned 0x6f8 [0226.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xbeab850, dwHighDateTime=0x1d6076d)) [0226.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xbeab850, dwHighDateTime=0x1d6076d)) [0226.976] CreateFileW (lpFileName="wYQW.exe" (normalized: "c:\\windows\\system32\\wyqw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.976] GetCurrentThreadId () returned 0x6f8 [0226.976] BeginUpdateResourceW (pFileName="wYQW.exe" (normalized: "c:\\windows\\system32\\wyqw.exe"), bDeleteExistingResources=0) returned 0x0 [0226.976] CreateFileW (lpFileName="aKAc.ico" (normalized: "c:\\windows\\system32\\akac.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1154 [0226.976] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0226.976] ReadFile (in: hFile=0x1154, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0226.976] CloseHandle (hObject=0x1154) returned 1 [0226.976] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0226.977] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0226.977] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0226.977] CopyFileW (lpExistingFileName="wYQW.exe" (normalized: "c:\\windows\\system32\\wyqw.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\g1_X_hewKjDbJqRQoGji.jpg.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\g1_x_hewkjdbjqrqogji.jpg.exe"), bFailIfExists=0) returned 0 [0226.977] SetNamedSecurityInfoW () returned 0x2 [0226.977] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\g1_X_hewKjDbJqRQoGji.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\g1_x_hewkjdbjqrqogji.jpg")) returned 1 [0226.979] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9e, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9e, lpOverlapped=0x0) returned 1 [0226.979] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0226.979] DeleteFileW (lpFileName="aKAc.ico" (normalized: "c:\\windows\\system32\\akac.ico")) returned 1 [0226.980] DeleteFileW (lpFileName="wYQW.exe" (normalized: "c:\\windows\\system32\\wyqw.exe")) returned 0 [0226.981] GetCurrentThreadId () returned 0x6f8 [0226.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xbed19b0, dwHighDateTime=0x1d6076d)) [0226.981] GetCurrentThreadId () returned 0x6f8 [0226.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xbed19b0, dwHighDateTime=0x1d6076d)) [0226.981] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2704c860, ftCreationTime.dwHighDateTime=0x1d5dcd4, ftLastAccessTime.dwLowDateTime=0x2e7a2840, ftLastAccessTime.dwHighDateTime=0x1d5d9c5, ftLastWriteTime.dwLowDateTime=0x2e7a2840, ftLastWriteTime.dwHighDateTime=0x1d5d9c5, nFileSizeHigh=0x0, nFileSizeLow=0x160d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hh5gNk.gif", cAlternateFileName="")) returned 1 [0226.981] GetCurrentThreadId () returned 0x6f8 [0226.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xbed19b0, dwHighDateTime=0x1d6076d)) [0226.981] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\Hh5gNk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\hh5gnk.gif")) returned 0x20 [0226.984] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\Hh5gNk.gif", dwFileAttributes=0x80) returned 1 [0226.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\Hh5gNk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\hh5gnk.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0226.984] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x160d9 [0226.989] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x160d9, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x160d9, lpOverlapped=0x0) returned 1 [0226.992] GetCurrentThreadId () returned 0x6f8 [0226.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xbed19b0, dwHighDateTime=0x1d6076d)) [0226.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xbed19b0, dwHighDateTime=0x1d6076d)) [0226.992] GetCurrentThreadId () returned 0x6f8 [0226.992] CloseHandle (hObject=0x1154) returned 1 [0226.992] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\Hh5gNk.gif", dwFileAttributes=0x20) returned 1 [0226.992] GetCurrentThreadId () returned 0x6f8 [0226.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xbed19b0, dwHighDateTime=0x1d6076d)) [0226.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xbed19b0, dwHighDateTime=0x1d6076d)) [0226.993] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\Hh5gNk.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\Hh5gNk.gif", piIcon=0x4e4efc4) returned 0x190143 [0227.003] GetIconInfo (in: hIcon=0x190143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0227.003] CreateFileW (lpFileName="Ecwc.ico" (normalized: "c:\\windows\\system32\\ecwc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.004] GetObjectA (in: h=0x96050763, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0227.004] GetObjectA (in: h=0xf30501fa, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0227.004] CreateCompatibleDC (hdc=0x0) returned 0x48010776 [0227.004] GetDIBits (in: hdc=0x48010776, hbm=0x96050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0227.004] GetDIBits (in: hdc=0x48010776, hbm=0x96050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0227.004] GetDIBits (in: hdc=0x48010776, hbm=0x96050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0227.004] GetDIBits (in: hdc=0x48010776, hbm=0xf30501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0227.004] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0227.005] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0227.005] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0227.005] WriteFile (in: hFile=0x1158, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0227.006] WriteFile (in: hFile=0x1158, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0227.006] DeleteDC (hdc=0x48010776) returned 1 [0227.006] CloseHandle (hObject=0x1158) returned 1 [0227.006] DeleteObject (ho=0x96050763) returned 1 [0227.006] DeleteObject (ho=0xf30501fa) returned 1 [0227.006] DestroyCursor (hCursor=0x190143) returned 1 [0227.006] GetCurrentThreadId () returned 0x6f8 [0227.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\Hh5gNk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\hh5gnk.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.006] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x160d9 [0227.040] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x160d9, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x160d9, lpOverlapped=0x0) returned 1 [0227.041] CloseHandle (hObject=0x1158) returned 1 [0227.041] GetCurrentThreadId () returned 0x6f8 [0227.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xbf43dd0, dwHighDateTime=0x1d6076d)) [0227.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xbf43dd0, dwHighDateTime=0x1d6076d)) [0227.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xbf43dd0, dwHighDateTime=0x1d6076d)) [0227.139] GetCurrentThreadId () returned 0x6f8 [0227.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc04e770, dwHighDateTime=0x1d6076d)) [0227.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc04e770, dwHighDateTime=0x1d6076d)) [0227.139] GetCurrentThreadId () returned 0x6f8 [0227.139] CreateFileW (lpFileName="eUYq.exe" (normalized: "c:\\windows\\system32\\euyq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.140] CreateFileW (lpFileName="eUYq.exe" (normalized: "c:\\windows\\system32\\euyq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.140] GetCurrentThreadId () returned 0x6f8 [0227.140] GetCurrentThreadId () returned 0x6f8 [0227.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc04e770, dwHighDateTime=0x1d6076d)) [0227.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc04e770, dwHighDateTime=0x1d6076d)) [0227.140] CreateFileW (lpFileName="eUYq.exe" (normalized: "c:\\windows\\system32\\euyq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.140] GetCurrentThreadId () returned 0x6f8 [0227.141] BeginUpdateResourceW (pFileName="eUYq.exe" (normalized: "c:\\windows\\system32\\euyq.exe"), bDeleteExistingResources=0) returned 0x0 [0227.141] CreateFileW (lpFileName="Ecwc.ico" (normalized: "c:\\windows\\system32\\ecwc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1158 [0227.141] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0227.141] ReadFile (in: hFile=0x1158, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0227.141] CloseHandle (hObject=0x1158) returned 1 [0227.141] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0227.142] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0227.142] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0227.142] CopyFileW (lpExistingFileName="eUYq.exe" (normalized: "c:\\windows\\system32\\euyq.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\Hh5gNk.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\hh5gnk.gif.exe"), bFailIfExists=0) returned 0 [0227.142] SetNamedSecurityInfoW () returned 0x2 [0227.142] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\Hh5gNk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\hh5gnk.gif")) returned 1 [0227.144] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x82, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x82, lpOverlapped=0x0) returned 1 [0227.145] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0227.145] DeleteFileW (lpFileName="Ecwc.ico" (normalized: "c:\\windows\\system32\\ecwc.ico")) returned 1 [0227.146] DeleteFileW (lpFileName="eUYq.exe" (normalized: "c:\\windows\\system32\\euyq.exe")) returned 0 [0227.146] GetCurrentThreadId () returned 0x6f8 [0227.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xc04e770, dwHighDateTime=0x1d6076d)) [0227.146] GetCurrentThreadId () returned 0x6f8 [0227.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc04e770, dwHighDateTime=0x1d6076d)) [0227.146] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13e77f20, ftCreationTime.dwHighDateTime=0x1d5db76, ftLastAccessTime.dwLowDateTime=0x2b5aec00, ftLastAccessTime.dwHighDateTime=0x1d5e6ac, ftLastWriteTime.dwLowDateTime=0x2b5aec00, ftLastWriteTime.dwHighDateTime=0x1d5e6ac, nFileSizeHigh=0x0, nFileSizeLow=0x2a63, dwReserved0=0x0, dwReserved1=0x0, cFileName="IzsqWmb-VfL_K_EXhb.gif", cAlternateFileName="IZSQWM~1.GIF")) returned 1 [0227.146] GetCurrentThreadId () returned 0x6f8 [0227.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xc04e770, dwHighDateTime=0x1d6076d)) [0227.147] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\IzsqWmb-VfL_K_EXhb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\izsqwmb-vfl_k_exhb.gif")) returned 0x20 [0227.147] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\IzsqWmb-VfL_K_EXhb.gif", dwFileAttributes=0x80) returned 1 [0227.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\IzsqWmb-VfL_K_EXhb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\izsqwmb-vfl_k_exhb.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.148] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2a63 [0227.153] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2a63, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x2a63, lpOverlapped=0x0) returned 1 [0227.155] GetCurrentThreadId () returned 0x6f8 [0227.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc0748d0, dwHighDateTime=0x1d6076d)) [0227.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc0748d0, dwHighDateTime=0x1d6076d)) [0227.155] GetCurrentThreadId () returned 0x6f8 [0227.156] CloseHandle (hObject=0x1158) returned 1 [0227.156] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\IzsqWmb-VfL_K_EXhb.gif", dwFileAttributes=0x20) returned 1 [0227.156] GetCurrentThreadId () returned 0x6f8 [0227.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc0748d0, dwHighDateTime=0x1d6076d)) [0227.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc0748d0, dwHighDateTime=0x1d6076d)) [0227.156] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\IzsqWmb-VfL_K_EXhb.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\IzsqWmb-VfL_K_EXhb.gif", piIcon=0x4e4efc4) returned 0x1a0143 [0227.167] GetIconInfo (in: hIcon=0x1a0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0227.167] CreateFileW (lpFileName="CkQQ.ico" (normalized: "c:\\windows\\system32\\ckqq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0227.168] GetObjectA (in: h=0x4805016f, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0227.168] GetObjectA (in: h=0xf9050771, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0227.168] CreateCompatibleDC (hdc=0x0) returned 0x41010772 [0227.168] GetDIBits (in: hdc=0x41010772, hbm=0x4805016f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0227.168] GetDIBits (in: hdc=0x41010772, hbm=0x4805016f, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0227.168] GetDIBits (in: hdc=0x41010772, hbm=0x4805016f, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0227.168] GetDIBits (in: hdc=0x41010772, hbm=0xf9050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0227.168] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0227.169] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0227.170] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0227.170] WriteFile (in: hFile=0x1154, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0227.170] WriteFile (in: hFile=0x1154, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0227.170] DeleteDC (hdc=0x41010772) returned 1 [0227.170] CloseHandle (hObject=0x1154) returned 1 [0227.170] DeleteObject (ho=0x4805016f) returned 1 [0227.170] DeleteObject (ho=0xf9050771) returned 1 [0227.170] DestroyCursor (hCursor=0x1a0143) returned 1 [0227.171] GetCurrentThreadId () returned 0x6f8 [0227.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\IzsqWmb-VfL_K_EXhb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\izsqwmb-vfl_k_exhb.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0227.171] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2a63 [0227.176] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x2a63, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x2a63, lpOverlapped=0x0) returned 1 [0227.176] CloseHandle (hObject=0x1154) returned 1 [0227.176] GetCurrentThreadId () returned 0x6f8 [0227.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc09aa30, dwHighDateTime=0x1d6076d)) [0227.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc09aa30, dwHighDateTime=0x1d6076d)) [0227.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xc09aa30, dwHighDateTime=0x1d6076d)) [0227.276] GetCurrentThreadId () returned 0x6f8 [0227.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc1a53d0, dwHighDateTime=0x1d6076d)) [0227.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc1a53d0, dwHighDateTime=0x1d6076d)) [0227.276] GetCurrentThreadId () returned 0x6f8 [0227.276] CreateFileW (lpFileName="owMS.exe" (normalized: "c:\\windows\\system32\\owms.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.277] CreateFileW (lpFileName="owMS.exe" (normalized: "c:\\windows\\system32\\owms.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.277] GetCurrentThreadId () returned 0x6f8 [0227.277] GetCurrentThreadId () returned 0x6f8 [0227.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc1a53d0, dwHighDateTime=0x1d6076d)) [0227.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc1a53d0, dwHighDateTime=0x1d6076d)) [0227.277] CreateFileW (lpFileName="owMS.exe" (normalized: "c:\\windows\\system32\\owms.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.277] GetCurrentThreadId () returned 0x6f8 [0227.278] BeginUpdateResourceW (pFileName="owMS.exe" (normalized: "c:\\windows\\system32\\owms.exe"), bDeleteExistingResources=0) returned 0x0 [0227.278] CreateFileW (lpFileName="CkQQ.ico" (normalized: "c:\\windows\\system32\\ckqq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1154 [0227.278] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0227.278] ReadFile (in: hFile=0x1154, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0227.278] CloseHandle (hObject=0x1154) returned 1 [0227.278] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0227.279] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0227.279] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0227.279] CopyFileW (lpExistingFileName="owMS.exe" (normalized: "c:\\windows\\system32\\owms.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\IzsqWmb-VfL_K_EXhb.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\izsqwmb-vfl_k_exhb.gif.exe"), bFailIfExists=0) returned 0 [0227.279] SetNamedSecurityInfoW () returned 0x2 [0227.279] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\IzsqWmb-VfL_K_EXhb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\izsqwmb-vfl_k_exhb.gif")) returned 1 [0227.281] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x9a, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x9a, lpOverlapped=0x0) returned 1 [0227.281] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0227.282] DeleteFileW (lpFileName="CkQQ.ico" (normalized: "c:\\windows\\system32\\ckqq.ico")) returned 1 [0227.284] DeleteFileW (lpFileName="owMS.exe" (normalized: "c:\\windows\\system32\\owms.exe")) returned 0 [0227.284] GetCurrentThreadId () returned 0x6f8 [0227.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xc1a53d0, dwHighDateTime=0x1d6076d)) [0227.284] GetCurrentThreadId () returned 0x6f8 [0227.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc1a53d0, dwHighDateTime=0x1d6076d)) [0227.284] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdaadd9e0, ftCreationTime.dwHighDateTime=0x1d5e208, ftLastAccessTime.dwLowDateTime=0xd4b48f60, ftLastAccessTime.dwHighDateTime=0x1d5dcd7, ftLastWriteTime.dwLowDateTime=0xd4b48f60, ftLastWriteTime.dwHighDateTime=0x1d5dcd7, nFileSizeHigh=0x0, nFileSizeLow=0xa23f, dwReserved0=0x0, dwReserved1=0x0, cFileName="juzCN enZxbJNy2q.bmp", cAlternateFileName="JUZCNE~1.BMP")) returned 1 [0227.285] GetCurrentThreadId () returned 0x6f8 [0227.285] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xc1a53d0, dwHighDateTime=0x1d6076d)) [0227.285] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\juzCN enZxbJNy2q.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\juzcn enzxbjny2q.bmp")) returned 0x20 [0227.285] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\juzCN enZxbJNy2q.bmp", dwFileAttributes=0x80) returned 1 [0227.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\juzCN enZxbJNy2q.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\juzcn enzxbjny2q.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0227.286] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa23f [0227.291] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa23f, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xa23f, lpOverlapped=0x0) returned 1 [0227.296] GetCurrentThreadId () returned 0x6f8 [0227.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc1cb530, dwHighDateTime=0x1d6076d)) [0227.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc1cb530, dwHighDateTime=0x1d6076d)) [0227.296] GetCurrentThreadId () returned 0x6f8 [0227.296] CloseHandle (hObject=0x1154) returned 1 [0227.296] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\juzCN enZxbJNy2q.bmp", dwFileAttributes=0x20) returned 1 [0227.297] GetCurrentThreadId () returned 0x6f8 [0227.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc1cb530, dwHighDateTime=0x1d6076d)) [0227.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc1cb530, dwHighDateTime=0x1d6076d)) [0227.297] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\juzCN enZxbJNy2q.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\juzCN enZxbJNy2q.bmp", piIcon=0x4e4efc4) returned 0x1b0143 [0227.303] GetIconInfo (in: hIcon=0x1b0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0227.303] CreateFileW (lpFileName="CeAo.ico" (normalized: "c:\\windows\\system32\\ceao.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0227.304] GetObjectA (in: h=0x9b050763, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0227.304] GetObjectA (in: h=0x4d050776, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0227.304] CreateCompatibleDC (hdc=0x0) returned 0xab0101fb [0227.304] GetDIBits (in: hdc=0xab0101fb, hbm=0x9b050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0227.304] GetDIBits (in: hdc=0xab0101fb, hbm=0x9b050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0227.304] GetDIBits (in: hdc=0xab0101fb, hbm=0x9b050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0227.304] GetDIBits (in: hdc=0xab0101fb, hbm=0x4d050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0227.304] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0227.306] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0227.306] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0227.306] WriteFile (in: hFile=0x1154, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0227.306] WriteFile (in: hFile=0x1154, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0227.307] DeleteDC (hdc=0xab0101fb) returned 1 [0227.307] CloseHandle (hObject=0x1154) returned 1 [0227.315] DeleteObject (ho=0x9b050763) returned 1 [0227.315] DeleteObject (ho=0x4d050776) returned 1 [0227.315] DestroyCursor (hCursor=0x1b0143) returned 1 [0227.315] GetCurrentThreadId () returned 0x6f8 [0227.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\juzCN enZxbJNy2q.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\juzcn enzxbjny2q.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0227.315] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa23f [0227.322] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xa23f, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xa23f, lpOverlapped=0x0) returned 1 [0227.322] CloseHandle (hObject=0x1154) returned 1 [0227.322] GetCurrentThreadId () returned 0x6f8 [0227.322] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc2177f0, dwHighDateTime=0x1d6076d)) [0227.322] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc2177f0, dwHighDateTime=0x1d6076d)) [0227.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xc2177f0, dwHighDateTime=0x1d6076d)) [0227.410] GetCurrentThreadId () returned 0x6f8 [0227.410] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc2d5ed0, dwHighDateTime=0x1d6076d)) [0227.410] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc2d5ed0, dwHighDateTime=0x1d6076d)) [0227.410] GetCurrentThreadId () returned 0x6f8 [0227.410] CreateFileW (lpFileName="igQG.exe" (normalized: "c:\\windows\\system32\\igqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.411] CreateFileW (lpFileName="igQG.exe" (normalized: "c:\\windows\\system32\\igqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.411] GetCurrentThreadId () returned 0x6f8 [0227.411] GetCurrentThreadId () returned 0x6f8 [0227.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc2d5ed0, dwHighDateTime=0x1d6076d)) [0227.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc2d5ed0, dwHighDateTime=0x1d6076d)) [0227.411] CreateFileW (lpFileName="igQG.exe" (normalized: "c:\\windows\\system32\\igqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.411] GetCurrentThreadId () returned 0x6f8 [0227.411] BeginUpdateResourceW (pFileName="igQG.exe" (normalized: "c:\\windows\\system32\\igqg.exe"), bDeleteExistingResources=0) returned 0x0 [0227.411] CreateFileW (lpFileName="CeAo.ico" (normalized: "c:\\windows\\system32\\ceao.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1154 [0227.412] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0227.412] ReadFile (in: hFile=0x1154, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0227.412] CloseHandle (hObject=0x1154) returned 1 [0227.412] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0227.412] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0227.412] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0227.412] CopyFileW (lpExistingFileName="igQG.exe" (normalized: "c:\\windows\\system32\\igqg.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\juzCN enZxbJNy2q.bmp.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\juzcn enzxbjny2q.bmp.exe"), bFailIfExists=0) returned 0 [0227.413] SetNamedSecurityInfoW () returned 0x2 [0227.413] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\juzCN enZxbJNy2q.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\juzcn enzxbjny2q.bmp")) returned 1 [0227.415] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x96, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x96, lpOverlapped=0x0) returned 1 [0227.415] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0227.415] DeleteFileW (lpFileName="CeAo.ico" (normalized: "c:\\windows\\system32\\ceao.ico")) returned 1 [0227.417] DeleteFileW (lpFileName="igQG.exe" (normalized: "c:\\windows\\system32\\igqg.exe")) returned 0 [0227.417] GetCurrentThreadId () returned 0x6f8 [0227.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xc2d5ed0, dwHighDateTime=0x1d6076d)) [0227.417] GetCurrentThreadId () returned 0x6f8 [0227.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc2d5ed0, dwHighDateTime=0x1d6076d)) [0227.417] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcad5e150, ftCreationTime.dwHighDateTime=0x1d5e08e, ftLastAccessTime.dwLowDateTime=0x465a1eb0, ftLastAccessTime.dwHighDateTime=0x1d5db9c, ftLastWriteTime.dwLowDateTime=0x465a1eb0, ftLastWriteTime.dwHighDateTime=0x1d5db9c, nFileSizeHigh=0x0, nFileSizeLow=0x9a35, dwReserved0=0x0, dwReserved1=0x0, cFileName="oLtXUtj gWpb1gQ.png", cAlternateFileName="OLTXUT~1.PNG")) returned 1 [0227.417] GetCurrentThreadId () returned 0x6f8 [0227.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xc2d5ed0, dwHighDateTime=0x1d6076d)) [0227.417] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\oLtXUtj gWpb1gQ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\oltxutj gwpb1gq.png")) returned 0x20 [0227.417] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\oLtXUtj gWpb1gQ.png", dwFileAttributes=0x80) returned 1 [0227.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\oLtXUtj gWpb1gQ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\oltxutj gwpb1gq.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0227.418] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9a35 [0227.423] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x9a35, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x9a35, lpOverlapped=0x0) returned 1 [0227.425] GetCurrentThreadId () returned 0x6f8 [0227.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc2fc030, dwHighDateTime=0x1d6076d)) [0227.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc2fc030, dwHighDateTime=0x1d6076d)) [0227.425] GetCurrentThreadId () returned 0x6f8 [0227.425] CloseHandle (hObject=0x1154) returned 1 [0227.425] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\oLtXUtj gWpb1gQ.png", dwFileAttributes=0x20) returned 1 [0227.426] GetCurrentThreadId () returned 0x6f8 [0227.426] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc2fc030, dwHighDateTime=0x1d6076d)) [0227.426] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc2fc030, dwHighDateTime=0x1d6076d)) [0227.426] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\oLtXUtj gWpb1gQ.png", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\oLtXUtj gWpb1gQ.png", piIcon=0x4e4efc4) returned 0x1c0143 [0227.437] GetIconInfo (in: hIcon=0x1c0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0227.437] CreateFileW (lpFileName="EQwQ.ico" (normalized: "c:\\windows\\system32\\eqwq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.438] GetObjectA (in: h=0xfc050771, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0227.438] GetObjectA (in: h=0x4d05016f, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0227.438] CreateCompatibleDC (hdc=0x0) returned 0xb010770 [0227.438] GetDIBits (in: hdc=0xb010770, hbm=0xfc050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0227.438] GetDIBits (in: hdc=0xb010770, hbm=0xfc050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0227.438] GetDIBits (in: hdc=0xb010770, hbm=0xfc050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0227.438] GetDIBits (in: hdc=0xb010770, hbm=0x4d05016f, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0227.438] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0227.440] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0227.440] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0227.440] WriteFile (in: hFile=0x1158, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0227.440] WriteFile (in: hFile=0x1158, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0227.441] DeleteDC (hdc=0xb010770) returned 1 [0227.441] CloseHandle (hObject=0x1158) returned 1 [0227.441] DeleteObject (ho=0xfc050771) returned 1 [0227.441] DeleteObject (ho=0x4d05016f) returned 1 [0227.441] DestroyCursor (hCursor=0x1c0143) returned 1 [0227.441] GetCurrentThreadId () returned 0x6f8 [0227.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\oLtXUtj gWpb1gQ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\oltxutj gwpb1gq.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.441] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9a35 [0227.446] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x9a35, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x9a35, lpOverlapped=0x0) returned 1 [0227.446] CloseHandle (hObject=0x1158) returned 1 [0227.446] GetCurrentThreadId () returned 0x6f8 [0227.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc322190, dwHighDateTime=0x1d6076d)) [0227.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc322190, dwHighDateTime=0x1d6076d)) [0227.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xc322190, dwHighDateTime=0x1d6076d)) [0227.547] GetCurrentThreadId () returned 0x6f8 [0227.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc42cb30, dwHighDateTime=0x1d6076d)) [0227.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc42cb30, dwHighDateTime=0x1d6076d)) [0227.547] GetCurrentThreadId () returned 0x6f8 [0227.547] CreateFileW (lpFileName="KEMM.exe" (normalized: "c:\\windows\\system32\\kemm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.547] CreateFileW (lpFileName="KEMM.exe" (normalized: "c:\\windows\\system32\\kemm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.548] GetCurrentThreadId () returned 0x6f8 [0227.548] GetCurrentThreadId () returned 0x6f8 [0227.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc42cb30, dwHighDateTime=0x1d6076d)) [0227.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc42cb30, dwHighDateTime=0x1d6076d)) [0227.548] CreateFileW (lpFileName="KEMM.exe" (normalized: "c:\\windows\\system32\\kemm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.548] GetCurrentThreadId () returned 0x6f8 [0227.548] BeginUpdateResourceW (pFileName="KEMM.exe" (normalized: "c:\\windows\\system32\\kemm.exe"), bDeleteExistingResources=0) returned 0x0 [0227.548] CreateFileW (lpFileName="EQwQ.ico" (normalized: "c:\\windows\\system32\\eqwq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1158 [0227.548] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0227.549] ReadFile (in: hFile=0x1158, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0227.550] CloseHandle (hObject=0x1158) returned 1 [0227.550] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0227.550] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0227.550] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0227.550] CopyFileW (lpExistingFileName="KEMM.exe" (normalized: "c:\\windows\\system32\\kemm.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\oLtXUtj gWpb1gQ.png.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\oltxutj gwpb1gq.png.exe"), bFailIfExists=0) returned 0 [0227.550] SetNamedSecurityInfoW () returned 0x2 [0227.551] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\oLtXUtj gWpb1gQ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\oltxutj gwpb1gq.png")) returned 1 [0227.553] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x94, lpOverlapped=0x0) returned 1 [0227.553] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0227.553] DeleteFileW (lpFileName="EQwQ.ico" (normalized: "c:\\windows\\system32\\eqwq.ico")) returned 1 [0227.556] DeleteFileW (lpFileName="KEMM.exe" (normalized: "c:\\windows\\system32\\kemm.exe")) returned 0 [0227.556] GetCurrentThreadId () returned 0x6f8 [0227.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xc42cb30, dwHighDateTime=0x1d6076d)) [0227.556] GetCurrentThreadId () returned 0x6f8 [0227.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc42cb30, dwHighDateTime=0x1d6076d)) [0227.556] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13fa38d0, ftCreationTime.dwHighDateTime=0x1d5d97e, ftLastAccessTime.dwLowDateTime=0xfe55f550, ftLastAccessTime.dwHighDateTime=0x1d5e76f, ftLastWriteTime.dwLowDateTime=0xfe55f550, ftLastWriteTime.dwHighDateTime=0x1d5e76f, nFileSizeHigh=0x0, nFileSizeLow=0x13eaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="pmrbXzZ.bmp", cAlternateFileName="")) returned 1 [0227.556] GetCurrentThreadId () returned 0x6f8 [0227.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xc452c90, dwHighDateTime=0x1d6076d)) [0227.556] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\pmrbXzZ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\pmrbxzz.bmp")) returned 0x20 [0227.557] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\pmrbXzZ.bmp", dwFileAttributes=0x80) returned 1 [0227.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\pmrbXzZ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\pmrbxzz.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.557] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13eaf [0227.562] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x13eaf, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x13eaf, lpOverlapped=0x0) returned 1 [0227.565] GetCurrentThreadId () returned 0x6f8 [0227.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc452c90, dwHighDateTime=0x1d6076d)) [0227.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc452c90, dwHighDateTime=0x1d6076d)) [0227.565] GetCurrentThreadId () returned 0x6f8 [0227.566] CloseHandle (hObject=0x1158) returned 1 [0227.566] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\pmrbXzZ.bmp", dwFileAttributes=0x20) returned 1 [0227.566] GetCurrentThreadId () returned 0x6f8 [0227.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc452c90, dwHighDateTime=0x1d6076d)) [0227.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc452c90, dwHighDateTime=0x1d6076d)) [0227.567] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\pmrbXzZ.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\pmrbXzZ.bmp", piIcon=0x4e4efc4) returned 0x1d0143 [0227.574] GetIconInfo (in: hIcon=0x1d0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0227.574] CreateFileW (lpFileName="kKQU.ico" (normalized: "c:\\windows\\system32\\kkqu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.575] GetObjectA (in: h=0xa0050763, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0227.575] GetObjectA (in: h=0xb00501fb, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0227.575] CreateCompatibleDC (hdc=0x0) returned 0x6c01018d [0227.575] GetDIBits (in: hdc=0x6c01018d, hbm=0xa0050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0227.576] GetDIBits (in: hdc=0x6c01018d, hbm=0xa0050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0227.576] GetDIBits (in: hdc=0x6c01018d, hbm=0xa0050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0227.576] GetDIBits (in: hdc=0x6c01018d, hbm=0xb00501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0227.576] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0227.577] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0227.577] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0227.577] WriteFile (in: hFile=0x1158, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0227.578] WriteFile (in: hFile=0x1158, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0227.578] DeleteDC (hdc=0x6c01018d) returned 1 [0227.578] CloseHandle (hObject=0x1158) returned 1 [0227.579] DeleteObject (ho=0xa0050763) returned 1 [0227.579] DeleteObject (ho=0xb00501fb) returned 1 [0227.579] DestroyCursor (hCursor=0x1d0143) returned 1 [0227.580] GetCurrentThreadId () returned 0x6f8 [0227.580] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\pmrbXzZ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\pmrbxzz.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.580] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13eaf [0227.585] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x13eaf, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x13eaf, lpOverlapped=0x0) returned 1 [0227.585] CloseHandle (hObject=0x1158) returned 1 [0227.586] GetCurrentThreadId () returned 0x6f8 [0227.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc478df0, dwHighDateTime=0x1d6076d)) [0227.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc478df0, dwHighDateTime=0x1d6076d)) [0227.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xc478df0, dwHighDateTime=0x1d6076d)) [0227.708] GetCurrentThreadId () returned 0x6f8 [0227.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc5a98f0, dwHighDateTime=0x1d6076d)) [0227.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc5a98f0, dwHighDateTime=0x1d6076d)) [0227.708] GetCurrentThreadId () returned 0x6f8 [0227.708] CreateFileW (lpFileName="uUUA.exe" (normalized: "c:\\windows\\system32\\uuua.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.709] CreateFileW (lpFileName="uUUA.exe" (normalized: "c:\\windows\\system32\\uuua.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.710] GetCurrentThreadId () returned 0x6f8 [0227.710] GetCurrentThreadId () returned 0x6f8 [0227.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc5a98f0, dwHighDateTime=0x1d6076d)) [0227.711] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc5a98f0, dwHighDateTime=0x1d6076d)) [0227.711] CreateFileW (lpFileName="uUUA.exe" (normalized: "c:\\windows\\system32\\uuua.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.711] GetCurrentThreadId () returned 0x6f8 [0227.711] BeginUpdateResourceW (pFileName="uUUA.exe" (normalized: "c:\\windows\\system32\\uuua.exe"), bDeleteExistingResources=0) returned 0x0 [0227.711] CreateFileW (lpFileName="kKQU.ico" (normalized: "c:\\windows\\system32\\kkqu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1158 [0227.711] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0227.711] ReadFile (in: hFile=0x1158, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0227.712] CloseHandle (hObject=0x1158) returned 1 [0227.712] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0227.712] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0227.712] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0227.712] CopyFileW (lpExistingFileName="uUUA.exe" (normalized: "c:\\windows\\system32\\uuua.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\pmrbXzZ.bmp.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\pmrbxzz.bmp.exe"), bFailIfExists=0) returned 0 [0227.713] SetNamedSecurityInfoW () returned 0x2 [0227.713] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\pmrbXzZ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\pmrbxzz.bmp")) returned 1 [0227.715] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x84, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x84, lpOverlapped=0x0) returned 1 [0227.715] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0227.716] DeleteFileW (lpFileName="kKQU.ico" (normalized: "c:\\windows\\system32\\kkqu.ico")) returned 1 [0227.717] DeleteFileW (lpFileName="uUUA.exe" (normalized: "c:\\windows\\system32\\uuua.exe")) returned 0 [0227.717] GetCurrentThreadId () returned 0x6f8 [0227.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xc5cfa50, dwHighDateTime=0x1d6076d)) [0227.717] GetCurrentThreadId () returned 0x6f8 [0227.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc5cfa50, dwHighDateTime=0x1d6076d)) [0227.717] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b88d980, ftCreationTime.dwHighDateTime=0x1d5e158, ftLastAccessTime.dwLowDateTime=0x5bfe6600, ftLastAccessTime.dwHighDateTime=0x1d5d98e, ftLastWriteTime.dwLowDateTime=0x5bfe6600, ftLastWriteTime.dwHighDateTime=0x1d5d98e, nFileSizeHigh=0x0, nFileSizeLow=0xca59, dwReserved0=0x0, dwReserved1=0x0, cFileName="uJZobNbsSsvQ.bmp", cAlternateFileName="UJZOBN~1.BMP")) returned 1 [0227.718] GetCurrentThreadId () returned 0x6f8 [0227.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xc5cfa50, dwHighDateTime=0x1d6076d)) [0227.718] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\uJZobNbsSsvQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\ujzobnbsssvq.bmp")) returned 0x20 [0227.718] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\uJZobNbsSsvQ.bmp", dwFileAttributes=0x80) returned 1 [0227.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\uJZobNbsSsvQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\ujzobnbsssvq.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.719] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xca59 [0227.723] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xca59, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xca59, lpOverlapped=0x0) returned 1 [0227.726] GetCurrentThreadId () returned 0x6f8 [0227.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc5cfa50, dwHighDateTime=0x1d6076d)) [0227.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc5cfa50, dwHighDateTime=0x1d6076d)) [0227.726] GetCurrentThreadId () returned 0x6f8 [0227.727] CloseHandle (hObject=0x1158) returned 1 [0227.727] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\uJZobNbsSsvQ.bmp", dwFileAttributes=0x20) returned 1 [0227.727] GetCurrentThreadId () returned 0x6f8 [0227.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc5cfa50, dwHighDateTime=0x1d6076d)) [0227.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc5cfa50, dwHighDateTime=0x1d6076d)) [0227.727] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\uJZobNbsSsvQ.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\uJZobNbsSsvQ.bmp", piIcon=0x4e4efc4) returned 0x1e0143 [0227.735] GetIconInfo (in: hIcon=0x1e0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0227.735] CreateFileW (lpFileName="MmIE.ico" (normalized: "c:\\windows\\system32\\mmie.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.736] GetObjectA (in: h=0x1050771, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0227.736] GetObjectA (in: h=0x10050770, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0227.736] CreateCompatibleDC (hdc=0x0) returned 0xfe0101fa [0227.736] GetDIBits (in: hdc=0xfe0101fa, hbm=0x1050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0227.736] GetDIBits (in: hdc=0xfe0101fa, hbm=0x1050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0227.736] GetDIBits (in: hdc=0xfe0101fa, hbm=0x1050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0227.736] GetDIBits (in: hdc=0xfe0101fa, hbm=0x10050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0227.736] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0227.741] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0227.741] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0227.741] WriteFile (in: hFile=0x1158, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0227.741] WriteFile (in: hFile=0x1158, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0227.742] DeleteDC (hdc=0xfe0101fa) returned 1 [0227.742] CloseHandle (hObject=0x1158) returned 1 [0227.744] DeleteObject (ho=0x1050771) returned 1 [0227.744] DeleteObject (ho=0x10050770) returned 1 [0227.744] DestroyCursor (hCursor=0x1e0143) returned 1 [0227.744] GetCurrentThreadId () returned 0x6f8 [0227.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\uJZobNbsSsvQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\ujzobnbsssvq.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.744] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xca59 [0227.749] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xca59, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xca59, lpOverlapped=0x0) returned 1 [0227.750] CloseHandle (hObject=0x1158) returned 1 [0227.750] GetCurrentThreadId () returned 0x6f8 [0227.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc61bd10, dwHighDateTime=0x1d6076d)) [0227.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc61bd10, dwHighDateTime=0x1d6076d)) [0227.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xc61bd10, dwHighDateTime=0x1d6076d)) [0227.836] GetCurrentThreadId () returned 0x6f8 [0227.836] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc6da3f0, dwHighDateTime=0x1d6076d)) [0227.836] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc6da3f0, dwHighDateTime=0x1d6076d)) [0227.836] GetCurrentThreadId () returned 0x6f8 [0227.836] CreateFileW (lpFileName="kcEi.exe" (normalized: "c:\\windows\\system32\\kcei.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.837] CreateFileW (lpFileName="kcEi.exe" (normalized: "c:\\windows\\system32\\kcei.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.837] GetCurrentThreadId () returned 0x6f8 [0227.837] GetCurrentThreadId () returned 0x6f8 [0227.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc700550, dwHighDateTime=0x1d6076d)) [0227.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc700550, dwHighDateTime=0x1d6076d)) [0227.837] CreateFileW (lpFileName="kcEi.exe" (normalized: "c:\\windows\\system32\\kcei.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.837] GetCurrentThreadId () returned 0x6f8 [0227.837] BeginUpdateResourceW (pFileName="kcEi.exe" (normalized: "c:\\windows\\system32\\kcei.exe"), bDeleteExistingResources=0) returned 0x0 [0227.837] CreateFileW (lpFileName="MmIE.ico" (normalized: "c:\\windows\\system32\\mmie.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1158 [0227.838] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0227.838] ReadFile (in: hFile=0x1158, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0227.838] CloseHandle (hObject=0x1158) returned 1 [0227.838] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0227.838] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0227.839] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0227.839] CopyFileW (lpExistingFileName="kcEi.exe" (normalized: "c:\\windows\\system32\\kcei.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\uJZobNbsSsvQ.bmp.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\ujzobnbsssvq.bmp.exe"), bFailIfExists=0) returned 0 [0227.839] SetNamedSecurityInfoW () returned 0x2 [0227.839] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\uJZobNbsSsvQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\ujzobnbsssvq.bmp")) returned 1 [0227.841] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x8e, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x8e, lpOverlapped=0x0) returned 1 [0227.842] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0227.842] DeleteFileW (lpFileName="MmIE.ico" (normalized: "c:\\windows\\system32\\mmie.ico")) returned 1 [0227.843] DeleteFileW (lpFileName="kcEi.exe" (normalized: "c:\\windows\\system32\\kcei.exe")) returned 0 [0227.843] GetCurrentThreadId () returned 0x6f8 [0227.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xc700550, dwHighDateTime=0x1d6076d)) [0227.843] GetCurrentThreadId () returned 0x6f8 [0227.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc700550, dwHighDateTime=0x1d6076d)) [0227.843] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3e3cc10, ftCreationTime.dwHighDateTime=0x1d5dd3e, ftLastAccessTime.dwLowDateTime=0xcf6bef70, ftLastAccessTime.dwHighDateTime=0x1d5d823, ftLastWriteTime.dwLowDateTime=0xcf6bef70, ftLastWriteTime.dwHighDateTime=0x1d5d823, nFileSizeHigh=0x0, nFileSizeLow=0x17177, dwReserved0=0x0, dwReserved1=0x0, cFileName="UuC6hNqWj.gif", cAlternateFileName="UUC6HN~1.GIF")) returned 1 [0227.844] GetCurrentThreadId () returned 0x6f8 [0227.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0xc700550, dwHighDateTime=0x1d6076d)) [0227.844] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\UuC6hNqWj.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\uuc6hnqwj.gif")) returned 0x20 [0227.844] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\UuC6hNqWj.gif", dwFileAttributes=0x80) returned 1 [0227.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\UuC6hNqWj.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\uuc6hnqwj.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0227.844] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17177 [0227.849] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x17177, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x17177, lpOverlapped=0x0) returned 1 [0227.852] GetCurrentThreadId () returned 0x6f8 [0227.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc700550, dwHighDateTime=0x1d6076d)) [0227.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0xc700550, dwHighDateTime=0x1d6076d)) [0227.852] GetCurrentThreadId () returned 0x6f8 [0227.852] CloseHandle (hObject=0x1158) returned 1 [0227.852] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\UuC6hNqWj.gif", dwFileAttributes=0x20) returned 1 [0227.853] GetCurrentThreadId () returned 0x6f8 [0227.853] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc7266b0, dwHighDateTime=0x1d6076d)) [0227.853] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0xc7266b0, dwHighDateTime=0x1d6076d)) [0227.853] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\UuC6hNqWj.gif", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\UuC6hNqWj.gif", piIcon=0x4e4efc4) returned 0x1f0143 [0227.869] GetIconInfo (in: hIcon=0x1f0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0227.869] CreateFileW (lpFileName="wEgE.ico" (normalized: "c:\\windows\\system32\\wege.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0227.870] GetObjectA (in: h=0xb30501fb, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0227.870] GetObjectA (in: h=0xa5050763, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0227.870] CreateCompatibleDC (hdc=0x0) returned 0x4c010772 [0227.870] GetDIBits (in: hdc=0x4c010772, hbm=0xb30501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0227.870] GetDIBits (in: hdc=0x4c010772, hbm=0xb30501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0227.870] GetDIBits (in: hdc=0x4c010772, hbm=0xb30501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0227.870] GetDIBits (in: hdc=0x4c010772, hbm=0xa5050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0227.870] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0227.872] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0227.872] WriteFile (in: hFile=0x1154, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0227.872] WriteFile (in: hFile=0x1154, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0227.873] WriteFile (in: hFile=0x1154, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0227.873] DeleteDC (hdc=0x4c010772) returned 1 [0227.873] CloseHandle (hObject=0x1154) returned 1 [0227.873] DeleteObject (ho=0xb30501fb) returned 1 [0227.873] DeleteObject (ho=0xa5050763) returned 1 [0227.873] DestroyCursor (hCursor=0x1f0143) returned 1 [0227.873] GetCurrentThreadId () returned 0x6f8 [0227.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\UuC6hNqWj.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\uuc6hnqwj.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0227.874] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17177 [0227.878] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x17177, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x17177, lpOverlapped=0x0) returned 1 [0227.879] CloseHandle (hObject=0x1154) returned 1 [0227.879] GetCurrentThreadId () returned 0x6f8 [0227.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc74c810, dwHighDateTime=0x1d6076d)) [0227.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0xc74c810, dwHighDateTime=0x1d6076d)) [0227.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0xc74c810, dwHighDateTime=0x1d6076d)) [0227.971] GetCurrentThreadId () returned 0x6f8 [0227.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc831050, dwHighDateTime=0x1d6076d)) [0227.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0xc831050, dwHighDateTime=0x1d6076d)) [0227.971] GetCurrentThreadId () returned 0x6f8 [0227.971] CreateFileW (lpFileName="UgcC.exe" (normalized: "c:\\windows\\system32\\ugcc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.972] CreateFileW (lpFileName="UgcC.exe" (normalized: "c:\\windows\\system32\\ugcc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.973] GetCurrentThreadId () returned 0x6f8 [0227.973] GetCurrentThreadId () returned 0x6f8 [0227.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc831050, dwHighDateTime=0x1d6076d)) [0227.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0xc831050, dwHighDateTime=0x1d6076d)) [0227.973] CreateFileW (lpFileName="UgcC.exe" (normalized: "c:\\windows\\system32\\ugcc.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.973] GetCurrentThreadId () returned 0x6f8 [0227.973] BeginUpdateResourceW (pFileName="UgcC.exe" (normalized: "c:\\windows\\system32\\ugcc.exe"), bDeleteExistingResources=0) returned 0x0 [0227.974] CreateFileW (lpFileName="wEgE.ico" (normalized: "c:\\windows\\system32\\wege.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1154 [0227.974] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0227.974] ReadFile (in: hFile=0x1154, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0227.974] CloseHandle (hObject=0x1154) returned 1 [0227.975] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0227.975] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0227.975] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0227.975] CopyFileW (lpExistingFileName="UgcC.exe" (normalized: "c:\\windows\\system32\\ugcc.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\UuC6hNqWj.gif.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\uuc6hnqwj.gif.exe"), bFailIfExists=0) returned 0 [0227.975] SetNamedSecurityInfoW () returned 0x2 [0227.975] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wADGM-Om NZHxCf\\UuC6hNqWj.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wadgm-om nzhxcf\\uuc6hnqwj.gif")) returned 1 [0227.979] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x88, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x88, lpOverlapped=0x0) returned 1 [0227.980] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0227.980] DeleteFileW (lpFileName="wEgE.ico" (normalized: "c:\\windows\\system32\\wege.ico")) returned 1 [0227.982] DeleteFileW (lpFileName="UgcC.exe" (normalized: "c:\\windows\\system32\\ugcc.exe")) returned 0 [0227.982] GetCurrentThreadId () returned 0x6f8 [0227.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0xc8571b0, dwHighDateTime=0x1d6076d)) [0227.982] GetCurrentThreadId () returned 0x6f8 [0227.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc8571b0, dwHighDateTime=0x1d6076d)) [0227.982] FindNextFileW (in: hFindFile=0x7e6ee18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3e3cc10, ftCreationTime.dwHighDateTime=0x1d5dd3e, ftLastAccessTime.dwLowDateTime=0xcf6bef70, ftLastAccessTime.dwHighDateTime=0x1d5d823, ftLastWriteTime.dwLowDateTime=0xcf6bef70, ftLastWriteTime.dwHighDateTime=0x1d5d823, nFileSizeHigh=0x0, nFileSizeLow=0x17177, dwReserved0=0x0, dwReserved1=0x0, cFileName="UuC6hNqWj.gif", cAlternateFileName="UUC6HN~1.GIF")) returned 0 [0227.982] GetCurrentThreadId () returned 0x6f8 [0227.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc8571b0, dwHighDateTime=0x1d6076d)) [0227.982] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2db4ea60, ftCreationTime.dwHighDateTime=0x1d5dc60, ftLastAccessTime.dwLowDateTime=0xe6412210, ftLastAccessTime.dwHighDateTime=0x1d5dc6a, ftLastWriteTime.dwLowDateTime=0xe6412210, ftLastWriteTime.dwHighDateTime=0x1d5dc6a, nFileSizeHigh=0x0, nFileSizeLow=0x4343, dwReserved0=0x0, dwReserved1=0x0, cFileName="wNq0KKG.bmp", cAlternateFileName="")) returned 1 [0227.983] GetCurrentThreadId () returned 0x6f8 [0227.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f254 | out: lpSystemTimeAsFileTime=0x4e4f254*(dwLowDateTime=0xc8571b0, dwHighDateTime=0x1d6076d)) [0227.983] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wNq0KKG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wnq0kkg.bmp")) returned 0x20 [0227.983] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wNq0KKG.bmp", dwFileAttributes=0x80) returned 1 [0227.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wNq0KKG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wnq0kkg.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1154 [0227.984] GetFileSize (in: hFile=0x1154, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4343 [0227.989] ReadFile (in: hFile=0x1154, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x4343, lpNumberOfBytesRead=0x4e4f22c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f22c*=0x4343, lpOverlapped=0x0) returned 1 [0227.991] GetCurrentThreadId () returned 0x6f8 [0227.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xc8571b0, dwHighDateTime=0x1d6076d)) [0227.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1b4 | out: lpSystemTimeAsFileTime=0x4e4f1b4*(dwLowDateTime=0xc8571b0, dwHighDateTime=0x1d6076d)) [0227.992] GetCurrentThreadId () returned 0x6f8 [0227.992] CloseHandle (hObject=0x1154) returned 1 [0227.992] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wNq0KKG.bmp", dwFileAttributes=0x20) returned 1 [0227.992] GetCurrentThreadId () returned 0x6f8 [0227.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xc8571b0, dwHighDateTime=0x1d6076d)) [0227.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e90c | out: lpSystemTimeAsFileTime=0x4e4e90c*(dwLowDateTime=0xc8571b0, dwHighDateTime=0x1d6076d)) [0227.993] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wNq0KKG.bmp", piIcon=0x4e4f238 | out: pszIconPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wNq0KKG.bmp", piIcon=0x4e4f238) returned 0x200143 [0228.012] GetIconInfo (in: hIcon=0x200143, piconinfo=0x4e4f224 | out: piconinfo=0x4e4f224) returned 1 [0228.012] CreateFileW (lpFileName="mEwc.ico" (normalized: "c:\\windows\\system32\\mewc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0228.013] GetObjectA (in: h=0x13050770, c=24, pv=0x4e4f1e8 | out: pv=0x4e4f1e8) returned 24 [0228.013] GetObjectA (in: h=0x6050771, c=24, pv=0x4e4f200 | out: pv=0x4e4f200) returned 24 [0228.013] CreateCompatibleDC (hdc=0x0) returned 0x59010776 [0228.013] GetDIBits (in: hdc=0x59010776, hbm=0x13050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4ed98) returned 1 [0228.013] GetDIBits (in: hdc=0x59010776, hbm=0x13050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4ed98, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4ed98) returned 32 [0228.014] GetDIBits (in: hdc=0x59010776, hbm=0x13050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e970) returned 1 [0228.014] GetDIBits (in: hdc=0x59010776, hbm=0x6050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e970, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e970) returned 32 [0228.014] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e950*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e950*, lpNumberOfBytesWritten=0x4e4e938*=0x6, lpOverlapped=0x0) returned 1 [0228.015] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4e940*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4e940*, lpNumberOfBytesWritten=0x4e4e938*=0x10, lpOverlapped=0x0) returned 1 [0228.015] WriteFile (in: hFile=0x1158, lpBuffer=0x4e4f1c0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x4e4f1c0*, lpNumberOfBytesWritten=0x4e4e938*=0x28, lpOverlapped=0x0) returned 1 [0228.015] WriteFile (in: hFile=0x1158, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e938*=0x1000, lpOverlapped=0x0) returned 1 [0228.016] WriteFile (in: hFile=0x1158, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e938, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e938*=0x80, lpOverlapped=0x0) returned 1 [0228.016] DeleteDC (hdc=0x59010776) returned 1 [0228.016] CloseHandle (hObject=0x1158) returned 1 [0228.016] DeleteObject (ho=0x13050770) returned 1 [0228.016] DeleteObject (ho=0x6050771) returned 1 [0228.016] DestroyCursor (hCursor=0x200143) returned 1 [0228.016] GetCurrentThreadId () returned 0x6f8 [0228.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wNq0KKG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wnq0kkg.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1158 [0228.017] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4343 [0228.021] ReadFile (in: hFile=0x1158, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x4343, lpNumberOfBytesRead=0x4e4f524, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f524*=0x4343, lpOverlapped=0x0) returned 1 [0228.022] CloseHandle (hObject=0x1158) returned 1 [0228.022] GetCurrentThreadId () returned 0x6f8 [0228.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xc8a3470, dwHighDateTime=0x1d6076d)) [0228.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f184 | out: lpSystemTimeAsFileTime=0x4e4f184*(dwLowDateTime=0xc8a3470, dwHighDateTime=0x1d6076d)) [0228.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f1a0 | out: lpSystemTimeAsFileTime=0x4e4f1a0*(dwLowDateTime=0xc8a3470, dwHighDateTime=0x1d6076d)) [0228.094] GetCurrentThreadId () returned 0x6f8 [0228.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f154 | out: lpSystemTimeAsFileTime=0x4e4f154*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.094] GetCurrentThreadId () returned 0x6f8 [0228.094] CreateFileW (lpFileName="IsYu.exe" (normalized: "c:\\windows\\system32\\isyu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.095] CreateFileW (lpFileName="IsYu.exe" (normalized: "c:\\windows\\system32\\isyu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.095] GetCurrentThreadId () returned 0x6f8 [0228.095] GetCurrentThreadId () returned 0x6f8 [0228.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f214 | out: lpSystemTimeAsFileTime=0x4e4f214*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.095] CreateFileW (lpFileName="IsYu.exe" (normalized: "c:\\windows\\system32\\isyu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.095] GetCurrentThreadId () returned 0x6f8 [0228.095] BeginUpdateResourceW (pFileName="IsYu.exe" (normalized: "c:\\windows\\system32\\isyu.exe"), bDeleteExistingResources=0) returned 0x0 [0228.095] CreateFileW (lpFileName="mEwc.ico" (normalized: "c:\\windows\\system32\\mewc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1158 [0228.096] GetFileSize (in: hFile=0x1158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0228.096] ReadFile (in: hFile=0x1158, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4f238, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4f238*=0x10be, lpOverlapped=0x0) returned 1 [0228.096] CloseHandle (hObject=0x1158) returned 1 [0228.096] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0228.096] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4f224, cb=0x14) returned 0 [0228.096] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0228.096] CopyFileW (lpExistingFileName="IsYu.exe" (normalized: "c:\\windows\\system32\\isyu.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wNq0KKG.bmp.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wnq0kkg.bmp.exe"), bFailIfExists=0) returned 0 [0228.097] SetNamedSecurityInfoW () returned 0x2 [0228.097] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wNq0KKG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wnq0kkg.bmp")) returned 1 [0228.099] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x64, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f27c*=0x64, lpOverlapped=0x0) returned 1 [0228.099] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f27c, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f27c*=0x4, lpOverlapped=0x0) returned 1 [0228.099] DeleteFileW (lpFileName="mEwc.ico" (normalized: "c:\\windows\\system32\\mewc.ico")) returned 1 [0228.101] DeleteFileW (lpFileName="IsYu.exe" (normalized: "c:\\windows\\system32\\isyu.exe")) returned 0 [0228.101] GetCurrentThreadId () returned 0x6f8 [0228.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f22c | out: lpSystemTimeAsFileTime=0x4e4f22c*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.101] GetCurrentThreadId () returned 0x6f8 [0228.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.101] FindNextFileW (in: hFindFile=0x7e6edd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2db4ea60, ftCreationTime.dwHighDateTime=0x1d5dc60, ftLastAccessTime.dwLowDateTime=0xe6412210, ftLastAccessTime.dwHighDateTime=0x1d5dc6a, ftLastWriteTime.dwLowDateTime=0xe6412210, ftLastWriteTime.dwHighDateTime=0x1d5dc6a, nFileSizeHigh=0x0, nFileSizeLow=0x4343, dwReserved0=0x0, dwReserved1=0x0, cFileName="wNq0KKG.bmp", cAlternateFileName="")) returned 0 [0228.101] GetCurrentThreadId () returned 0x6f8 [0228.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.101] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0228.101] GetCurrentThreadId () returned 0x6f8 [0228.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.102] GetCurrentThreadId () returned 0x6f8 [0228.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0228.102] GetCurrentThreadId () returned 0x6f8 [0228.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.102] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0228.102] GetCurrentThreadId () returned 0x6f8 [0228.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc961b50, dwHighDateTime=0x1d6076d)) [0228.102] GetCurrentThreadId () returned 0x6f8 [0228.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0228.102] GetCurrentThreadId () returned 0x6f8 [0228.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.102] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0228.102] GetCurrentThreadId () returned 0x6f8 [0228.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.103] GetCurrentThreadId () returned 0x6f8 [0228.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.103] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ee58 [0228.103] GetCurrentThreadId () returned 0x6f8 [0228.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.103] FindNextFileW (in: hFindFile=0x7e6ee58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.103] GetCurrentThreadId () returned 0x6f8 [0228.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.103] FindNextFileW (in: hFindFile=0x7e6ee58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0228.103] GetCurrentThreadId () returned 0x6f8 [0228.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.103] FindNextFileW (in: hFindFile=0x7e6ee58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0228.104] GetCurrentThreadId () returned 0x6f8 [0228.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.104] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0228.104] GetCurrentThreadId () returned 0x6f8 [0228.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.104] GetCurrentThreadId () returned 0x6f8 [0228.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.104] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ee98 [0228.104] GetCurrentThreadId () returned 0x6f8 [0228.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.104] FindNextFileW (in: hFindFile=0x7e6ee98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.104] GetCurrentThreadId () returned 0x6f8 [0228.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.104] FindNextFileW (in: hFindFile=0x7e6ee98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0228.104] GetCurrentThreadId () returned 0x6f8 [0228.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.105] FindNextFileW (in: hFindFile=0x7e6ee98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0228.105] GetCurrentThreadId () returned 0x6f8 [0228.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.105] FindNextFileW (in: hFindFile=0x7e6ee98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0228.105] GetCurrentThreadId () returned 0x6f8 [0228.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.105] FindNextFileW (in: hFindFile=0x7e6ee98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0228.105] GetCurrentThreadId () returned 0x6f8 [0228.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.105] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0228.105] GetCurrentThreadId () returned 0x6f8 [0228.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.105] GetCurrentThreadId () returned 0x6f8 [0228.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.105] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0228.105] GetCurrentThreadId () returned 0x6f8 [0228.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.105] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0228.105] GetCurrentThreadId () returned 0x6f8 [0228.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.106] GetCurrentThreadId () returned 0x6f8 [0228.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.106] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0228.106] GetCurrentThreadId () returned 0x6f8 [0228.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.106] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0228.106] GetCurrentThreadId () returned 0x6f8 [0228.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.106] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd9f61800, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd9f61800, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0228.106] GetCurrentThreadId () returned 0x6f8 [0228.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.106] GetCurrentThreadId () returned 0x6f8 [0228.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.106] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd9f61800, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd9f61800, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6eed8 [0228.106] GetCurrentThreadId () returned 0x6f8 [0228.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.107] FindNextFileW (in: hFindFile=0x7e6eed8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd9f61800, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd9f61800, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.107] GetCurrentThreadId () returned 0x6f8 [0228.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.107] FindNextFileW (in: hFindFile=0x7e6eed8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6115ef0, ftCreationTime.dwHighDateTime=0x1d5e2b2, ftLastAccessTime.dwLowDateTime=0xcaaa7b0, ftLastAccessTime.dwHighDateTime=0x1d5d9e0, ftLastWriteTime.dwLowDateTime=0xcaaa7b0, ftLastWriteTime.dwHighDateTime=0x1d5d9e0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Al-gbEmHeebC5JXIBp", cAlternateFileName="AL-GBE~1")) returned 1 [0228.107] GetCurrentThreadId () returned 0x6f8 [0228.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.107] GetCurrentThreadId () returned 0x6f8 [0228.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.107] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Al-gbEmHeebC5JXIBp\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6115ef0, ftCreationTime.dwHighDateTime=0x1d5e2b2, ftLastAccessTime.dwLowDateTime=0xcaaa7b0, ftLastAccessTime.dwHighDateTime=0x1d5d9e0, ftLastWriteTime.dwLowDateTime=0xcaaa7b0, ftLastWriteTime.dwHighDateTime=0x1d5d9e0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ef18 [0228.111] GetCurrentThreadId () returned 0x6f8 [0228.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.111] FindNextFileW (in: hFindFile=0x7e6ef18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6115ef0, ftCreationTime.dwHighDateTime=0x1d5e2b2, ftLastAccessTime.dwLowDateTime=0xcaaa7b0, ftLastAccessTime.dwHighDateTime=0x1d5d9e0, ftLastWriteTime.dwLowDateTime=0xcaaa7b0, ftLastWriteTime.dwHighDateTime=0x1d5d9e0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.111] GetCurrentThreadId () returned 0x6f8 [0228.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.111] FindNextFileW (in: hFindFile=0x7e6ef18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc925b210, ftCreationTime.dwHighDateTime=0x1d5da74, ftLastAccessTime.dwLowDateTime=0xa2bd7af0, ftLastAccessTime.dwHighDateTime=0x1d5e5d1, ftLastWriteTime.dwLowDateTime=0xa2bd7af0, ftLastWriteTime.dwHighDateTime=0x1d5e5d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6DcffnM5jAs5nIO", cAlternateFileName="6DCFFN~1")) returned 1 [0228.111] GetCurrentThreadId () returned 0x6f8 [0228.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.111] GetCurrentThreadId () returned 0x6f8 [0228.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.112] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Al-gbEmHeebC5JXIBp\\6DcffnM5jAs5nIO\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc925b210, ftCreationTime.dwHighDateTime=0x1d5da74, ftLastAccessTime.dwLowDateTime=0xa2bd7af0, ftLastAccessTime.dwHighDateTime=0x1d5e5d1, ftLastWriteTime.dwLowDateTime=0xa2bd7af0, ftLastWriteTime.dwHighDateTime=0x1d5e5d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e6ef58 [0228.113] GetCurrentThreadId () returned 0x6f8 [0228.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.113] FindNextFileW (in: hFindFile=0x7e6ef58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc925b210, ftCreationTime.dwHighDateTime=0x1d5da74, ftLastAccessTime.dwLowDateTime=0xa2bd7af0, ftLastAccessTime.dwHighDateTime=0x1d5e5d1, ftLastWriteTime.dwLowDateTime=0xa2bd7af0, ftLastWriteTime.dwHighDateTime=0x1d5e5d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.113] GetCurrentThreadId () returned 0x6f8 [0228.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.113] FindNextFileW (in: hFindFile=0x7e6ef58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc925b210, ftCreationTime.dwHighDateTime=0x1d5da74, ftLastAccessTime.dwLowDateTime=0xa2bd7af0, ftLastAccessTime.dwHighDateTime=0x1d5e5d1, ftLastWriteTime.dwLowDateTime=0xa2bd7af0, ftLastWriteTime.dwHighDateTime=0x1d5e5d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0228.113] GetCurrentThreadId () returned 0x6f8 [0228.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.113] FindNextFileW (in: hFindFile=0x7e6ef18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7103b0d0, ftCreationTime.dwHighDateTime=0x1d5de68, ftLastAccessTime.dwLowDateTime=0x7fba2340, ftLastAccessTime.dwHighDateTime=0x1d5e023, ftLastWriteTime.dwLowDateTime=0x7fba2340, ftLastWriteTime.dwHighDateTime=0x1d5e023, nFileSizeHigh=0x0, nFileSizeLow=0x12366, dwReserved0=0x0, dwReserved1=0x0, cFileName="6Ra0qnQRZcUZ.mp4", cAlternateFileName="6RA0QN~1.MP4")) returned 1 [0228.113] GetCurrentThreadId () returned 0x6f8 [0228.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.113] FindNextFileW (in: hFindFile=0x7e6ef18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4abf69b0, ftCreationTime.dwHighDateTime=0x1d5e2a4, ftLastAccessTime.dwLowDateTime=0x9112adf0, ftLastAccessTime.dwHighDateTime=0x1d5dbe2, ftLastWriteTime.dwLowDateTime=0x9112adf0, ftLastWriteTime.dwHighDateTime=0x1d5dbe2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="m _qosl-hgDsy7", cAlternateFileName="M_QOSL~1")) returned 1 [0228.113] GetCurrentThreadId () returned 0x6f8 [0228.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.113] GetCurrentThreadId () returned 0x6f8 [0228.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.114] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Al-gbEmHeebC5JXIBp\\m _qosl-hgDsy7\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4abf69b0, ftCreationTime.dwHighDateTime=0x1d5e2a4, ftLastAccessTime.dwLowDateTime=0x9112adf0, ftLastAccessTime.dwHighDateTime=0x1d5dbe2, ftLastWriteTime.dwLowDateTime=0x9112adf0, ftLastWriteTime.dwHighDateTime=0x1d5dbe2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034018 [0228.116] GetCurrentThreadId () returned 0x6f8 [0228.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.116] FindNextFileW (in: hFindFile=0x8034018, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4abf69b0, ftCreationTime.dwHighDateTime=0x1d5e2a4, ftLastAccessTime.dwLowDateTime=0x9112adf0, ftLastAccessTime.dwHighDateTime=0x1d5dbe2, ftLastWriteTime.dwLowDateTime=0x9112adf0, ftLastWriteTime.dwHighDateTime=0x1d5dbe2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.117] GetCurrentThreadId () returned 0x6f8 [0228.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.117] FindNextFileW (in: hFindFile=0x8034018, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5adaf510, ftCreationTime.dwHighDateTime=0x1d5e067, ftLastAccessTime.dwLowDateTime=0xe8ad29d0, ftLastAccessTime.dwHighDateTime=0x1d5e54e, ftLastWriteTime.dwLowDateTime=0xe8ad29d0, ftLastWriteTime.dwHighDateTime=0x1d5e54e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AQR24", cAlternateFileName="")) returned 1 [0228.117] GetCurrentThreadId () returned 0x6f8 [0228.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.117] GetCurrentThreadId () returned 0x6f8 [0228.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.117] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Al-gbEmHeebC5JXIBp\\m _qosl-hgDsy7\\AQR24\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5adaf510, ftCreationTime.dwHighDateTime=0x1d5e067, ftLastAccessTime.dwLowDateTime=0xe8ad29d0, ftLastAccessTime.dwHighDateTime=0x1d5e54e, ftLastWriteTime.dwLowDateTime=0xe8ad29d0, ftLastWriteTime.dwHighDateTime=0x1d5e54e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034058 [0228.120] GetCurrentThreadId () returned 0x6f8 [0228.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.120] FindNextFileW (in: hFindFile=0x8034058, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5adaf510, ftCreationTime.dwHighDateTime=0x1d5e067, ftLastAccessTime.dwLowDateTime=0xe8ad29d0, ftLastAccessTime.dwHighDateTime=0x1d5e54e, ftLastWriteTime.dwLowDateTime=0xe8ad29d0, ftLastWriteTime.dwHighDateTime=0x1d5e54e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.120] GetCurrentThreadId () returned 0x6f8 [0228.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.120] FindNextFileW (in: hFindFile=0x8034058, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8a712f0, ftCreationTime.dwHighDateTime=0x1d5ddac, ftLastAccessTime.dwLowDateTime=0x688e9360, ftLastAccessTime.dwHighDateTime=0x1d5dcc5, ftLastWriteTime.dwLowDateTime=0x688e9360, ftLastWriteTime.dwHighDateTime=0x1d5dcc5, nFileSizeHigh=0x0, nFileSizeLow=0xbcc7, dwReserved0=0x0, dwReserved1=0x0, cFileName="lHRWOj_ pGMczuzN.swf", cAlternateFileName="LHRWOJ~1.SWF")) returned 1 [0228.120] GetCurrentThreadId () returned 0x6f8 [0228.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.120] FindNextFileW (in: hFindFile=0x8034058, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf76517e0, ftCreationTime.dwHighDateTime=0x1d5ddbe, ftLastAccessTime.dwLowDateTime=0x4381eb90, ftLastAccessTime.dwHighDateTime=0x1d5e467, ftLastWriteTime.dwLowDateTime=0x4381eb90, ftLastWriteTime.dwHighDateTime=0x1d5e467, nFileSizeHigh=0x0, nFileSizeLow=0x21f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="pGf1djQjBoYiAI.swf", cAlternateFileName="PGF1DJ~1.SWF")) returned 1 [0228.120] GetCurrentThreadId () returned 0x6f8 [0228.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.120] FindNextFileW (in: hFindFile=0x8034058, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90230f90, ftCreationTime.dwHighDateTime=0x1d5e46e, ftLastAccessTime.dwLowDateTime=0x8214eb70, ftLastAccessTime.dwHighDateTime=0x1d5e08c, ftLastWriteTime.dwLowDateTime=0x8214eb70, ftLastWriteTime.dwHighDateTime=0x1d5e08c, nFileSizeHigh=0x0, nFileSizeLow=0x5df0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TruS4.flv", cAlternateFileName="")) returned 1 [0228.120] GetCurrentThreadId () returned 0x6f8 [0228.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.120] FindNextFileW (in: hFindFile=0x8034058, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x587d0820, ftCreationTime.dwHighDateTime=0x1d5dd57, ftLastAccessTime.dwLowDateTime=0x1e0041a0, ftLastAccessTime.dwHighDateTime=0x1d5da80, ftLastWriteTime.dwLowDateTime=0x1e0041a0, ftLastWriteTime.dwHighDateTime=0x1d5da80, nFileSizeHigh=0x0, nFileSizeLow=0x12175, dwReserved0=0x0, dwReserved1=0x0, cFileName="vSjk2UKEV2NtnN.swf", cAlternateFileName="VSJK2U~1.SWF")) returned 1 [0228.120] GetCurrentThreadId () returned 0x6f8 [0228.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.120] FindNextFileW (in: hFindFile=0x8034058, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xacaa5310, ftCreationTime.dwHighDateTime=0x1d5e1c8, ftLastAccessTime.dwLowDateTime=0xe0095640, ftLastAccessTime.dwHighDateTime=0x1d5e171, ftLastWriteTime.dwLowDateTime=0xe0095640, ftLastWriteTime.dwHighDateTime=0x1d5e171, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y-tuF4GQP3y5JGYl_B6", cAlternateFileName="Y-TUF4~1")) returned 1 [0228.120] GetCurrentThreadId () returned 0x6f8 [0228.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.120] GetCurrentThreadId () returned 0x6f8 [0228.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.121] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Al-gbEmHeebC5JXIBp\\m _qosl-hgDsy7\\AQR24\\Y-tuF4GQP3y5JGYl_B6\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xacaa5310, ftCreationTime.dwHighDateTime=0x1d5e1c8, ftLastAccessTime.dwLowDateTime=0xe0095640, ftLastAccessTime.dwHighDateTime=0x1d5e171, ftLastWriteTime.dwLowDateTime=0xe0095640, ftLastWriteTime.dwHighDateTime=0x1d5e171, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034098 [0228.123] GetCurrentThreadId () returned 0x6f8 [0228.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.124] FindNextFileW (in: hFindFile=0x8034098, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xacaa5310, ftCreationTime.dwHighDateTime=0x1d5e1c8, ftLastAccessTime.dwLowDateTime=0xe0095640, ftLastAccessTime.dwHighDateTime=0x1d5e171, ftLastWriteTime.dwLowDateTime=0xe0095640, ftLastWriteTime.dwHighDateTime=0x1d5e171, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.124] GetCurrentThreadId () returned 0x6f8 [0228.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.124] FindNextFileW (in: hFindFile=0x8034098, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87343920, ftCreationTime.dwHighDateTime=0x1d5e64b, ftLastAccessTime.dwLowDateTime=0x5838b280, ftLastAccessTime.dwHighDateTime=0x1d5dfd0, ftLastWriteTime.dwLowDateTime=0x5838b280, ftLastWriteTime.dwHighDateTime=0x1d5dfd0, nFileSizeHigh=0x0, nFileSizeLow=0x123ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="4d1Z_hffl.swf", cAlternateFileName="4D1Z_H~1.SWF")) returned 1 [0228.124] GetCurrentThreadId () returned 0x6f8 [0228.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.124] FindNextFileW (in: hFindFile=0x8034098, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd8867f0, ftCreationTime.dwHighDateTime=0x1d5d8d0, ftLastAccessTime.dwLowDateTime=0x2e4e6400, ftLastAccessTime.dwHighDateTime=0x1d5e22e, ftLastWriteTime.dwLowDateTime=0x2e4e6400, ftLastWriteTime.dwHighDateTime=0x1d5e22e, nFileSizeHigh=0x0, nFileSizeLow=0x12c32, dwReserved0=0x0, dwReserved1=0x0, cFileName="fGaioJFcUr.swf", cAlternateFileName="FGAIOJ~1.SWF")) returned 1 [0228.124] GetCurrentThreadId () returned 0x6f8 [0228.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.124] FindNextFileW (in: hFindFile=0x8034098, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x606633c0, ftCreationTime.dwHighDateTime=0x1d5e551, ftLastAccessTime.dwLowDateTime=0x8b8f4020, ftLastAccessTime.dwHighDateTime=0x1d5da69, ftLastWriteTime.dwLowDateTime=0x8b8f4020, ftLastWriteTime.dwHighDateTime=0x1d5da69, nFileSizeHigh=0x0, nFileSizeLow=0xb133, dwReserved0=0x0, dwReserved1=0x0, cFileName="IoIj5uVtR.flv", cAlternateFileName="IOIJ5U~1.FLV")) returned 1 [0228.124] GetCurrentThreadId () returned 0x6f8 [0228.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.124] FindNextFileW (in: hFindFile=0x8034098, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c744da0, ftCreationTime.dwHighDateTime=0x1d5e6e0, ftLastAccessTime.dwLowDateTime=0x22f2d5a0, ftLastAccessTime.dwHighDateTime=0x1d5ddb0, ftLastWriteTime.dwLowDateTime=0x22f2d5a0, ftLastWriteTime.dwHighDateTime=0x1d5ddb0, nFileSizeHigh=0x0, nFileSizeLow=0xf22f, dwReserved0=0x0, dwReserved1=0x0, cFileName="j0ue9CN7qCEoulmBeyQ.flv", cAlternateFileName="J0UE9C~1.FLV")) returned 1 [0228.124] GetCurrentThreadId () returned 0x6f8 [0228.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.124] FindNextFileW (in: hFindFile=0x8034098, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b6bcca0, ftCreationTime.dwHighDateTime=0x1d5d8ae, ftLastAccessTime.dwLowDateTime=0x8ac56d0, ftLastAccessTime.dwHighDateTime=0x1d5e279, ftLastWriteTime.dwLowDateTime=0x8ac56d0, ftLastWriteTime.dwHighDateTime=0x1d5e279, nFileSizeHigh=0x0, nFileSizeLow=0x10aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="o70iZaEdj_3db CeJl.swf", cAlternateFileName="O70IZA~1.SWF")) returned 1 [0228.124] GetCurrentThreadId () returned 0x6f8 [0228.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.124] FindNextFileW (in: hFindFile=0x8034098, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b6bcca0, ftCreationTime.dwHighDateTime=0x1d5d8ae, ftLastAccessTime.dwLowDateTime=0x8ac56d0, ftLastAccessTime.dwHighDateTime=0x1d5e279, ftLastWriteTime.dwLowDateTime=0x8ac56d0, ftLastWriteTime.dwHighDateTime=0x1d5e279, nFileSizeHigh=0x0, nFileSizeLow=0x10aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="o70iZaEdj_3db CeJl.swf", cAlternateFileName="O70IZA~1.SWF")) returned 0 [0228.124] GetCurrentThreadId () returned 0x6f8 [0228.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.125] FindNextFileW (in: hFindFile=0x8034058, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56b2f820, ftCreationTime.dwHighDateTime=0x1d5e6bb, ftLastAccessTime.dwLowDateTime=0x45f3b70, ftLastAccessTime.dwHighDateTime=0x1d5e769, ftLastWriteTime.dwLowDateTime=0x45f3b70, ftLastWriteTime.dwHighDateTime=0x1d5e769, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZgiEKykG95dEJ 1F4E", cAlternateFileName="ZGIEKY~1")) returned 1 [0228.125] GetCurrentThreadId () returned 0x6f8 [0228.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.125] GetCurrentThreadId () returned 0x6f8 [0228.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.125] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Al-gbEmHeebC5JXIBp\\m _qosl-hgDsy7\\AQR24\\ZgiEKykG95dEJ 1F4E\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56b2f820, ftCreationTime.dwHighDateTime=0x1d5e6bb, ftLastAccessTime.dwLowDateTime=0x45f3b70, ftLastAccessTime.dwHighDateTime=0x1d5e769, ftLastWriteTime.dwLowDateTime=0x45f3b70, ftLastWriteTime.dwHighDateTime=0x1d5e769, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80340d8 [0228.127] GetCurrentThreadId () returned 0x6f8 [0228.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.127] FindNextFileW (in: hFindFile=0x80340d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56b2f820, ftCreationTime.dwHighDateTime=0x1d5e6bb, ftLastAccessTime.dwLowDateTime=0x45f3b70, ftLastAccessTime.dwHighDateTime=0x1d5e769, ftLastWriteTime.dwLowDateTime=0x45f3b70, ftLastWriteTime.dwHighDateTime=0x1d5e769, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.128] GetCurrentThreadId () returned 0x6f8 [0228.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.128] FindNextFileW (in: hFindFile=0x80340d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6aed420, ftCreationTime.dwHighDateTime=0x1d5dd7f, ftLastAccessTime.dwLowDateTime=0x4aeefb0, ftLastAccessTime.dwHighDateTime=0x1d5d7df, ftLastWriteTime.dwLowDateTime=0x4aeefb0, ftLastWriteTime.dwHighDateTime=0x1d5d7df, nFileSizeHigh=0x0, nFileSizeLow=0x1837b, dwReserved0=0x0, dwReserved1=0x0, cFileName="0r-Yv-iMEGrPa2Q4a.avi", cAlternateFileName="0R-YV-~1.AVI")) returned 1 [0228.128] GetCurrentThreadId () returned 0x6f8 [0228.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.128] FindNextFileW (in: hFindFile=0x80340d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a4d900, ftCreationTime.dwHighDateTime=0x1d5e642, ftLastAccessTime.dwLowDateTime=0x6bed4520, ftLastAccessTime.dwHighDateTime=0x1d5dd7d, ftLastWriteTime.dwLowDateTime=0x6bed4520, ftLastWriteTime.dwHighDateTime=0x1d5dd7d, nFileSizeHigh=0x0, nFileSizeLow=0xbad8, dwReserved0=0x0, dwReserved1=0x0, cFileName="4F49tJc5fOuRf.mkv", cAlternateFileName="4F49TJ~1.MKV")) returned 1 [0228.128] GetCurrentThreadId () returned 0x6f8 [0228.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.128] FindNextFileW (in: hFindFile=0x80340d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ae84a20, ftCreationTime.dwHighDateTime=0x1d5dfed, ftLastAccessTime.dwLowDateTime=0x78823bc0, ftLastAccessTime.dwHighDateTime=0x1d5d9d5, ftLastWriteTime.dwLowDateTime=0x78823bc0, ftLastWriteTime.dwHighDateTime=0x1d5d9d5, nFileSizeHigh=0x0, nFileSizeLow=0x70f, dwReserved0=0x0, dwReserved1=0x0, cFileName="7p1m SvSDty7A5.avi", cAlternateFileName="7P1MSV~1.AVI")) returned 1 [0228.128] GetCurrentThreadId () returned 0x6f8 [0228.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.128] FindNextFileW (in: hFindFile=0x80340d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e2e3ef0, ftCreationTime.dwHighDateTime=0x1d5db0e, ftLastAccessTime.dwLowDateTime=0x37b93ce0, ftLastAccessTime.dwHighDateTime=0x1d5e080, ftLastWriteTime.dwLowDateTime=0x37b93ce0, ftLastWriteTime.dwHighDateTime=0x1d5e080, nFileSizeHigh=0x0, nFileSizeLow=0x15d6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="fEoXyuRk6W0ucsoA0.flv", cAlternateFileName="FEOXYU~1.FLV")) returned 1 [0228.128] GetCurrentThreadId () returned 0x6f8 [0228.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.128] FindNextFileW (in: hFindFile=0x80340d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fef4f10, ftCreationTime.dwHighDateTime=0x1d5dc4f, ftLastAccessTime.dwLowDateTime=0x53024220, ftLastAccessTime.dwHighDateTime=0x1d5e7ed, ftLastWriteTime.dwLowDateTime=0x53024220, ftLastWriteTime.dwHighDateTime=0x1d5e7ed, nFileSizeHigh=0x0, nFileSizeLow=0x103a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="IcfO.mkv", cAlternateFileName="")) returned 1 [0228.128] GetCurrentThreadId () returned 0x6f8 [0228.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.128] FindNextFileW (in: hFindFile=0x80340d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f381000, ftCreationTime.dwHighDateTime=0x1d5e30c, ftLastAccessTime.dwLowDateTime=0xd46be90, ftLastAccessTime.dwHighDateTime=0x1d5e20d, ftLastWriteTime.dwLowDateTime=0xd46be90, ftLastWriteTime.dwHighDateTime=0x1d5e20d, nFileSizeHigh=0x0, nFileSizeLow=0x10302, dwReserved0=0x0, dwReserved1=0x0, cFileName="NBiQrj28OZt_SmKtP.swf", cAlternateFileName="NBIQRJ~1.SWF")) returned 1 [0228.128] GetCurrentThreadId () returned 0x6f8 [0228.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.128] FindNextFileW (in: hFindFile=0x80340d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d13bd80, ftCreationTime.dwHighDateTime=0x1d5e340, ftLastAccessTime.dwLowDateTime=0x2b3bdd20, ftLastAccessTime.dwHighDateTime=0x1d5e01b, ftLastWriteTime.dwLowDateTime=0x2b3bdd20, ftLastWriteTime.dwHighDateTime=0x1d5e01b, nFileSizeHigh=0x0, nFileSizeLow=0x11cef, dwReserved0=0x0, dwReserved1=0x0, cFileName="S_1GBn4G-k.swf", cAlternateFileName="S_1GBN~1.SWF")) returned 1 [0228.129] GetCurrentThreadId () returned 0x6f8 [0228.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.129] FindNextFileW (in: hFindFile=0x80340d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafe4ba60, ftCreationTime.dwHighDateTime=0x1d5dce2, ftLastAccessTime.dwLowDateTime=0xebf216a0, ftLastAccessTime.dwHighDateTime=0x1d5dbc1, ftLastWriteTime.dwLowDateTime=0xebf216a0, ftLastWriteTime.dwHighDateTime=0x1d5dbc1, nFileSizeHigh=0x0, nFileSizeLow=0x18752, dwReserved0=0x0, dwReserved1=0x0, cFileName="vQz0N-0_NmdxA.mkv", cAlternateFileName="VQZ0N-~1.MKV")) returned 1 [0228.129] GetCurrentThreadId () returned 0x6f8 [0228.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.129] FindNextFileW (in: hFindFile=0x80340d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafe4ba60, ftCreationTime.dwHighDateTime=0x1d5dce2, ftLastAccessTime.dwLowDateTime=0xebf216a0, ftLastAccessTime.dwHighDateTime=0x1d5dbc1, ftLastWriteTime.dwLowDateTime=0xebf216a0, ftLastWriteTime.dwHighDateTime=0x1d5dbc1, nFileSizeHigh=0x0, nFileSizeLow=0x18752, dwReserved0=0x0, dwReserved1=0x0, cFileName="vQz0N-0_NmdxA.mkv", cAlternateFileName="VQZ0N-~1.MKV")) returned 0 [0228.129] GetCurrentThreadId () returned 0x6f8 [0228.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.129] FindNextFileW (in: hFindFile=0x8034058, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56b2f820, ftCreationTime.dwHighDateTime=0x1d5e6bb, ftLastAccessTime.dwLowDateTime=0x45f3b70, ftLastAccessTime.dwHighDateTime=0x1d5e769, ftLastWriteTime.dwLowDateTime=0x45f3b70, ftLastWriteTime.dwHighDateTime=0x1d5e769, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZgiEKykG95dEJ 1F4E", cAlternateFileName="ZGIEKY~1")) returned 0 [0228.129] GetCurrentThreadId () returned 0x6f8 [0228.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.129] FindNextFileW (in: hFindFile=0x8034018, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5cb16a0, ftCreationTime.dwHighDateTime=0x1d5d97c, ftLastAccessTime.dwLowDateTime=0xd4528380, ftLastAccessTime.dwHighDateTime=0x1d5d848, ftLastWriteTime.dwLowDateTime=0xd4528380, ftLastWriteTime.dwHighDateTime=0x1d5d848, nFileSizeHigh=0x0, nFileSizeLow=0x5463, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bl41B MeALDt.mkv", cAlternateFileName="BL41BM~1.MKV")) returned 1 [0228.129] GetCurrentThreadId () returned 0x6f8 [0228.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.129] FindNextFileW (in: hFindFile=0x8034018, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b834700, ftCreationTime.dwHighDateTime=0x1d5e03b, ftLastAccessTime.dwLowDateTime=0x2cff89b0, ftLastAccessTime.dwHighDateTime=0x1d5e7bc, ftLastWriteTime.dwLowDateTime=0x2cff89b0, ftLastWriteTime.dwHighDateTime=0x1d5e7bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="O7I0nyd_Ru3R", cAlternateFileName="O7I0NY~1")) returned 1 [0228.129] GetCurrentThreadId () returned 0x6f8 [0228.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.129] GetCurrentThreadId () returned 0x6f8 [0228.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.129] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Al-gbEmHeebC5JXIBp\\m _qosl-hgDsy7\\O7I0nyd_Ru3R\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b834700, ftCreationTime.dwHighDateTime=0x1d5e03b, ftLastAccessTime.dwLowDateTime=0x2cff89b0, ftLastAccessTime.dwHighDateTime=0x1d5e7bc, ftLastWriteTime.dwLowDateTime=0x2cff89b0, ftLastWriteTime.dwHighDateTime=0x1d5e7bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034118 [0228.132] GetCurrentThreadId () returned 0x6f8 [0228.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.132] FindNextFileW (in: hFindFile=0x8034118, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b834700, ftCreationTime.dwHighDateTime=0x1d5e03b, ftLastAccessTime.dwLowDateTime=0x2cff89b0, ftLastAccessTime.dwHighDateTime=0x1d5e7bc, ftLastWriteTime.dwLowDateTime=0x2cff89b0, ftLastWriteTime.dwHighDateTime=0x1d5e7bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.132] GetCurrentThreadId () returned 0x6f8 [0228.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.132] FindNextFileW (in: hFindFile=0x8034118, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44bca0e0, ftCreationTime.dwHighDateTime=0x1d5e327, ftLastAccessTime.dwLowDateTime=0xfb0f5570, ftLastAccessTime.dwHighDateTime=0x1d5daf0, ftLastWriteTime.dwLowDateTime=0xfb0f5570, ftLastWriteTime.dwHighDateTime=0x1d5daf0, nFileSizeHigh=0x0, nFileSizeLow=0x1566, dwReserved0=0x0, dwReserved1=0x0, cFileName="iZOBj7Nb7HE.flv", cAlternateFileName="IZOBJ7~1.FLV")) returned 1 [0228.132] GetCurrentThreadId () returned 0x6f8 [0228.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.132] FindNextFileW (in: hFindFile=0x8034118, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac9935a0, ftCreationTime.dwHighDateTime=0x1d5e013, ftLastAccessTime.dwLowDateTime=0xe886ae20, ftLastAccessTime.dwHighDateTime=0x1d5e4e2, ftLastWriteTime.dwLowDateTime=0xe886ae20, ftLastWriteTime.dwHighDateTime=0x1d5e4e2, nFileSizeHigh=0x0, nFileSizeLow=0x6a61, dwReserved0=0x0, dwReserved1=0x0, cFileName="kq9BUSOqWGXEf.flv", cAlternateFileName="KQ9BUS~1.FLV")) returned 1 [0228.132] GetCurrentThreadId () returned 0x6f8 [0228.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.133] FindNextFileW (in: hFindFile=0x8034118, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae74f230, ftCreationTime.dwHighDateTime=0x1d5da7b, ftLastAccessTime.dwLowDateTime=0x36ad8b70, ftLastAccessTime.dwHighDateTime=0x1d5dece, ftLastWriteTime.dwLowDateTime=0x36ad8b70, ftLastWriteTime.dwHighDateTime=0x1d5dece, nFileSizeHigh=0x0, nFileSizeLow=0x442f, dwReserved0=0x0, dwReserved1=0x0, cFileName="lkyV1SgG.swf", cAlternateFileName="")) returned 1 [0228.133] GetCurrentThreadId () returned 0x6f8 [0228.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.133] FindNextFileW (in: hFindFile=0x8034118, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae74f230, ftCreationTime.dwHighDateTime=0x1d5da7b, ftLastAccessTime.dwLowDateTime=0x36ad8b70, ftLastAccessTime.dwHighDateTime=0x1d5dece, ftLastWriteTime.dwLowDateTime=0x36ad8b70, ftLastWriteTime.dwHighDateTime=0x1d5dece, nFileSizeHigh=0x0, nFileSizeLow=0x442f, dwReserved0=0x0, dwReserved1=0x0, cFileName="lkyV1SgG.swf", cAlternateFileName="")) returned 0 [0228.133] GetCurrentThreadId () returned 0x6f8 [0228.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.133] FindNextFileW (in: hFindFile=0x8034018, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x404b1080, ftCreationTime.dwHighDateTime=0x1d5da14, ftLastAccessTime.dwLowDateTime=0x9c901b90, ftLastAccessTime.dwHighDateTime=0x1d5e0b5, ftLastWriteTime.dwLowDateTime=0x9c901b90, ftLastWriteTime.dwHighDateTime=0x1d5e0b5, nFileSizeHigh=0x0, nFileSizeLow=0xc60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="TQT_pAN-rlh9whq.flv", cAlternateFileName="TQT_PA~1.FLV")) returned 1 [0228.133] GetCurrentThreadId () returned 0x6f8 [0228.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.133] FindNextFileW (in: hFindFile=0x8034018, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c8833b0, ftCreationTime.dwHighDateTime=0x1d5e2fc, ftLastAccessTime.dwLowDateTime=0x52fc51a0, ftLastAccessTime.dwHighDateTime=0x1d5e3ae, ftLastWriteTime.dwLowDateTime=0x52fc51a0, ftLastWriteTime.dwHighDateTime=0x1d5e3ae, nFileSizeHigh=0x0, nFileSizeLow=0x13457, dwReserved0=0x0, dwReserved1=0x0, cFileName="u2vul7.mkv", cAlternateFileName="")) returned 1 [0228.133] GetCurrentThreadId () returned 0x6f8 [0228.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.133] FindNextFileW (in: hFindFile=0x8034018, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c8833b0, ftCreationTime.dwHighDateTime=0x1d5e2fc, ftLastAccessTime.dwLowDateTime=0x52fc51a0, ftLastAccessTime.dwHighDateTime=0x1d5e3ae, ftLastWriteTime.dwLowDateTime=0x52fc51a0, ftLastWriteTime.dwHighDateTime=0x1d5e3ae, nFileSizeHigh=0x0, nFileSizeLow=0x13457, dwReserved0=0x0, dwReserved1=0x0, cFileName="u2vul7.mkv", cAlternateFileName="")) returned 0 [0228.133] GetCurrentThreadId () returned 0x6f8 [0228.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc9ade10, dwHighDateTime=0x1d6076d)) [0228.133] FindNextFileW (in: hFindFile=0x7e6ef18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45465c70, ftCreationTime.dwHighDateTime=0x1d5dfc8, ftLastAccessTime.dwLowDateTime=0x10c01700, ftLastAccessTime.dwHighDateTime=0x1d5e182, ftLastWriteTime.dwLowDateTime=0x10c01700, ftLastWriteTime.dwHighDateTime=0x1d5e182, nFileSizeHigh=0x0, nFileSizeLow=0x9115, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZIcSR.mkv", cAlternateFileName="")) returned 1 [0228.134] GetCurrentThreadId () returned 0x6f8 [0228.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.134] FindNextFileW (in: hFindFile=0x7e6ef18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45465c70, ftCreationTime.dwHighDateTime=0x1d5dfc8, ftLastAccessTime.dwLowDateTime=0x10c01700, ftLastAccessTime.dwHighDateTime=0x1d5e182, ftLastWriteTime.dwLowDateTime=0x10c01700, ftLastWriteTime.dwHighDateTime=0x1d5e182, nFileSizeHigh=0x0, nFileSizeLow=0x9115, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZIcSR.mkv", cAlternateFileName="")) returned 0 [0228.134] GetCurrentThreadId () returned 0x6f8 [0228.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.134] FindNextFileW (in: hFindFile=0x7e6eed8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0228.134] GetCurrentThreadId () returned 0x6f8 [0228.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.134] FindNextFileW (in: hFindFile=0x7e6eed8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe1747090, ftCreationTime.dwHighDateTime=0x1d5e285, ftLastAccessTime.dwLowDateTime=0x88a46090, ftLastAccessTime.dwHighDateTime=0x1d5dcab, ftLastWriteTime.dwLowDateTime=0x88a46090, ftLastWriteTime.dwHighDateTime=0x1d5dcab, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="G-Yhr0d2Ixvq6uxu", cAlternateFileName="G-YHR0~1")) returned 1 [0228.134] GetCurrentThreadId () returned 0x6f8 [0228.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.134] GetCurrentThreadId () returned 0x6f8 [0228.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.134] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\G-Yhr0d2Ixvq6uxu\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe1747090, ftCreationTime.dwHighDateTime=0x1d5e285, ftLastAccessTime.dwLowDateTime=0x88a46090, ftLastAccessTime.dwHighDateTime=0x1d5dcab, ftLastWriteTime.dwLowDateTime=0x88a46090, ftLastWriteTime.dwHighDateTime=0x1d5dcab, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034158 [0228.177] GetCurrentThreadId () returned 0x6f8 [0228.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.177] FindNextFileW (in: hFindFile=0x8034158, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe1747090, ftCreationTime.dwHighDateTime=0x1d5e285, ftLastAccessTime.dwLowDateTime=0x88a46090, ftLastAccessTime.dwHighDateTime=0x1d5dcab, ftLastWriteTime.dwLowDateTime=0x88a46090, ftLastWriteTime.dwHighDateTime=0x1d5dcab, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.177] GetCurrentThreadId () returned 0x6f8 [0228.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.177] FindNextFileW (in: hFindFile=0x8034158, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7d39600, ftCreationTime.dwHighDateTime=0x1d5dee8, ftLastAccessTime.dwLowDateTime=0x493820a0, ftLastAccessTime.dwHighDateTime=0x1d5d994, ftLastWriteTime.dwLowDateTime=0x493820a0, ftLastWriteTime.dwHighDateTime=0x1d5d994, nFileSizeHigh=0x0, nFileSizeLow=0x172bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="OCzr1j2vPfAbfI.flv", cAlternateFileName="OCZR1J~1.FLV")) returned 1 [0228.178] GetCurrentThreadId () returned 0x6f8 [0228.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.178] FindNextFileW (in: hFindFile=0x8034158, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4610d40, ftCreationTime.dwHighDateTime=0x1d5d7f8, ftLastAccessTime.dwLowDateTime=0xa847c2f0, ftLastAccessTime.dwHighDateTime=0x1d5e7c0, ftLastWriteTime.dwLowDateTime=0xa847c2f0, ftLastWriteTime.dwHighDateTime=0x1d5e7c0, nFileSizeHigh=0x0, nFileSizeLow=0x4d6a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UEDQ59.mkv", cAlternateFileName="")) returned 1 [0228.178] GetCurrentThreadId () returned 0x6f8 [0228.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.178] FindNextFileW (in: hFindFile=0x8034158, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4610d40, ftCreationTime.dwHighDateTime=0x1d5d7f8, ftLastAccessTime.dwLowDateTime=0xa847c2f0, ftLastAccessTime.dwHighDateTime=0x1d5e7c0, ftLastWriteTime.dwLowDateTime=0xa847c2f0, ftLastWriteTime.dwHighDateTime=0x1d5e7c0, nFileSizeHigh=0x0, nFileSizeLow=0x4d6a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UEDQ59.mkv", cAlternateFileName="")) returned 0 [0228.178] GetCurrentThreadId () returned 0x6f8 [0228.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.178] FindNextFileW (in: hFindFile=0x7e6eed8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9812f460, ftCreationTime.dwHighDateTime=0x1d5dd32, ftLastAccessTime.dwLowDateTime=0x64df3e20, ftLastAccessTime.dwHighDateTime=0x1d5de11, ftLastWriteTime.dwLowDateTime=0x64df3e20, ftLastWriteTime.dwHighDateTime=0x1d5de11, nFileSizeHigh=0x0, nFileSizeLow=0x138d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="IjTs-57TPZm0ubwbvc.mkv", cAlternateFileName="IJTS-5~1.MKV")) returned 1 [0228.178] GetCurrentThreadId () returned 0x6f8 [0228.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.178] FindNextFileW (in: hFindFile=0x7e6eed8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x864be460, ftCreationTime.dwHighDateTime=0x1d5db68, ftLastAccessTime.dwLowDateTime=0xe6b40e30, ftLastAccessTime.dwHighDateTime=0x1d5e799, ftLastWriteTime.dwLowDateTime=0xe6b40e30, ftLastWriteTime.dwHighDateTime=0x1d5e799, nFileSizeHigh=0x0, nFileSizeLow=0x15266, dwReserved0=0x0, dwReserved1=0x0, cFileName="TRVEjw J5KOjydb.avi", cAlternateFileName="TRVEJW~1.AVI")) returned 1 [0228.178] GetCurrentThreadId () returned 0x6f8 [0228.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.178] FindNextFileW (in: hFindFile=0x7e6eed8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x86c4440, ftCreationTime.dwHighDateTime=0x1d5e13f, ftLastAccessTime.dwLowDateTime=0x8244c100, ftLastAccessTime.dwHighDateTime=0x1d5e49d, ftLastWriteTime.dwLowDateTime=0x8244c100, ftLastWriteTime.dwHighDateTime=0x1d5e49d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="yBVOlErZJ7NxhdL", cAlternateFileName="YBVOLE~1")) returned 1 [0228.178] GetCurrentThreadId () returned 0x6f8 [0228.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.178] GetCurrentThreadId () returned 0x6f8 [0228.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.178] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yBVOlErZJ7NxhdL\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x86c4440, ftCreationTime.dwHighDateTime=0x1d5e13f, ftLastAccessTime.dwLowDateTime=0x8244c100, ftLastAccessTime.dwHighDateTime=0x1d5e49d, ftLastWriteTime.dwLowDateTime=0x8244c100, ftLastWriteTime.dwHighDateTime=0x1d5e49d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034198 [0228.181] GetCurrentThreadId () returned 0x6f8 [0228.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.181] FindNextFileW (in: hFindFile=0x8034198, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x86c4440, ftCreationTime.dwHighDateTime=0x1d5e13f, ftLastAccessTime.dwLowDateTime=0x8244c100, ftLastAccessTime.dwHighDateTime=0x1d5e49d, ftLastWriteTime.dwLowDateTime=0x8244c100, ftLastWriteTime.dwHighDateTime=0x1d5e49d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.181] GetCurrentThreadId () returned 0x6f8 [0228.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.181] FindNextFileW (in: hFindFile=0x8034198, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5c4bdb0, ftCreationTime.dwHighDateTime=0x1d5dfd4, ftLastAccessTime.dwLowDateTime=0x60ef4c30, ftLastAccessTime.dwHighDateTime=0x1d5dbd5, ftLastWriteTime.dwLowDateTime=0x60ef4c30, ftLastWriteTime.dwHighDateTime=0x1d5dbd5, nFileSizeHigh=0x0, nFileSizeLow=0x2908, dwReserved0=0x0, dwReserved1=0x0, cFileName="fjJmnaSpK4.flv", cAlternateFileName="FJJMNA~1.FLV")) returned 1 [0228.182] GetCurrentThreadId () returned 0x6f8 [0228.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.182] FindNextFileW (in: hFindFile=0x8034198, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ce45f70, ftCreationTime.dwHighDateTime=0x1d5e494, ftLastAccessTime.dwLowDateTime=0x447a31d0, ftLastAccessTime.dwHighDateTime=0x1d5dd62, ftLastWriteTime.dwLowDateTime=0x447a31d0, ftLastWriteTime.dwHighDateTime=0x1d5dd62, nFileSizeHigh=0x0, nFileSizeLow=0x152c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="UfNRjUl9YdMbs-fy.mp4", cAlternateFileName="UFNRJU~1.MP4")) returned 1 [0228.182] GetCurrentThreadId () returned 0x6f8 [0228.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.182] FindNextFileW (in: hFindFile=0x8034198, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x99d396f0, ftCreationTime.dwHighDateTime=0x1d5e413, ftLastAccessTime.dwLowDateTime=0xa8b60a20, ftLastAccessTime.dwHighDateTime=0x1d5d993, ftLastWriteTime.dwLowDateTime=0xa8b60a20, ftLastWriteTime.dwHighDateTime=0x1d5d993, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="yF5o9ASvt91YOAT6v", cAlternateFileName="YF5O9A~1")) returned 1 [0228.182] GetCurrentThreadId () returned 0x6f8 [0228.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.182] GetCurrentThreadId () returned 0x6f8 [0228.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.182] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yBVOlErZJ7NxhdL\\yF5o9ASvt91YOAT6v\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x99d396f0, ftCreationTime.dwHighDateTime=0x1d5e413, ftLastAccessTime.dwLowDateTime=0xa8b60a20, ftLastAccessTime.dwHighDateTime=0x1d5d993, ftLastWriteTime.dwLowDateTime=0xa8b60a20, ftLastWriteTime.dwHighDateTime=0x1d5d993, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80341d8 [0228.182] GetCurrentThreadId () returned 0x6f8 [0228.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.182] FindNextFileW (in: hFindFile=0x80341d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x99d396f0, ftCreationTime.dwHighDateTime=0x1d5e413, ftLastAccessTime.dwLowDateTime=0xa8b60a20, ftLastAccessTime.dwHighDateTime=0x1d5d993, ftLastWriteTime.dwLowDateTime=0xa8b60a20, ftLastWriteTime.dwHighDateTime=0x1d5d993, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.182] GetCurrentThreadId () returned 0x6f8 [0228.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.182] FindNextFileW (in: hFindFile=0x80341d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37fe51b0, ftCreationTime.dwHighDateTime=0x1d5d868, ftLastAccessTime.dwLowDateTime=0xf799b3a0, ftLastAccessTime.dwHighDateTime=0x1d5dbd5, ftLastWriteTime.dwLowDateTime=0xf799b3a0, ftLastWriteTime.dwHighDateTime=0x1d5dbd5, nFileSizeHigh=0x0, nFileSizeLow=0xa642, dwReserved0=0x0, dwReserved1=0x0, cFileName="GZURRwWktYaODsXk3NX.avi", cAlternateFileName="GZURRW~1.AVI")) returned 1 [0228.183] GetCurrentThreadId () returned 0x6f8 [0228.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.183] FindNextFileW (in: hFindFile=0x80341d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bc5af70, ftCreationTime.dwHighDateTime=0x1d5e649, ftLastAccessTime.dwLowDateTime=0xc3982540, ftLastAccessTime.dwHighDateTime=0x1d5dce4, ftLastWriteTime.dwLowDateTime=0xc3982540, ftLastWriteTime.dwHighDateTime=0x1d5dce4, nFileSizeHigh=0x0, nFileSizeLow=0x12857, dwReserved0=0x0, dwReserved1=0x0, cFileName="XG12Tbb1syNYSFGC.flv", cAlternateFileName="XG12TB~1.FLV")) returned 1 [0228.183] GetCurrentThreadId () returned 0x6f8 [0228.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.183] FindNextFileW (in: hFindFile=0x80341d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bc5af70, ftCreationTime.dwHighDateTime=0x1d5e649, ftLastAccessTime.dwLowDateTime=0xc3982540, ftLastAccessTime.dwHighDateTime=0x1d5dce4, ftLastWriteTime.dwLowDateTime=0xc3982540, ftLastWriteTime.dwHighDateTime=0x1d5dce4, nFileSizeHigh=0x0, nFileSizeLow=0x12857, dwReserved0=0x0, dwReserved1=0x0, cFileName="XG12Tbb1syNYSFGC.flv", cAlternateFileName="XG12TB~1.FLV")) returned 0 [0228.183] GetCurrentThreadId () returned 0x6f8 [0228.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.183] FindNextFileW (in: hFindFile=0x8034198, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x99d396f0, ftCreationTime.dwHighDateTime=0x1d5e413, ftLastAccessTime.dwLowDateTime=0xa8b60a20, ftLastAccessTime.dwHighDateTime=0x1d5d993, ftLastWriteTime.dwLowDateTime=0xa8b60a20, ftLastWriteTime.dwHighDateTime=0x1d5d993, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="yF5o9ASvt91YOAT6v", cAlternateFileName="YF5O9A~1")) returned 0 [0228.183] GetCurrentThreadId () returned 0x6f8 [0228.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.183] FindNextFileW (in: hFindFile=0x7e6eed8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x86c4440, ftCreationTime.dwHighDateTime=0x1d5e13f, ftLastAccessTime.dwLowDateTime=0x8244c100, ftLastAccessTime.dwHighDateTime=0x1d5e49d, ftLastWriteTime.dwLowDateTime=0x8244c100, ftLastWriteTime.dwHighDateTime=0x1d5e49d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="yBVOlErZJ7NxhdL", cAlternateFileName="YBVOLE~1")) returned 0 [0228.183] GetCurrentThreadId () returned 0x6f8 [0228.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.183] FindNextFileW (in: hFindFile=0x6a8ac8, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd9f61800, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd9f61800, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0228.183] GetCurrentThreadId () returned 0x6f8 [0228.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.183] FindNextFileW (in: hFindFile=0x6a8a88, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0228.184] GetCurrentThreadId () returned 0x6f8 [0228.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.184] GetCurrentThreadId () returned 0x6f8 [0228.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.184] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa747c7d0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa747c7d0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034218 [0228.184] GetCurrentThreadId () returned 0x6f8 [0228.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.184] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa747c7d0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa747c7d0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.184] GetCurrentThreadId () returned 0x6f8 [0228.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.184] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0228.184] GetCurrentThreadId () returned 0x6f8 [0228.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.184] GetCurrentThreadId () returned 0x6f8 [0228.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.185] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034258 [0228.185] GetCurrentThreadId () returned 0x6f8 [0228.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.185] FindNextFileW (in: hFindFile=0x8034258, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.185] GetCurrentThreadId () returned 0x6f8 [0228.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.185] FindNextFileW (in: hFindFile=0x8034258, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0228.185] GetCurrentThreadId () returned 0x6f8 [0228.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.185] GetCurrentThreadId () returned 0x6f8 [0228.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.185] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034298 [0228.186] GetCurrentThreadId () returned 0x6f8 [0228.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.186] FindNextFileW (in: hFindFile=0x8034298, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.186] GetCurrentThreadId () returned 0x6f8 [0228.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.186] FindNextFileW (in: hFindFile=0x8034298, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0228.186] GetCurrentThreadId () returned 0x6f8 [0228.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.186] GetCurrentThreadId () returned 0x6f8 [0228.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.186] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80342d8 [0228.186] GetCurrentThreadId () returned 0x6f8 [0228.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.186] FindNextFileW (in: hFindFile=0x80342d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.186] GetCurrentThreadId () returned 0x6f8 [0228.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.186] FindNextFileW (in: hFindFile=0x80342d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0228.187] GetCurrentThreadId () returned 0x6f8 [0228.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.187] GetCurrentThreadId () returned 0x6f8 [0228.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.187] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034318 [0228.187] GetCurrentThreadId () returned 0x6f8 [0228.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.187] FindNextFileW (in: hFindFile=0x8034318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.187] GetCurrentThreadId () returned 0x6f8 [0228.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.187] FindNextFileW (in: hFindFile=0x8034318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0228.187] GetCurrentThreadId () returned 0x6f8 [0228.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.188] GetCurrentThreadId () returned 0x6f8 [0228.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.188] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034358 [0228.188] GetCurrentThreadId () returned 0x6f8 [0228.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.188] FindNextFileW (in: hFindFile=0x8034358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.188] GetCurrentThreadId () returned 0x6f8 [0228.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.188] FindNextFileW (in: hFindFile=0x8034358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 1 [0228.188] GetCurrentThreadId () returned 0x6f8 [0228.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.188] FindNextFileW (in: hFindFile=0x8034358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 0 [0228.188] GetCurrentThreadId () returned 0x6f8 [0228.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.188] FindNextFileW (in: hFindFile=0x8034318, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 0 [0228.188] GetCurrentThreadId () returned 0x6f8 [0228.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.189] FindNextFileW (in: hFindFile=0x80342d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 0 [0228.189] GetCurrentThreadId () returned 0x6f8 [0228.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.189] FindNextFileW (in: hFindFile=0x8034298, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 0 [0228.189] GetCurrentThreadId () returned 0x6f8 [0228.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.189] FindNextFileW (in: hFindFile=0x8034258, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1 [0228.189] GetCurrentThreadId () returned 0x6f8 [0228.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.189] GetCurrentThreadId () returned 0x6f8 [0228.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.189] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034398 [0228.189] GetCurrentThreadId () returned 0x6f8 [0228.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.190] FindNextFileW (in: hFindFile=0x8034398, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.190] GetCurrentThreadId () returned 0x6f8 [0228.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.190] FindNextFileW (in: hFindFile=0x8034398, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0228.190] GetCurrentThreadId () returned 0x6f8 [0228.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.190] GetCurrentThreadId () returned 0x6f8 [0228.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.190] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80343d8 [0228.190] GetCurrentThreadId () returned 0x6f8 [0228.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.190] FindNextFileW (in: hFindFile=0x80343d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.190] GetCurrentThreadId () returned 0x6f8 [0228.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.190] FindNextFileW (in: hFindFile=0x80343d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x7e186d00, ftLastWriteTime.dwHighDateTime=0x1cfb543, nFileSizeHigh=0x0, nFileSizeLow=0x3d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrSecUpd10111.msp", cAlternateFileName="ADBERD~2.MSP")) returned 1 [0228.191] GetCurrentThreadId () returned 0x6f8 [0228.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.191] FindNextFileW (in: hFindFile=0x80343d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10110_MUI.msp", cAlternateFileName="ADBERD~1.MSP")) returned 1 [0228.191] GetCurrentThreadId () returned 0x6f8 [0228.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.191] FindNextFileW (in: hFindFile=0x80343d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 1 [0228.191] GetCurrentThreadId () returned 0x6f8 [0228.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.191] FindNextFileW (in: hFindFile=0x80343d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 0 [0228.191] GetCurrentThreadId () returned 0x6f8 [0228.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.191] FindNextFileW (in: hFindFile=0x8034398, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 0 [0228.191] GetCurrentThreadId () returned 0x6f8 [0228.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.191] FindNextFileW (in: hFindFile=0x8034258, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 0 [0228.191] GetCurrentThreadId () returned 0x6f8 [0228.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.191] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0228.191] GetCurrentThreadId () returned 0x6f8 [0228.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.192] GetCurrentThreadId () returned 0x6f8 [0228.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.192] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0228.192] GetCurrentThreadId () returned 0x6f8 [0228.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.192] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0228.192] GetCurrentThreadId () returned 0x6f8 [0228.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.192] GetCurrentThreadId () returned 0x6f8 [0228.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.192] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Desktop\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0228.192] GetCurrentThreadId () returned 0x6f8 [0228.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.193] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0228.193] GetCurrentThreadId () returned 0x6f8 [0228.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.193] GetCurrentThreadId () returned 0x6f8 [0228.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.193] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0228.193] GetCurrentThreadId () returned 0x6f8 [0228.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.193] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0228.193] GetCurrentThreadId () returned 0x6f8 [0228.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.193] GetCurrentThreadId () returned 0x6f8 [0228.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.193] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Favorites\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0228.194] GetCurrentThreadId () returned 0x6f8 [0228.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.194] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xa17ccf30, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0xa2e6a030, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa2e6a030, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GSogosQc", cAlternateFileName="")) returned 1 [0228.194] GetCurrentThreadId () returned 0x6f8 [0228.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.194] GetCurrentThreadId () returned 0x6f8 [0228.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.194] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\GSogosQc\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0228.194] GetCurrentThreadId () returned 0x6f8 [0228.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.194] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0228.194] GetCurrentThreadId () returned 0x6f8 [0228.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.194] GetCurrentThreadId () returned 0x6f8 [0228.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.194] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034418 [0228.195] GetCurrentThreadId () returned 0x6f8 [0228.195] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.195] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.198] GetCurrentThreadId () returned 0x6f8 [0228.198] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.198] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Assistance", cAlternateFileName="ASSIST~1")) returned 1 [0228.199] GetCurrentThreadId () returned 0x6f8 [0228.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.199] GetCurrentThreadId () returned 0x6f8 [0228.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.199] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034458 [0228.199] GetCurrentThreadId () returned 0x6f8 [0228.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.199] FindNextFileW (in: hFindFile=0x8034458, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.199] GetCurrentThreadId () returned 0x6f8 [0228.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.199] FindNextFileW (in: hFindFile=0x8034458, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Client", cAlternateFileName="")) returned 1 [0228.200] GetCurrentThreadId () returned 0x6f8 [0228.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.200] GetCurrentThreadId () returned 0x6f8 [0228.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.200] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034498 [0228.200] GetCurrentThreadId () returned 0x6f8 [0228.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.200] FindNextFileW (in: hFindFile=0x8034498, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.200] GetCurrentThreadId () returned 0x6f8 [0228.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.200] FindNextFileW (in: hFindFile=0x8034498, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0", cAlternateFileName="")) returned 1 [0228.200] GetCurrentThreadId () returned 0x6f8 [0228.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.200] GetCurrentThreadId () returned 0x6f8 [0228.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.200] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80344d8 [0228.201] GetCurrentThreadId () returned 0x6f8 [0228.201] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.201] FindNextFileW (in: hFindFile=0x80344d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.201] GetCurrentThreadId () returned 0x6f8 [0228.201] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.201] FindNextFileW (in: hFindFile=0x80344d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0228.201] GetCurrentThreadId () returned 0x6f8 [0228.201] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.201] GetCurrentThreadId () returned 0x6f8 [0228.201] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.201] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034518 [0228.201] GetCurrentThreadId () returned 0x6f8 [0228.201] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.201] FindNextFileW (in: hFindFile=0x8034518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.202] GetCurrentThreadId () returned 0x6f8 [0228.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.202] FindNextFileW (in: hFindFile=0x8034518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2436abaa, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xabde2c6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xa65a8bbf, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x2f22, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_CValidator.H1D", cAlternateFileName="HELP_C~1.H1D")) returned 1 [0228.202] GetCurrentThreadId () returned 0x6f8 [0228.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.202] FindNextFileW (in: hFindFile=0x8034518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae2660aa, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae2660aa, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x365fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MKWD_AssetId.H1W", cAlternateFileName="HELP_M~1.H1W")) returned 1 [0228.202] GetCurrentThreadId () returned 0x6f8 [0228.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.202] FindNextFileW (in: hFindFile=0x8034518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae409b6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae409b6f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x325ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MKWD_BestBet.H1W", cAlternateFileName="HELP_M~2.H1W")) returned 1 [0228.202] GetCurrentThreadId () returned 0x6f8 [0228.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.202] FindNextFileW (in: hFindFile=0x8034518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x79f1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MTOC_help.H1H", cAlternateFileName="HELP_M~1.H1H")) returned 1 [0228.202] GetCurrentThreadId () returned 0x6f8 [0228.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.202] FindNextFileW (in: hFindFile=0x8034518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x26353250, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x3944, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MValidator.H1D", cAlternateFileName="HELP_M~1.H1D")) returned 1 [0228.202] GetCurrentThreadId () returned 0x6f8 [0228.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.202] FindNextFileW (in: hFindFile=0x8034518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MValidator.Lck", cAlternateFileName="HELP_M~1.LCK")) returned 1 [0228.202] GetCurrentThreadId () returned 0x6f8 [0228.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.202] FindNextFileW (in: hFindFile=0x8034518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 1 [0228.203] GetCurrentThreadId () returned 0x6f8 [0228.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.203] FindNextFileW (in: hFindFile=0x8034518, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 0 [0228.203] GetCurrentThreadId () returned 0x6f8 [0228.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.203] FindNextFileW (in: hFindFile=0x80344d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0228.203] GetCurrentThreadId () returned 0x6f8 [0228.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.203] FindNextFileW (in: hFindFile=0x8034498, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0", cAlternateFileName="")) returned 0 [0228.203] GetCurrentThreadId () returned 0x6f8 [0228.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.203] FindNextFileW (in: hFindFile=0x8034458, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Client", cAlternateFileName="")) returned 0 [0228.203] GetCurrentThreadId () returned 0x6f8 [0228.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.203] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0228.203] GetCurrentThreadId () returned 0x6f8 [0228.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.203] GetCurrentThreadId () returned 0x6f8 [0228.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.203] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034558 [0228.204] GetCurrentThreadId () returned 0x6f8 [0228.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.204] FindNextFileW (in: hFindFile=0x8034558, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.204] GetCurrentThreadId () returned 0x6f8 [0228.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.204] FindNextFileW (in: hFindFile=0x8034558, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DSS", cAlternateFileName="")) returned 1 [0228.204] GetCurrentThreadId () returned 0x6f8 [0228.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.204] GetCurrentThreadId () returned 0x6f8 [0228.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.204] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034598 [0228.204] GetCurrentThreadId () returned 0x6f8 [0228.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.204] FindNextFileW (in: hFindFile=0x8034598, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.205] GetCurrentThreadId () returned 0x6f8 [0228.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.205] FindNextFileW (in: hFindFile=0x8034598, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0228.205] GetCurrentThreadId () returned 0x6f8 [0228.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.205] GetCurrentThreadId () returned 0x6f8 [0228.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.205] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80345d8 [0228.205] GetCurrentThreadId () returned 0x6f8 [0228.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.205] FindNextFileW (in: hFindFile=0x80345d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.205] GetCurrentThreadId () returned 0x6f8 [0228.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.205] FindNextFileW (in: hFindFile=0x80345d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0228.205] GetCurrentThreadId () returned 0x6f8 [0228.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.205] FindNextFileW (in: hFindFile=0x8034598, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 0 [0228.205] GetCurrentThreadId () returned 0x6f8 [0228.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.206] FindNextFileW (in: hFindFile=0x8034558, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Keys", cAlternateFileName="")) returned 1 [0228.206] GetCurrentThreadId () returned 0x6f8 [0228.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.206] GetCurrentThreadId () returned 0x6f8 [0228.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.206] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034618 [0228.206] GetCurrentThreadId () returned 0x6f8 [0228.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.206] FindNextFileW (in: hFindFile=0x8034618, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.206] GetCurrentThreadId () returned 0x6f8 [0228.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.206] FindNextFileW (in: hFindFile=0x8034618, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0228.206] GetCurrentThreadId () returned 0x6f8 [0228.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.206] FindNextFileW (in: hFindFile=0x8034558, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0228.206] GetCurrentThreadId () returned 0x6f8 [0228.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.206] GetCurrentThreadId () returned 0x6f8 [0228.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.207] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034658 [0228.207] GetCurrentThreadId () returned 0x6f8 [0228.207] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.207] FindNextFileW (in: hFindFile=0x8034658, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.207] GetCurrentThreadId () returned 0x6f8 [0228.207] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.207] FindNextFileW (in: hFindFile=0x8034658, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0228.207] GetCurrentThreadId () returned 0x6f8 [0228.207] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.207] GetCurrentThreadId () returned 0x6f8 [0228.207] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.207] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034698 [0228.207] GetCurrentThreadId () returned 0x6f8 [0228.207] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.207] FindNextFileW (in: hFindFile=0x8034698, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.207] GetCurrentThreadId () returned 0x6f8 [0228.207] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.208] FindNextFileW (in: hFindFile=0x8034698, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0228.208] GetCurrentThreadId () returned 0x6f8 [0228.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.208] FindNextFileW (in: hFindFile=0x8034658, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0228.208] GetCurrentThreadId () returned 0x6f8 [0228.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.208] GetCurrentThreadId () returned 0x6f8 [0228.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.208] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0228.208] GetCurrentThreadId () returned 0x6f8 [0228.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.208] FindNextFileW (in: hFindFile=0x8034658, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 0 [0228.208] GetCurrentThreadId () returned 0x6f8 [0228.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.208] FindNextFileW (in: hFindFile=0x8034558, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0228.208] GetCurrentThreadId () returned 0x6f8 [0228.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.208] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0228.209] GetCurrentThreadId () returned 0x6f8 [0228.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.209] GetCurrentThreadId () returned 0x6f8 [0228.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.209] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80346d8 [0228.209] GetCurrentThreadId () returned 0x6f8 [0228.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.209] FindNextFileW (in: hFindFile=0x80346d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.209] GetCurrentThreadId () returned 0x6f8 [0228.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.209] FindNextFileW (in: hFindFile=0x80346d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device", cAlternateFileName="")) returned 1 [0228.209] GetCurrentThreadId () returned 0x6f8 [0228.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.209] GetCurrentThreadId () returned 0x6f8 [0228.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.209] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034718 [0228.210] GetCurrentThreadId () returned 0x6f8 [0228.210] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xca6c4f0, dwHighDateTime=0x1d6076d)) [0228.210] FindNextFileW (in: hFindFile=0x8034718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.210] FindNextFileW (in: hFindFile=0x8034718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{113527a4-45d4-4b6f-b567-97838f1b04b0}", cAlternateFileName="{11352~1")) returned 1 [0228.210] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034758 [0228.210] FindNextFileW (in: hFindFile=0x8034758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.210] FindNextFileW (in: hFindFile=0x8034758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0228.213] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", dwFileAttributes=0x80) returned 0 [0228.213] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e0 [0228.214] GetFileSize (in: hFile=0x11e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fad1 [0228.223] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", dwFileAttributes=0x20) returned 0 [0228.223] GetCurrentThreadId () returned 0x6f8 [0228.223] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", piIcon=0x4e4eadc | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", piIcon=0x4e4eadc) returned 0x210143 [0228.234] GetIconInfo (in: hIcon=0x210143, piconinfo=0x4e4eac8 | out: piconinfo=0x4e4eac8) returned 1 [0228.234] CreateFileW (lpFileName="uSgc.ico" (normalized: "c:\\windows\\system32\\usgc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e4 [0228.235] GetObjectA (in: h=0xa8050763, c=24, pv=0x4e4ea8c | out: pv=0x4e4ea8c) returned 24 [0228.235] GetObjectA (in: h=0xb80501fb, c=24, pv=0x4e4eaa4 | out: pv=0x4e4eaa4) returned 24 [0228.235] CreateCompatibleDC (hdc=0x0) returned 0x5901016f [0228.235] GetDIBits (in: hdc=0x5901016f, hbm=0xa8050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e63c) returned 1 [0228.235] GetDIBits (in: hdc=0x5901016f, hbm=0xa8050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e63c) returned 32 [0228.235] GetDIBits (in: hdc=0x5901016f, hbm=0xa8050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e214) returned 1 [0228.235] GetDIBits (in: hdc=0x5901016f, hbm=0xb80501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e214) returned 32 [0228.236] WriteFile (in: hFile=0x11e4, lpBuffer=0x4e4e1f4*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1f4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x6, lpOverlapped=0x0) returned 1 [0228.237] WriteFile (in: hFile=0x11e4, lpBuffer=0x4e4e1e4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1e4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x10, lpOverlapped=0x0) returned 1 [0228.237] WriteFile (in: hFile=0x11e4, lpBuffer=0x4e4ea64*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4ea64*, lpNumberOfBytesWritten=0x4e4e1dc*=0x28, lpOverlapped=0x0) returned 1 [0228.237] WriteFile (in: hFile=0x11e4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x1000, lpOverlapped=0x0) returned 1 [0228.237] WriteFile (in: hFile=0x11e4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x80, lpOverlapped=0x0) returned 1 [0228.238] DeleteDC (hdc=0x5901016f) returned 1 [0228.238] CloseHandle (hObject=0x11e4) returned 1 [0228.238] DeleteObject (ho=0xa8050763) returned 1 [0228.238] DeleteObject (ho=0xb80501fb) returned 1 [0228.238] DestroyCursor (hCursor=0x210143) returned 1 [0228.238] GetCurrentThreadId () returned 0x6f8 [0228.238] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e4 [0228.238] GetFileSize (in: hFile=0x11e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fad1 [0228.244] ReadFile (in: hFile=0x11e4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1fad1, lpNumberOfBytesRead=0x4e4edc8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4edc8*=0x1fad1, lpOverlapped=0x0) returned 1 [0228.244] CloseHandle (hObject=0x11e4) returned 1 [0228.245] GetCurrentThreadId () returned 0x6f8 [0228.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xcade910, dwHighDateTime=0x1d6076d)) [0228.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xcade910, dwHighDateTime=0x1d6076d)) [0228.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea44 | out: lpSystemTimeAsFileTime=0x4e4ea44*(dwLowDateTime=0xcade910, dwHighDateTime=0x1d6076d)) [0228.358] GetCurrentThreadId () returned 0x6f8 [0228.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xcbe92b0, dwHighDateTime=0x1d6076d)) [0228.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xcbe92b0, dwHighDateTime=0x1d6076d)) [0228.358] GetCurrentThreadId () returned 0x6f8 [0228.358] CreateFileW (lpFileName="AQgI.exe" (normalized: "c:\\windows\\system32\\aqgi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.359] CreateFileW (lpFileName="AQgI.exe" (normalized: "c:\\windows\\system32\\aqgi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.359] GetCurrentThreadId () returned 0x6f8 [0228.359] GetCurrentThreadId () returned 0x6f8 [0228.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xcbe92b0, dwHighDateTime=0x1d6076d)) [0228.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xcbe92b0, dwHighDateTime=0x1d6076d)) [0228.360] CreateFileW (lpFileName="AQgI.exe" (normalized: "c:\\windows\\system32\\aqgi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.360] GetCurrentThreadId () returned 0x6f8 [0228.360] BeginUpdateResourceW (pFileName="AQgI.exe" (normalized: "c:\\windows\\system32\\aqgi.exe"), bDeleteExistingResources=0) returned 0x0 [0228.360] CreateFileW (lpFileName="uSgc.ico" (normalized: "c:\\windows\\system32\\usgc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11e4 [0228.360] GetFileSize (in: hFile=0x11e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0228.360] ReadFile (in: hFile=0x11e4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4eadc, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4eadc*=0x10be, lpOverlapped=0x0) returned 1 [0228.361] CloseHandle (hObject=0x11e4) returned 1 [0228.361] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0228.361] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4eac8, cb=0x14) returned 0 [0228.361] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0228.361] CopyFileW (lpExistingFileName="AQgI.exe" (normalized: "c:\\windows\\system32\\aqgi.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.exe"), bFailIfExists=0) returned 0 [0228.361] SetNamedSecurityInfoW () returned 0x2 [0228.361] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png")) returned 0 [0228.362] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xcc, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4eb20*=0xcc, lpOverlapped=0x0) returned 1 [0228.362] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4eb20*=0x4, lpOverlapped=0x0) returned 1 [0228.362] DeleteFileW (lpFileName="uSgc.ico" (normalized: "c:\\windows\\system32\\usgc.ico")) returned 1 [0228.364] DeleteFileW (lpFileName="AQgI.exe" (normalized: "c:\\windows\\system32\\aqgi.exe")) returned 0 [0228.364] GetCurrentThreadId () returned 0x6f8 [0228.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ead0 | out: lpSystemTimeAsFileTime=0x4e4ead0*(dwLowDateTime=0xcbe92b0, dwHighDateTime=0x1d6076d)) [0228.364] GetCurrentThreadId () returned 0x6f8 [0228.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xcbe92b0, dwHighDateTime=0x1d6076d)) [0228.364] FindNextFileW (in: hFindFile=0x8034758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7c5b0d9, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xc7c5b0d9, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xc7c5b0d9, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xb61, dwReserved0=0x0, dwReserved1=0x0, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0228.364] GetCurrentThreadId () returned 0x6f8 [0228.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xcbe92b0, dwHighDateTime=0x1d6076d)) [0228.364] FindNextFileW (in: hFindFile=0x8034758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xadc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="device.png", cAlternateFileName="")) returned 1 [0228.364] GetCurrentThreadId () returned 0x6f8 [0228.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eaf8 | out: lpSystemTimeAsFileTime=0x4e4eaf8*(dwLowDateTime=0xcbe92b0, dwHighDateTime=0x1d6076d)) [0228.364] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0x20 [0228.364] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", dwFileAttributes=0x80) returned 0 [0228.364] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e4 [0228.365] GetFileSize (in: hFile=0x11e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xadc8 [0228.370] ReadFile (in: hFile=0x11e4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xadc8, lpNumberOfBytesRead=0x4e4ead0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ead0*=0xadc8, lpOverlapped=0x0) returned 1 [0228.372] GetCurrentThreadId () returned 0x6f8 [0228.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0xcc0f410, dwHighDateTime=0x1d6076d)) [0228.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0xcc0f410, dwHighDateTime=0x1d6076d)) [0228.372] GetCurrentThreadId () returned 0x6f8 [0228.372] CloseHandle (hObject=0x11e4) returned 1 [0228.372] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", dwFileAttributes=0x20) returned 0 [0228.372] GetCurrentThreadId () returned 0x6f8 [0228.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0xcc0f410, dwHighDateTime=0x1d6076d)) [0228.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0xcc0f410, dwHighDateTime=0x1d6076d)) [0228.373] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", piIcon=0x4e4eadc | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", piIcon=0x4e4eadc) returned 0x220143 [0228.380] GetIconInfo (in: hIcon=0x220143, piconinfo=0x4e4eac8 | out: piconinfo=0x4e4eac8) returned 1 [0228.380] CreateFileW (lpFileName="gCco.ico" (normalized: "c:\\windows\\system32\\gcco.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e0 [0228.381] GetObjectA (in: h=0x9050771, c=24, pv=0x4e4ea8c | out: pv=0x4e4ea8c) returned 24 [0228.381] GetObjectA (in: h=0x18050770, c=24, pv=0x4e4eaa4 | out: pv=0x4e4eaa4) returned 24 [0228.381] CreateCompatibleDC (hdc=0x0) returned 0x7901018d [0228.381] GetDIBits (in: hdc=0x7901018d, hbm=0x9050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e63c) returned 1 [0228.381] GetDIBits (in: hdc=0x7901018d, hbm=0x9050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e63c) returned 32 [0228.381] GetDIBits (in: hdc=0x7901018d, hbm=0x9050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e214) returned 1 [0228.382] GetDIBits (in: hdc=0x7901018d, hbm=0x18050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e214) returned 32 [0228.382] WriteFile (in: hFile=0x11e0, lpBuffer=0x4e4e1f4*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1f4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x6, lpOverlapped=0x0) returned 1 [0228.383] WriteFile (in: hFile=0x11e0, lpBuffer=0x4e4e1e4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1e4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x10, lpOverlapped=0x0) returned 1 [0228.383] WriteFile (in: hFile=0x11e0, lpBuffer=0x4e4ea64*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4ea64*, lpNumberOfBytesWritten=0x4e4e1dc*=0x28, lpOverlapped=0x0) returned 1 [0228.383] WriteFile (in: hFile=0x11e0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x1000, lpOverlapped=0x0) returned 1 [0228.384] WriteFile (in: hFile=0x11e0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x80, lpOverlapped=0x0) returned 1 [0228.384] DeleteDC (hdc=0x7901018d) returned 1 [0228.384] CloseHandle (hObject=0x11e0) returned 1 [0228.384] DeleteObject (ho=0x9050771) returned 1 [0228.384] DeleteObject (ho=0x18050770) returned 1 [0228.384] DestroyCursor (hCursor=0x220143) returned 1 [0228.384] GetCurrentThreadId () returned 0x6f8 [0228.384] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e0 [0228.385] GetFileSize (in: hFile=0x11e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xadc8 [0228.390] ReadFile (in: hFile=0x11e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xadc8, lpNumberOfBytesRead=0x4e4edc8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4edc8*=0xadc8, lpOverlapped=0x0) returned 1 [0228.390] CloseHandle (hObject=0x11e0) returned 1 [0228.390] GetCurrentThreadId () returned 0x6f8 [0228.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xcc35570, dwHighDateTime=0x1d6076d)) [0228.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xcc35570, dwHighDateTime=0x1d6076d)) [0228.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea44 | out: lpSystemTimeAsFileTime=0x4e4ea44*(dwLowDateTime=0xcc35570, dwHighDateTime=0x1d6076d)) [0228.474] GetCurrentThreadId () returned 0x6f8 [0228.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xccf3c50, dwHighDateTime=0x1d6076d)) [0228.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xccf3c50, dwHighDateTime=0x1d6076d)) [0228.474] GetCurrentThreadId () returned 0x6f8 [0228.474] CreateFileW (lpFileName="KQoa.exe" (normalized: "c:\\windows\\system32\\kqoa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.475] CreateFileW (lpFileName="KQoa.exe" (normalized: "c:\\windows\\system32\\kqoa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.475] GetCurrentThreadId () returned 0x6f8 [0228.475] GetCurrentThreadId () returned 0x6f8 [0228.475] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xccf3c50, dwHighDateTime=0x1d6076d)) [0228.475] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xccf3c50, dwHighDateTime=0x1d6076d)) [0228.475] CreateFileW (lpFileName="KQoa.exe" (normalized: "c:\\windows\\system32\\kqoa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.475] GetCurrentThreadId () returned 0x6f8 [0228.475] BeginUpdateResourceW (pFileName="KQoa.exe" (normalized: "c:\\windows\\system32\\kqoa.exe"), bDeleteExistingResources=0) returned 0x0 [0228.475] CreateFileW (lpFileName="gCco.ico" (normalized: "c:\\windows\\system32\\gcco.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11e0 [0228.475] GetFileSize (in: hFile=0x11e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0228.476] ReadFile (in: hFile=0x11e0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4eadc, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4eadc*=0x10be, lpOverlapped=0x0) returned 1 [0228.476] CloseHandle (hObject=0x11e0) returned 1 [0228.476] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0228.476] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4eac8, cb=0x14) returned 0 [0228.476] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0228.476] CopyFileW (lpExistingFileName="KQoa.exe" (normalized: "c:\\windows\\system32\\kqoa.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.exe"), bFailIfExists=0) returned 0 [0228.477] SetNamedSecurityInfoW () returned 0x2 [0228.477] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0 [0228.477] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xc4, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4eb20*=0xc4, lpOverlapped=0x0) returned 1 [0228.477] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4eb20*=0x4, lpOverlapped=0x0) returned 1 [0228.477] DeleteFileW (lpFileName="gCco.ico" (normalized: "c:\\windows\\system32\\gcco.ico")) returned 1 [0228.479] DeleteFileW (lpFileName="KQoa.exe" (normalized: "c:\\windows\\system32\\kqoa.exe")) returned 0 [0228.479] GetCurrentThreadId () returned 0x6f8 [0228.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ead0 | out: lpSystemTimeAsFileTime=0x4e4ead0*(dwLowDateTime=0xcd19db0, dwHighDateTime=0x1d6076d)) [0228.479] GetCurrentThreadId () returned 0x6f8 [0228.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xcd19db0, dwHighDateTime=0x1d6076d)) [0228.479] FindNextFileW (in: hFindFile=0x8034758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0a07cc, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0a07cc, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="overlay.png", cAlternateFileName="")) returned 1 [0228.479] GetCurrentThreadId () returned 0x6f8 [0228.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eaf8 | out: lpSystemTimeAsFileTime=0x4e4eaf8*(dwLowDateTime=0xcd19db0, dwHighDateTime=0x1d6076d)) [0228.479] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png")) returned 0x20 [0228.479] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", dwFileAttributes=0x80) returned 0 [0228.479] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e0 [0228.480] GetFileSize (in: hFile=0x11e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x70c1 [0228.484] ReadFile (in: hFile=0x11e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x70c1, lpNumberOfBytesRead=0x4e4ead0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ead0*=0x70c1, lpOverlapped=0x0) returned 1 [0228.485] GetCurrentThreadId () returned 0x6f8 [0228.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0xcd19db0, dwHighDateTime=0x1d6076d)) [0228.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0xcd19db0, dwHighDateTime=0x1d6076d)) [0228.485] GetCurrentThreadId () returned 0x6f8 [0228.486] CloseHandle (hObject=0x11e0) returned 1 [0228.486] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", dwFileAttributes=0x20) returned 0 [0228.486] GetCurrentThreadId () returned 0x6f8 [0228.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0xcd19db0, dwHighDateTime=0x1d6076d)) [0228.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0xcd19db0, dwHighDateTime=0x1d6076d)) [0228.486] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", piIcon=0x4e4eadc | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", piIcon=0x4e4eadc) returned 0x230143 [0228.492] GetIconInfo (in: hIcon=0x230143, piconinfo=0x4e4eac8 | out: piconinfo=0x4e4eac8) returned 1 [0228.492] CreateFileW (lpFileName="iykc.ico" (normalized: "c:\\windows\\system32\\iykc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e4 [0228.493] GetObjectA (in: h=0xbb0501fb, c=24, pv=0x4e4ea8c | out: pv=0x4e4ea8c) returned 24 [0228.493] GetObjectA (in: h=0xad050763, c=24, pv=0x4e4eaa4 | out: pv=0x4e4eaa4) returned 24 [0228.493] CreateCompatibleDC (hdc=0x0) returned 0xb0101fa [0228.493] GetDIBits (in: hdc=0xb0101fa, hbm=0xbb0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e63c) returned 1 [0228.493] GetDIBits (in: hdc=0xb0101fa, hbm=0xbb0501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e63c) returned 32 [0228.493] GetDIBits (in: hdc=0xb0101fa, hbm=0xbb0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e214) returned 1 [0228.493] GetDIBits (in: hdc=0xb0101fa, hbm=0xad050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e214) returned 32 [0228.493] WriteFile (in: hFile=0x11e4, lpBuffer=0x4e4e1f4*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1f4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x6, lpOverlapped=0x0) returned 1 [0228.494] WriteFile (in: hFile=0x11e4, lpBuffer=0x4e4e1e4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1e4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x10, lpOverlapped=0x0) returned 1 [0228.494] WriteFile (in: hFile=0x11e4, lpBuffer=0x4e4ea64*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4ea64*, lpNumberOfBytesWritten=0x4e4e1dc*=0x28, lpOverlapped=0x0) returned 1 [0228.494] WriteFile (in: hFile=0x11e4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x1000, lpOverlapped=0x0) returned 1 [0228.495] WriteFile (in: hFile=0x11e4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x80, lpOverlapped=0x0) returned 1 [0228.495] DeleteDC (hdc=0xb0101fa) returned 1 [0228.495] CloseHandle (hObject=0x11e4) returned 1 [0228.495] DeleteObject (ho=0xbb0501fb) returned 1 [0228.495] DeleteObject (ho=0xad050763) returned 1 [0228.495] DestroyCursor (hCursor=0x230143) returned 1 [0228.495] GetCurrentThreadId () returned 0x6f8 [0228.495] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e4 [0228.495] GetFileSize (in: hFile=0x11e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x70c1 [0228.500] ReadFile (in: hFile=0x11e4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x70c1, lpNumberOfBytesRead=0x4e4edc8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4edc8*=0x70c1, lpOverlapped=0x0) returned 1 [0228.500] CloseHandle (hObject=0x11e4) returned 1 [0228.500] GetCurrentThreadId () returned 0x6f8 [0228.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xcd3ff10, dwHighDateTime=0x1d6076d)) [0228.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xcd3ff10, dwHighDateTime=0x1d6076d)) [0228.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea44 | out: lpSystemTimeAsFileTime=0x4e4ea44*(dwLowDateTime=0xcd3ff10, dwHighDateTime=0x1d6076d)) [0228.584] GetCurrentThreadId () returned 0x6f8 [0228.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xcdfe5f0, dwHighDateTime=0x1d6076d)) [0228.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xcdfe5f0, dwHighDateTime=0x1d6076d)) [0228.584] GetCurrentThreadId () returned 0x6f8 [0228.584] CreateFileW (lpFileName="YgYk.exe" (normalized: "c:\\windows\\system32\\ygyk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.585] CreateFileW (lpFileName="YgYk.exe" (normalized: "c:\\windows\\system32\\ygyk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.586] GetCurrentThreadId () returned 0x6f8 [0228.586] GetCurrentThreadId () returned 0x6f8 [0228.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xcdfe5f0, dwHighDateTime=0x1d6076d)) [0228.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xce24750, dwHighDateTime=0x1d6076d)) [0228.586] CreateFileW (lpFileName="YgYk.exe" (normalized: "c:\\windows\\system32\\ygyk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.586] GetCurrentThreadId () returned 0x6f8 [0228.586] BeginUpdateResourceW (pFileName="YgYk.exe" (normalized: "c:\\windows\\system32\\ygyk.exe"), bDeleteExistingResources=0) returned 0x0 [0228.586] CreateFileW (lpFileName="iykc.ico" (normalized: "c:\\windows\\system32\\iykc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11e4 [0228.586] GetFileSize (in: hFile=0x11e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0228.587] ReadFile (in: hFile=0x11e4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4eadc, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4eadc*=0x10be, lpOverlapped=0x0) returned 1 [0228.587] CloseHandle (hObject=0x11e4) returned 1 [0228.587] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0228.587] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4eac8, cb=0x14) returned 0 [0228.587] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0228.587] CopyFileW (lpExistingFileName="YgYk.exe" (normalized: "c:\\windows\\system32\\ygyk.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.exe"), bFailIfExists=0) returned 0 [0228.587] SetNamedSecurityInfoW () returned 0x2 [0228.587] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png")) returned 0 [0228.588] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xc6, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4eb20*=0xc6, lpOverlapped=0x0) returned 1 [0228.588] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4eb20*=0x4, lpOverlapped=0x0) returned 1 [0228.588] DeleteFileW (lpFileName="iykc.ico" (normalized: "c:\\windows\\system32\\iykc.ico")) returned 1 [0228.589] DeleteFileW (lpFileName="YgYk.exe" (normalized: "c:\\windows\\system32\\ygyk.exe")) returned 0 [0228.589] GetCurrentThreadId () returned 0x6f8 [0228.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ead0 | out: lpSystemTimeAsFileTime=0x4e4ead0*(dwLowDateTime=0xce24750, dwHighDateTime=0x1d6076d)) [0228.589] GetCurrentThreadId () returned 0x6f8 [0228.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xce24750, dwHighDateTime=0x1d6076d)) [0228.589] FindNextFileW (in: hFindFile=0x8034758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 1 [0228.589] GetCurrentThreadId () returned 0x6f8 [0228.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eaf8 | out: lpSystemTimeAsFileTime=0x4e4eaf8*(dwLowDateTime=0xce24750, dwHighDateTime=0x1d6076d)) [0228.589] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png")) returned 0x20 [0228.590] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", dwFileAttributes=0x80) returned 0 [0228.590] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e4 [0228.590] GetFileSize (in: hFile=0x11e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x99d3 [0228.594] ReadFile (in: hFile=0x11e4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x99d3, lpNumberOfBytesRead=0x4e4ead0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ead0*=0x99d3, lpOverlapped=0x0) returned 1 [0228.596] GetCurrentThreadId () returned 0x6f8 [0228.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0xce24750, dwHighDateTime=0x1d6076d)) [0228.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0xce24750, dwHighDateTime=0x1d6076d)) [0228.596] GetCurrentThreadId () returned 0x6f8 [0228.596] CloseHandle (hObject=0x11e4) returned 1 [0228.596] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", dwFileAttributes=0x20) returned 0 [0228.596] GetCurrentThreadId () returned 0x6f8 [0228.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0xce24750, dwHighDateTime=0x1d6076d)) [0228.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0xce24750, dwHighDateTime=0x1d6076d)) [0228.596] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", piIcon=0x4e4eadc | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", piIcon=0x4e4eadc) returned 0x240143 [0228.604] GetIconInfo (in: hIcon=0x240143, piconinfo=0x4e4eac8 | out: piconinfo=0x4e4eac8) returned 1 [0228.604] CreateFileW (lpFileName="mYUg.ico" (normalized: "c:\\windows\\system32\\myug.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e0 [0228.604] GetObjectA (in: h=0x1b050770, c=24, pv=0x4e4ea8c | out: pv=0x4e4ea8c) returned 24 [0228.604] GetObjectA (in: h=0xe050771, c=24, pv=0x4e4eaa4 | out: pv=0x4e4eaa4) returned 24 [0228.604] CreateCompatibleDC (hdc=0x0) returned 0x59010772 [0228.604] GetDIBits (in: hdc=0x59010772, hbm=0x1b050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e63c) returned 1 [0228.604] GetDIBits (in: hdc=0x59010772, hbm=0x1b050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e63c) returned 32 [0228.605] GetDIBits (in: hdc=0x59010772, hbm=0x1b050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e214) returned 1 [0228.605] GetDIBits (in: hdc=0x59010772, hbm=0xe050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e214) returned 32 [0228.605] WriteFile (in: hFile=0x11e0, lpBuffer=0x4e4e1f4*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1f4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x6, lpOverlapped=0x0) returned 1 [0228.606] WriteFile (in: hFile=0x11e0, lpBuffer=0x4e4e1e4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1e4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x10, lpOverlapped=0x0) returned 1 [0228.606] WriteFile (in: hFile=0x11e0, lpBuffer=0x4e4ea64*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4ea64*, lpNumberOfBytesWritten=0x4e4e1dc*=0x28, lpOverlapped=0x0) returned 1 [0228.606] WriteFile (in: hFile=0x11e0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x1000, lpOverlapped=0x0) returned 1 [0228.606] WriteFile (in: hFile=0x11e0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x80, lpOverlapped=0x0) returned 1 [0228.607] DeleteDC (hdc=0x59010772) returned 1 [0228.607] CloseHandle (hObject=0x11e0) returned 1 [0228.607] DeleteObject (ho=0x1b050770) returned 1 [0228.607] DeleteObject (ho=0xe050771) returned 1 [0228.607] DestroyCursor (hCursor=0x240143) returned 1 [0228.607] GetCurrentThreadId () returned 0x6f8 [0228.607] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e0 [0228.607] GetFileSize (in: hFile=0x11e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x99d3 [0228.612] ReadFile (in: hFile=0x11e0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x99d3, lpNumberOfBytesRead=0x4e4edc8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4edc8*=0x99d3, lpOverlapped=0x0) returned 1 [0228.612] CloseHandle (hObject=0x11e0) returned 1 [0228.612] GetCurrentThreadId () returned 0x6f8 [0228.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xce4a8b0, dwHighDateTime=0x1d6076d)) [0228.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xce4a8b0, dwHighDateTime=0x1d6076d)) [0228.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea44 | out: lpSystemTimeAsFileTime=0x4e4ea44*(dwLowDateTime=0xce4a8b0, dwHighDateTime=0x1d6076d)) [0228.717] GetCurrentThreadId () returned 0x6f8 [0228.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.717] GetCurrentThreadId () returned 0x6f8 [0228.717] CreateFileW (lpFileName="gwcK.exe" (normalized: "c:\\windows\\system32\\gwck.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.717] CreateFileW (lpFileName="gwcK.exe" (normalized: "c:\\windows\\system32\\gwck.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.718] GetCurrentThreadId () returned 0x6f8 [0228.718] GetCurrentThreadId () returned 0x6f8 [0228.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.718] CreateFileW (lpFileName="gwcK.exe" (normalized: "c:\\windows\\system32\\gwck.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.718] GetCurrentThreadId () returned 0x6f8 [0228.718] BeginUpdateResourceW (pFileName="gwcK.exe" (normalized: "c:\\windows\\system32\\gwck.exe"), bDeleteExistingResources=0) returned 0x0 [0228.718] CreateFileW (lpFileName="mYUg.ico" (normalized: "c:\\windows\\system32\\myug.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11e0 [0228.718] GetFileSize (in: hFile=0x11e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0228.718] ReadFile (in: hFile=0x11e0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4eadc, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4eadc*=0x10be, lpOverlapped=0x0) returned 1 [0228.719] CloseHandle (hObject=0x11e0) returned 1 [0228.719] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0228.719] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4eac8, cb=0x14) returned 0 [0228.719] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0228.719] CopyFileW (lpExistingFileName="gwcK.exe" (normalized: "c:\\windows\\system32\\gwck.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.exe"), bFailIfExists=0) returned 0 [0228.719] SetNamedSecurityInfoW () returned 0x2 [0228.719] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png")) returned 0 [0228.719] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xc8, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4eb20*=0xc8, lpOverlapped=0x0) returned 1 [0228.720] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4eb20*=0x4, lpOverlapped=0x0) returned 1 [0228.720] DeleteFileW (lpFileName="mYUg.ico" (normalized: "c:\\windows\\system32\\myug.ico")) returned 1 [0228.721] DeleteFileW (lpFileName="gwcK.exe" (normalized: "c:\\windows\\system32\\gwck.exe")) returned 0 [0228.722] GetCurrentThreadId () returned 0x6f8 [0228.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ead0 | out: lpSystemTimeAsFileTime=0x4e4ead0*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.722] GetCurrentThreadId () returned 0x6f8 [0228.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.722] FindNextFileW (in: hFindFile=0x8034758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 0 [0228.722] GetCurrentThreadId () returned 0x6f8 [0228.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.722] FindNextFileW (in: hFindFile=0x8034718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 1 [0228.722] GetCurrentThreadId () returned 0x6f8 [0228.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.722] GetCurrentThreadId () returned 0x6f8 [0228.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.722] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034798 [0228.722] GetCurrentThreadId () returned 0x6f8 [0228.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.722] FindNextFileW (in: hFindFile=0x8034798, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.722] GetCurrentThreadId () returned 0x6f8 [0228.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.722] FindNextFileW (in: hFindFile=0x8034798, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0af2f7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x9c0af2f7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x9c0af2f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0228.723] GetCurrentThreadId () returned 0x6f8 [0228.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eaf8 | out: lpSystemTimeAsFileTime=0x4e4eaf8*(dwLowDateTime=0xcf55250, dwHighDateTime=0x1d6076d)) [0228.723] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png")) returned 0x20 [0228.723] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", dwFileAttributes=0x80) returned 0 [0228.723] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e4 [0228.723] GetFileSize (in: hFile=0x11e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fad1 [0228.730] ReadFile (in: hFile=0x11e4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1fad1, lpNumberOfBytesRead=0x4e4ead0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ead0*=0x1fad1, lpOverlapped=0x0) returned 1 [0228.732] GetCurrentThreadId () returned 0x6f8 [0228.732] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0xcf7b3b0, dwHighDateTime=0x1d6076d)) [0228.733] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0xcf7b3b0, dwHighDateTime=0x1d6076d)) [0228.733] GetCurrentThreadId () returned 0x6f8 [0228.733] CloseHandle (hObject=0x11e4) returned 1 [0228.734] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", dwFileAttributes=0x20) returned 0 [0228.734] GetCurrentThreadId () returned 0x6f8 [0228.734] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0xcf7b3b0, dwHighDateTime=0x1d6076d)) [0228.734] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0xcf7b3b0, dwHighDateTime=0x1d6076d)) [0228.734] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", piIcon=0x4e4eadc | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", piIcon=0x4e4eadc) returned 0x250143 [0228.745] GetIconInfo (in: hIcon=0x250143, piconinfo=0x4e4eac8 | out: piconinfo=0x4e4eac8) returned 1 [0228.745] CreateFileW (lpFileName="WQQk.ico" (normalized: "c:\\windows\\system32\\wqqk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e8 [0228.746] GetObjectA (in: h=0xb0050763, c=24, pv=0x4e4ea8c | out: pv=0x4e4ea8c) returned 24 [0228.746] GetObjectA (in: h=0xc30501fb, c=24, pv=0x4e4eaa4 | out: pv=0x4e4eaa4) returned 24 [0228.746] CreateCompatibleDC (hdc=0x0) returned 0x68010776 [0228.746] GetDIBits (in: hdc=0x68010776, hbm=0xb0050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e63c) returned 1 [0228.746] GetDIBits (in: hdc=0x68010776, hbm=0xb0050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e63c) returned 32 [0228.746] GetDIBits (in: hdc=0x68010776, hbm=0xb0050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e214) returned 1 [0228.746] GetDIBits (in: hdc=0x68010776, hbm=0xc30501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e214) returned 32 [0228.746] WriteFile (in: hFile=0x11e8, lpBuffer=0x4e4e1f4*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1f4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x6, lpOverlapped=0x0) returned 1 [0228.748] WriteFile (in: hFile=0x11e8, lpBuffer=0x4e4e1e4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1e4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x10, lpOverlapped=0x0) returned 1 [0228.748] WriteFile (in: hFile=0x11e8, lpBuffer=0x4e4ea64*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4ea64*, lpNumberOfBytesWritten=0x4e4e1dc*=0x28, lpOverlapped=0x0) returned 1 [0228.748] WriteFile (in: hFile=0x11e8, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x1000, lpOverlapped=0x0) returned 1 [0228.748] WriteFile (in: hFile=0x11e8, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x80, lpOverlapped=0x0) returned 1 [0228.749] DeleteDC (hdc=0x68010776) returned 1 [0228.749] CloseHandle (hObject=0x11e8) returned 1 [0228.749] DeleteObject (ho=0xb0050763) returned 1 [0228.749] DeleteObject (ho=0xc30501fb) returned 1 [0228.749] DestroyCursor (hCursor=0x250143) returned 1 [0228.749] GetCurrentThreadId () returned 0x6f8 [0228.749] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e8 [0228.749] GetFileSize (in: hFile=0x11e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fad1 [0228.754] ReadFile (in: hFile=0x11e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x1fad1, lpNumberOfBytesRead=0x4e4edc8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4edc8*=0x1fad1, lpOverlapped=0x0) returned 1 [0228.755] CloseHandle (hObject=0x11e8) returned 1 [0228.755] GetCurrentThreadId () returned 0x6f8 [0228.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xcfa1510, dwHighDateTime=0x1d6076d)) [0228.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xcfa1510, dwHighDateTime=0x1d6076d)) [0228.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea44 | out: lpSystemTimeAsFileTime=0x4e4ea44*(dwLowDateTime=0xcfa1510, dwHighDateTime=0x1d6076d)) [0228.870] GetCurrentThreadId () returned 0x6f8 [0228.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xd0d2010, dwHighDateTime=0x1d6076d)) [0228.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xd0d2010, dwHighDateTime=0x1d6076d)) [0228.870] GetCurrentThreadId () returned 0x6f8 [0228.870] CreateFileW (lpFileName="MkYI.exe" (normalized: "c:\\windows\\system32\\mkyi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.871] CreateFileW (lpFileName="MkYI.exe" (normalized: "c:\\windows\\system32\\mkyi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.871] GetCurrentThreadId () returned 0x6f8 [0228.871] GetCurrentThreadId () returned 0x6f8 [0228.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xd0d2010, dwHighDateTime=0x1d6076d)) [0228.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xd0d2010, dwHighDateTime=0x1d6076d)) [0228.872] CreateFileW (lpFileName="MkYI.exe" (normalized: "c:\\windows\\system32\\mkyi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.872] GetCurrentThreadId () returned 0x6f8 [0228.872] BeginUpdateResourceW (pFileName="MkYI.exe" (normalized: "c:\\windows\\system32\\mkyi.exe"), bDeleteExistingResources=0) returned 0x0 [0228.872] CreateFileW (lpFileName="WQQk.ico" (normalized: "c:\\windows\\system32\\wqqk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11e8 [0228.872] GetFileSize (in: hFile=0x11e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0228.873] ReadFile (in: hFile=0x11e8, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4eadc, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4eadc*=0x10be, lpOverlapped=0x0) returned 1 [0228.873] CloseHandle (hObject=0x11e8) returned 1 [0228.873] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0228.873] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4eac8, cb=0x14) returned 0 [0228.873] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0228.873] CopyFileW (lpExistingFileName="MkYI.exe" (normalized: "c:\\windows\\system32\\mkyi.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.exe"), bFailIfExists=0) returned 0 [0228.874] SetNamedSecurityInfoW () returned 0x2 [0228.874] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png")) returned 0 [0228.874] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xcc, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4eb20*=0xcc, lpOverlapped=0x0) returned 1 [0228.874] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4eb20*=0x4, lpOverlapped=0x0) returned 1 [0228.875] DeleteFileW (lpFileName="WQQk.ico" (normalized: "c:\\windows\\system32\\wqqk.ico")) returned 1 [0228.876] DeleteFileW (lpFileName="MkYI.exe" (normalized: "c:\\windows\\system32\\mkyi.exe")) returned 0 [0228.877] GetCurrentThreadId () returned 0x6f8 [0228.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ead0 | out: lpSystemTimeAsFileTime=0x4e4ead0*(dwLowDateTime=0xd0d2010, dwHighDateTime=0x1d6076d)) [0228.877] GetCurrentThreadId () returned 0x6f8 [0228.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd0d2010, dwHighDateTime=0x1d6076d)) [0228.877] FindNextFileW (in: hFindFile=0x8034798, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2feb941, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2feb941, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0228.877] GetCurrentThreadId () returned 0x6f8 [0228.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd0d2010, dwHighDateTime=0x1d6076d)) [0228.877] FindNextFileW (in: hFindFile=0x8034798, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 1 [0228.877] GetCurrentThreadId () returned 0x6f8 [0228.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eaf8 | out: lpSystemTimeAsFileTime=0x4e4eaf8*(dwLowDateTime=0xd0d2010, dwHighDateTime=0x1d6076d)) [0228.877] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png")) returned 0x20 [0228.877] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", dwFileAttributes=0x80) returned 0 [0228.878] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e8 [0228.878] GetFileSize (in: hFile=0x11e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x70c1 [0228.883] ReadFile (in: hFile=0x11e8, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x70c1, lpNumberOfBytesRead=0x4e4ead0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ead0*=0x70c1, lpOverlapped=0x0) returned 1 [0228.885] GetCurrentThreadId () returned 0x6f8 [0228.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0xd0f8170, dwHighDateTime=0x1d6076d)) [0228.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea58 | out: lpSystemTimeAsFileTime=0x4e4ea58*(dwLowDateTime=0xd0f8170, dwHighDateTime=0x1d6076d)) [0228.885] GetCurrentThreadId () returned 0x6f8 [0228.885] CloseHandle (hObject=0x11e8) returned 1 [0228.885] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", dwFileAttributes=0x20) returned 0 [0228.885] GetCurrentThreadId () returned 0x6f8 [0228.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0xd0f8170, dwHighDateTime=0x1d6076d)) [0228.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e1b0 | out: lpSystemTimeAsFileTime=0x4e4e1b0*(dwLowDateTime=0xd0f8170, dwHighDateTime=0x1d6076d)) [0228.886] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", piIcon=0x4e4eadc | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", piIcon=0x4e4eadc) returned 0x260143 [0228.895] GetIconInfo (in: hIcon=0x260143, piconinfo=0x4e4eac8 | out: piconinfo=0x4e4eac8) returned 1 [0228.895] CreateFileW (lpFileName="cwYA.ico" (normalized: "c:\\windows\\system32\\cwya.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e4 [0228.896] GetObjectA (in: h=0x11050771, c=24, pv=0x4e4ea8c | out: pv=0x4e4ea8c) returned 24 [0228.896] GetObjectA (in: h=0x20050770, c=24, pv=0x4e4eaa4 | out: pv=0x4e4eaa4) returned 24 [0228.896] CreateCompatibleDC (hdc=0x0) returned 0x6601016f [0228.896] GetDIBits (in: hdc=0x6601016f, hbm=0x11050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e63c) returned 1 [0228.896] GetDIBits (in: hdc=0x6601016f, hbm=0x11050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e63c, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e63c) returned 32 [0228.896] GetDIBits (in: hdc=0x6601016f, hbm=0x11050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e214) returned 1 [0228.896] GetDIBits (in: hdc=0x6601016f, hbm=0x20050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e214, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e214) returned 32 [0228.896] WriteFile (in: hFile=0x11e4, lpBuffer=0x4e4e1f4*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1f4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x6, lpOverlapped=0x0) returned 1 [0228.898] WriteFile (in: hFile=0x11e4, lpBuffer=0x4e4e1e4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4e1e4*, lpNumberOfBytesWritten=0x4e4e1dc*=0x10, lpOverlapped=0x0) returned 1 [0228.898] WriteFile (in: hFile=0x11e4, lpBuffer=0x4e4ea64*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x4e4ea64*, lpNumberOfBytesWritten=0x4e4e1dc*=0x28, lpOverlapped=0x0) returned 1 [0228.898] WriteFile (in: hFile=0x11e4, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x1000, lpOverlapped=0x0) returned 1 [0228.899] WriteFile (in: hFile=0x11e4, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e1dc, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e1dc*=0x80, lpOverlapped=0x0) returned 1 [0228.899] DeleteDC (hdc=0x6601016f) returned 1 [0228.899] CloseHandle (hObject=0x11e4) returned 1 [0228.899] DeleteObject (ho=0x11050771) returned 1 [0228.899] DeleteObject (ho=0x20050770) returned 1 [0228.900] DestroyCursor (hCursor=0x260143) returned 1 [0228.900] GetCurrentThreadId () returned 0x6f8 [0228.900] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11e4 [0228.900] GetFileSize (in: hFile=0x11e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x70c1 [0228.905] ReadFile (in: hFile=0x11e4, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x70c1, lpNumberOfBytesRead=0x4e4edc8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4edc8*=0x70c1, lpOverlapped=0x0) returned 1 [0228.905] CloseHandle (hObject=0x11e4) returned 1 [0228.905] GetCurrentThreadId () returned 0x6f8 [0228.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xd11e2d0, dwHighDateTime=0x1d6076d)) [0228.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea28 | out: lpSystemTimeAsFileTime=0x4e4ea28*(dwLowDateTime=0xd11e2d0, dwHighDateTime=0x1d6076d)) [0228.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ea44 | out: lpSystemTimeAsFileTime=0x4e4ea44*(dwLowDateTime=0xd11e2d0, dwHighDateTime=0x1d6076d)) [0228.986] GetCurrentThreadId () returned 0x6f8 [0228.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xd1dc9b0, dwHighDateTime=0x1d6076d)) [0228.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e9f8 | out: lpSystemTimeAsFileTime=0x4e4e9f8*(dwLowDateTime=0xd1dc9b0, dwHighDateTime=0x1d6076d)) [0228.986] GetCurrentThreadId () returned 0x6f8 [0228.986] CreateFileW (lpFileName="UMIK.exe" (normalized: "c:\\windows\\system32\\umik.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.987] CreateFileW (lpFileName="UMIK.exe" (normalized: "c:\\windows\\system32\\umik.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.987] GetCurrentThreadId () returned 0x6f8 [0228.987] GetCurrentThreadId () returned 0x6f8 [0228.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xd1dc9b0, dwHighDateTime=0x1d6076d)) [0228.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eab8 | out: lpSystemTimeAsFileTime=0x4e4eab8*(dwLowDateTime=0xd1dc9b0, dwHighDateTime=0x1d6076d)) [0228.987] CreateFileW (lpFileName="UMIK.exe" (normalized: "c:\\windows\\system32\\umik.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.987] GetCurrentThreadId () returned 0x6f8 [0228.988] BeginUpdateResourceW (pFileName="UMIK.exe" (normalized: "c:\\windows\\system32\\umik.exe"), bDeleteExistingResources=0) returned 0x0 [0228.988] CreateFileW (lpFileName="cwYA.ico" (normalized: "c:\\windows\\system32\\cwya.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11e4 [0228.988] GetFileSize (in: hFile=0x11e4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0228.988] ReadFile (in: hFile=0x11e4, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4eadc, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4eadc*=0x10be, lpOverlapped=0x0) returned 1 [0228.988] CloseHandle (hObject=0x11e4) returned 1 [0228.988] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0228.988] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4eac8, cb=0x14) returned 0 [0228.989] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0228.989] CopyFileW (lpExistingFileName="UMIK.exe" (normalized: "c:\\windows\\system32\\umik.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.exe"), bFailIfExists=0) returned 0 [0228.989] SetNamedSecurityInfoW () returned 0x2 [0228.989] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png")) returned 0 [0228.989] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xca, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4eb20*=0xca, lpOverlapped=0x0) returned 1 [0228.990] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4eb20, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4eb20*=0x4, lpOverlapped=0x0) returned 1 [0228.990] DeleteFileW (lpFileName="cwYA.ico" (normalized: "c:\\windows\\system32\\cwya.ico")) returned 1 [0228.991] DeleteFileW (lpFileName="UMIK.exe" (normalized: "c:\\windows\\system32\\umik.exe")) returned 0 [0228.991] GetCurrentThreadId () returned 0x6f8 [0228.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ead0 | out: lpSystemTimeAsFileTime=0x4e4ead0*(dwLowDateTime=0xd1dc9b0, dwHighDateTime=0x1d6076d)) [0228.991] GetCurrentThreadId () returned 0x6f8 [0228.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd1dc9b0, dwHighDateTime=0x1d6076d)) [0228.991] FindNextFileW (in: hFindFile=0x8034798, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 0 [0228.992] GetCurrentThreadId () returned 0x6f8 [0228.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.992] FindNextFileW (in: hFindFile=0x8034718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 0 [0228.992] GetCurrentThreadId () returned 0x6f8 [0228.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.992] FindNextFileW (in: hFindFile=0x80346d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 1 [0228.992] GetCurrentThreadId () returned 0x6f8 [0228.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.992] GetCurrentThreadId () returned 0x6f8 [0228.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.992] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80347d8 [0228.993] GetCurrentThreadId () returned 0x6f8 [0228.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.993] FindNextFileW (in: hFindFile=0x80347d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.993] GetCurrentThreadId () returned 0x6f8 [0228.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.993] FindNextFileW (in: hFindFile=0x80347d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", cAlternateFileName="{07DEB~1")) returned 1 [0228.993] GetCurrentThreadId () returned 0x6f8 [0228.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.993] GetCurrentThreadId () returned 0x6f8 [0228.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.993] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034818 [0228.993] GetCurrentThreadId () returned 0x6f8 [0228.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.993] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.993] GetCurrentThreadId () returned 0x6f8 [0228.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.993] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0228.993] GetCurrentThreadId () returned 0x6f8 [0228.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.994] GetCurrentThreadId () returned 0x6f8 [0228.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.994] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034858 [0228.994] GetCurrentThreadId () returned 0x6f8 [0228.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.994] FindNextFileW (in: hFindFile=0x8034858, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.994] GetCurrentThreadId () returned 0x6f8 [0228.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.994] FindNextFileW (in: hFindFile=0x8034858, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0228.994] GetCurrentThreadId () returned 0x6f8 [0228.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.994] FindNextFileW (in: hFindFile=0x8034858, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0228.994] GetCurrentThreadId () returned 0x6f8 [0228.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.994] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c7f9e6, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c7f9e6, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0228.994] GetCurrentThreadId () returned 0x6f8 [0228.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.995] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2db04ce, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2db04ce, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x72ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfol.ico", cAlternateFileName="")) returned 1 [0228.995] GetCurrentThreadId () returned 0x6f8 [0228.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.995] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2ca5b43, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2ca5b43, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c10f535, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x14668, dwReserved0=0x0, dwReserved1=0x0, cFileName="pictures.ico", cAlternateFileName="")) returned 1 [0228.995] GetCurrentThreadId () returned 0x6f8 [0228.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.995] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c59889, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c59889, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1cdc0b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0228.995] GetCurrentThreadId () returned 0x6f8 [0228.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.995] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2cf1dfd, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2cf1dfd, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xcaa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ringtones.ico", cAlternateFileName="")) returned 1 [0228.995] GetCurrentThreadId () returned 0x6f8 [0228.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.995] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d17f5a, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d17f5a, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10850, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.ico", cAlternateFileName="")) returned 1 [0228.995] GetCurrentThreadId () returned 0x6f8 [0228.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.995] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d3e0b7, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d3e0b7, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xc04b, dwReserved0=0x0, dwReserved1=0x0, cFileName="sync.ico", cAlternateFileName="")) returned 1 [0228.995] GetCurrentThreadId () returned 0x6f8 [0228.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.995] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c219ec7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x7c219ec7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x3473, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0228.995] GetCurrentThreadId () returned 0x6f8 [0228.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.995] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 1 [0228.996] GetCurrentThreadId () returned 0x6f8 [0228.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.996] FindNextFileW (in: hFindFile=0x8034818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 0 [0228.996] GetCurrentThreadId () returned 0x6f8 [0228.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.996] FindNextFileW (in: hFindFile=0x80347d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 1 [0228.996] GetCurrentThreadId () returned 0x6f8 [0228.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.996] GetCurrentThreadId () returned 0x6f8 [0228.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.996] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034898 [0228.996] GetCurrentThreadId () returned 0x6f8 [0228.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.996] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.996] GetCurrentThreadId () returned 0x6f8 [0228.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.996] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0228.996] GetCurrentThreadId () returned 0x6f8 [0228.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.997] GetCurrentThreadId () returned 0x6f8 [0228.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.997] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80348d8 [0228.997] GetCurrentThreadId () returned 0x6f8 [0228.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.997] FindNextFileW (in: hFindFile=0x80348d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.997] GetCurrentThreadId () returned 0x6f8 [0228.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.997] FindNextFileW (in: hFindFile=0x80348d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0228.997] GetCurrentThreadId () returned 0x6f8 [0228.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.997] FindNextFileW (in: hFindFile=0x80348d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0228.997] GetCurrentThreadId () returned 0x6f8 [0228.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.997] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78a2eab, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0228.997] GetCurrentThreadId () returned 0x6f8 [0228.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.997] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xe3c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_pref.ico", cAlternateFileName="")) returned 1 [0228.998] GetCurrentThreadId () returned 0x6f8 [0228.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.998] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xebb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_property.ico", cAlternateFileName="")) returned 1 [0228.998] GetCurrentThreadId () returned 0x6f8 [0228.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.998] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f112be3, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f112be3, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7be8cbf, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xdff5, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_queue.ico", cAlternateFileName="")) returned 1 [0228.998] GetCurrentThreadId () returned 0x6f8 [0228.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.998] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xec75, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_.ico", cAlternateFileName="")) returned 1 [0228.998] GetCurrentThreadId () returned 0x6f8 [0228.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.998] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10654, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_property.ico", cAlternateFileName="")) returned 1 [0228.998] GetCurrentThreadId () returned 0x6f8 [0228.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.998] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xf8c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_settings.ico", cAlternateFileName="")) returned 1 [0228.998] GetCurrentThreadId () returned 0x6f8 [0228.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.998] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0228.998] GetCurrentThreadId () returned 0x6f8 [0228.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.998] FindNextFileW (in: hFindFile=0x8034898, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 0 [0228.998] GetCurrentThreadId () returned 0x6f8 [0228.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.999] FindNextFileW (in: hFindFile=0x80347d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 0 [0228.999] GetCurrentThreadId () returned 0x6f8 [0228.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.999] FindNextFileW (in: hFindFile=0x80346d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 0 [0228.999] GetCurrentThreadId () returned 0x6f8 [0228.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.999] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0228.999] GetCurrentThreadId () returned 0x6f8 [0228.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.999] GetCurrentThreadId () returned 0x6f8 [0228.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.999] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DeviceSync\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034918 [0228.999] GetCurrentThreadId () returned 0x6f8 [0228.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.999] FindNextFileW (in: hFindFile=0x8034918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.999] GetCurrentThreadId () returned 0x6f8 [0228.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0228.999] FindNextFileW (in: hFindFile=0x8034918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0228.999] GetCurrentThreadId () returned 0x6f8 [0228.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.000] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DRM", cAlternateFileName="")) returned 1 [0229.000] GetCurrentThreadId () returned 0x6f8 [0229.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.000] GetCurrentThreadId () returned 0x6f8 [0229.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.000] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DRM\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034958 [0229.000] GetCurrentThreadId () returned 0x6f8 [0229.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.000] FindNextFileW (in: hFindFile=0x8034958, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.000] GetCurrentThreadId () returned 0x6f8 [0229.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.000] FindNextFileW (in: hFindFile=0x8034958, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 1 [0229.000] GetCurrentThreadId () returned 0x6f8 [0229.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.000] GetCurrentThreadId () returned 0x6f8 [0229.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.000] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034998 [0229.001] GetCurrentThreadId () returned 0x6f8 [0229.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.001] FindNextFileW (in: hFindFile=0x8034998, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.001] GetCurrentThreadId () returned 0x6f8 [0229.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.001] FindNextFileW (in: hFindFile=0x8034998, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0229.001] GetCurrentThreadId () returned 0x6f8 [0229.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.001] FindNextFileW (in: hFindFile=0x8034958, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 0 [0229.001] GetCurrentThreadId () returned 0x6f8 [0229.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.001] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eHome", cAlternateFileName="")) returned 1 [0229.001] GetCurrentThreadId () returned 0x6f8 [0229.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.001] GetCurrentThreadId () returned 0x6f8 [0229.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.001] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\eHome\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80349d8 [0229.001] GetCurrentThreadId () returned 0x6f8 [0229.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.001] FindNextFileW (in: hFindFile=0x80349d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.002] GetCurrentThreadId () returned 0x6f8 [0229.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.002] FindNextFileW (in: hFindFile=0x80349d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 1 [0229.002] GetCurrentThreadId () returned 0x6f8 [0229.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.002] GetCurrentThreadId () returned 0x6f8 [0229.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.002] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034a18 [0229.002] GetCurrentThreadId () returned 0x6f8 [0229.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.002] FindNextFileW (in: hFindFile=0x8034a18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.002] GetCurrentThreadId () returned 0x6f8 [0229.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.002] FindNextFileW (in: hFindFile=0x8034a18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0229.002] GetCurrentThreadId () returned 0x6f8 [0229.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.002] FindNextFileW (in: hFindFile=0x80349d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 0 [0229.002] GetCurrentThreadId () returned 0x6f8 [0229.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.002] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0229.003] GetCurrentThreadId () returned 0x6f8 [0229.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.003] GetCurrentThreadId () returned 0x6f8 [0229.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.003] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034a58 [0229.003] GetCurrentThreadId () returned 0x6f8 [0229.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.003] FindNextFileW (in: hFindFile=0x8034a58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.003] GetCurrentThreadId () returned 0x6f8 [0229.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.003] FindNextFileW (in: hFindFile=0x8034a58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Views", cAlternateFileName="")) returned 1 [0229.003] GetCurrentThreadId () returned 0x6f8 [0229.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.003] GetCurrentThreadId () returned 0x6f8 [0229.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd202b10, dwHighDateTime=0x1d6076d)) [0229.004] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034a98 [0229.007] GetCurrentThreadId () returned 0x6f8 [0229.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.008] FindNextFileW (in: hFindFile=0x8034a98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.008] GetCurrentThreadId () returned 0x6f8 [0229.008] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.008] FindNextFileW (in: hFindFile=0x8034a98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 1 [0229.008] GetCurrentThreadId () returned 0x6f8 [0229.008] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.008] GetCurrentThreadId () returned 0x6f8 [0229.008] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.008] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034ad8 [0229.008] GetCurrentThreadId () returned 0x6f8 [0229.008] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.008] FindNextFileW (in: hFindFile=0x8034ad8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.008] GetCurrentThreadId () returned 0x6f8 [0229.008] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.008] FindNextFileW (in: hFindFile=0x8034ad8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0229.008] GetCurrentThreadId () returned 0x6f8 [0229.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.009] FindNextFileW (in: hFindFile=0x8034a98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 0 [0229.009] GetCurrentThreadId () returned 0x6f8 [0229.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.009] FindNextFileW (in: hFindFile=0x8034a58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Views", cAlternateFileName="")) returned 0 [0229.009] GetCurrentThreadId () returned 0x6f8 [0229.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.009] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0229.009] GetCurrentThreadId () returned 0x6f8 [0229.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.009] GetCurrentThreadId () returned 0x6f8 [0229.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.009] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034b18 [0229.009] GetCurrentThreadId () returned 0x6f8 [0229.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.009] FindNextFileW (in: hFindFile=0x8034b18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.009] GetCurrentThreadId () returned 0x6f8 [0229.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.010] FindNextFileW (in: hFindFile=0x8034b18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd591378b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd591378b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac29de1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3d00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlconfig.dll", cAlternateFileName="PPCRLC~1.DLL")) returned 1 [0229.010] GetCurrentThreadId () returned 0x6f8 [0229.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.010] FindNextFileW (in: hFindFile=0x8034b18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 1 [0229.010] GetCurrentThreadId () returned 0x6f8 [0229.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.010] FindNextFileW (in: hFindFile=0x8034b18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 0 [0229.010] GetCurrentThreadId () returned 0x6f8 [0229.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.010] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0229.010] GetCurrentThreadId () returned 0x6f8 [0229.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.010] GetCurrentThreadId () returned 0x6f8 [0229.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.010] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Media Player\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034b58 [0229.010] GetCurrentThreadId () returned 0x6f8 [0229.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.011] FindNextFileW (in: hFindFile=0x8034b58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.011] GetCurrentThreadId () returned 0x6f8 [0229.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.011] FindNextFileW (in: hFindFile=0x8034b58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0229.011] GetCurrentThreadId () returned 0x6f8 [0229.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.011] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MF", cAlternateFileName="")) returned 1 [0229.011] GetCurrentThreadId () returned 0x6f8 [0229.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.011] GetCurrentThreadId () returned 0x6f8 [0229.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.011] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034b98 [0229.011] GetCurrentThreadId () returned 0x6f8 [0229.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.011] FindNextFileW (in: hFindFile=0x8034b98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.011] GetCurrentThreadId () returned 0x6f8 [0229.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.011] FindNextFileW (in: hFindFile=0x8034b98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Active.GRL", cAlternateFileName="")) returned 1 [0229.012] GetCurrentThreadId () returned 0x6f8 [0229.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.012] FindNextFileW (in: hFindFile=0x8034b98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pending.GRL", cAlternateFileName="")) returned 1 [0229.012] GetCurrentThreadId () returned 0x6f8 [0229.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.012] FindNextFileW (in: hFindFile=0x8034b98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pending.GRL", cAlternateFileName="")) returned 0 [0229.012] GetCurrentThreadId () returned 0x6f8 [0229.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.012] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSDN", cAlternateFileName="")) returned 1 [0229.012] GetCurrentThreadId () returned 0x6f8 [0229.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.012] GetCurrentThreadId () returned 0x6f8 [0229.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.012] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\MSDN\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034bd8 [0229.012] GetCurrentThreadId () returned 0x6f8 [0229.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.012] FindNextFileW (in: hFindFile=0x8034bd8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.012] GetCurrentThreadId () returned 0x6f8 [0229.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.012] FindNextFileW (in: hFindFile=0x8034bd8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8.0", cAlternateFileName="")) returned 1 [0229.013] GetCurrentThreadId () returned 0x6f8 [0229.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.013] GetCurrentThreadId () returned 0x6f8 [0229.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.013] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034c18 [0229.013] GetCurrentThreadId () returned 0x6f8 [0229.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.013] FindNextFileW (in: hFindFile=0x8034c18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.013] GetCurrentThreadId () returned 0x6f8 [0229.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.013] FindNextFileW (in: hFindFile=0x8034c18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0229.013] GetCurrentThreadId () returned 0x6f8 [0229.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.013] FindNextFileW (in: hFindFile=0x8034bd8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8.0", cAlternateFileName="")) returned 0 [0229.013] GetCurrentThreadId () returned 0x6f8 [0229.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.013] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFramework", cAlternateFileName="NETFRA~1")) returned 1 [0229.013] GetCurrentThreadId () returned 0x6f8 [0229.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.014] GetCurrentThreadId () returned 0x6f8 [0229.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.014] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\NetFramework\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034c58 [0229.014] GetCurrentThreadId () returned 0x6f8 [0229.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.014] FindNextFileW (in: hFindFile=0x8034c58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.014] GetCurrentThreadId () returned 0x6f8 [0229.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.014] FindNextFileW (in: hFindFile=0x8034c58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 1 [0229.014] GetCurrentThreadId () returned 0x6f8 [0229.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.014] GetCurrentThreadId () returned 0x6f8 [0229.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.014] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0229.015] GetCurrentThreadId () returned 0x6f8 [0229.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.015] FindNextFileW (in: hFindFile=0x8034c58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 0 [0229.015] GetCurrentThreadId () returned 0x6f8 [0229.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.015] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0229.015] GetCurrentThreadId () returned 0x6f8 [0229.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.015] GetCurrentThreadId () returned 0x6f8 [0229.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.015] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034c98 [0229.015] GetCurrentThreadId () returned 0x6f8 [0229.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.015] FindNextFileW (in: hFindFile=0x8034c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.015] GetCurrentThreadId () returned 0x6f8 [0229.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.015] FindNextFileW (in: hFindFile=0x8034c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0229.015] GetCurrentThreadId () returned 0x6f8 [0229.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.016] GetCurrentThreadId () returned 0x6f8 [0229.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.016] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034cd8 [0229.016] GetCurrentThreadId () returned 0x6f8 [0229.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.016] FindNextFileW (in: hFindFile=0x8034cd8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.016] GetCurrentThreadId () returned 0x6f8 [0229.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.016] FindNextFileW (in: hFindFile=0x8034cd8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0229.016] GetCurrentThreadId () returned 0x6f8 [0229.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.016] FindNextFileW (in: hFindFile=0x8034c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 1 [0229.016] GetCurrentThreadId () returned 0x6f8 [0229.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.016] GetCurrentThreadId () returned 0x6f8 [0229.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.016] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0229.017] GetCurrentThreadId () returned 0x6f8 [0229.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.017] FindNextFileW (in: hFindFile=0x8034c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 0 [0229.017] GetCurrentThreadId () returned 0x6f8 [0229.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.017] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OFFICE", cAlternateFileName="")) returned 1 [0229.017] GetCurrentThreadId () returned 0x6f8 [0229.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.017] GetCurrentThreadId () returned 0x6f8 [0229.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.017] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034d18 [0229.017] GetCurrentThreadId () returned 0x6f8 [0229.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.017] FindNextFileW (in: hFindFile=0x8034d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.017] GetCurrentThreadId () returned 0x6f8 [0229.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.017] FindNextFileW (in: hFindFile=0x8034d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetLibrary.ico", cAlternateFileName="ASSETL~1.ICO")) returned 1 [0229.018] GetCurrentThreadId () returned 0x6f8 [0229.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.018] FindNextFileW (in: hFindFile=0x8034d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="DocumentRepository.ico", cAlternateFileName="DOCUME~1.ICO")) returned 1 [0229.018] GetCurrentThreadId () returned 0x6f8 [0229.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.018] FindNextFileW (in: hFindFile=0x8034d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySharePoints.ico", cAlternateFileName="MYSHAR~1.ICO")) returned 1 [0229.018] GetCurrentThreadId () returned 0x6f8 [0229.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.018] FindNextFileW (in: hFindFile=0x8034d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySite.ico", cAlternateFileName="")) returned 1 [0229.018] GetCurrentThreadId () returned 0x6f8 [0229.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.018] FindNextFileW (in: hFindFile=0x8034d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointPortalSite.ico", cAlternateFileName="SHAREP~1.ICO")) returned 1 [0229.018] GetCurrentThreadId () returned 0x6f8 [0229.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.018] FindNextFileW (in: hFindFile=0x8034d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointTeamSite.ico", cAlternateFileName="SHAREP~2.ICO")) returned 1 [0229.018] GetCurrentThreadId () returned 0x6f8 [0229.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.018] FindNextFileW (in: hFindFile=0x8034d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 1 [0229.018] GetCurrentThreadId () returned 0x6f8 [0229.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.018] GetCurrentThreadId () returned 0x6f8 [0229.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.019] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034d58 [0229.019] GetCurrentThreadId () returned 0x6f8 [0229.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.019] FindNextFileW (in: hFindFile=0x8034d58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.019] GetCurrentThreadId () returned 0x6f8 [0229.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.019] FindNextFileW (in: hFindFile=0x8034d58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1036", cAlternateFileName="")) returned 1 [0229.019] GetCurrentThreadId () returned 0x6f8 [0229.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.019] GetCurrentThreadId () returned 0x6f8 [0229.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.019] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034d98 [0229.020] GetCurrentThreadId () returned 0x6f8 [0229.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.020] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.020] GetCurrentThreadId () returned 0x6f8 [0229.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.020] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0229.020] GetCurrentThreadId () returned 0x6f8 [0229.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.020] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0229.020] GetCurrentThreadId () returned 0x6f8 [0229.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.020] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0229.020] GetCurrentThreadId () returned 0x6f8 [0229.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.020] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x49f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0229.020] GetCurrentThreadId () returned 0x6f8 [0229.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.020] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0229.020] GetCurrentThreadId () returned 0x6f8 [0229.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.021] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x17960, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0229.021] GetCurrentThreadId () returned 0x6f8 [0229.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.021] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2ced60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0229.021] GetCurrentThreadId () returned 0x6f8 [0229.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.021] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa381000, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xaa381000, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0229.021] GetCurrentThreadId () returned 0x6f8 [0229.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.021] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0229.021] GetCurrentThreadId () returned 0x6f8 [0229.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.021] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3fb60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0229.021] GetCurrentThreadId () returned 0x6f8 [0229.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.021] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x37560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0229.021] GetCurrentThreadId () returned 0x6f8 [0229.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.021] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0xa6560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0229.021] GetCurrentThreadId () returned 0x6f8 [0229.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.021] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0229.022] GetCurrentThreadId () returned 0x6f8 [0229.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.022] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0xcd60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0229.022] GetCurrentThreadId () returned 0x6f8 [0229.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.022] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0x45f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0229.022] GetCurrentThreadId () returned 0x6f8 [0229.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.022] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3b09500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa3b09500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a360, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0229.022] GetCurrentThreadId () returned 0x6f8 [0229.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.022] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x8e160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0229.022] GetCurrentThreadId () returned 0x6f8 [0229.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.022] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749d2200, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x749d2200, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x5ab60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0229.022] GetCurrentThreadId () returned 0x6f8 [0229.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.022] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d7a1200, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6d7a1200, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0229.022] GetCurrentThreadId () returned 0x6f8 [0229.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd228c70, dwHighDateTime=0x1d6076d)) [0229.022] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8e7d800, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xc8e7d800, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4160, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0229.022] GetCurrentThreadId () returned 0x6f8 [0229.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.023] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0229.023] GetCurrentThreadId () returned 0x6f8 [0229.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.023] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a315700, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a315700, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x77560, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0229.023] GetCurrentThreadId () returned 0x6f8 [0229.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.023] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x25b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0229.023] GetCurrentThreadId () returned 0x6f8 [0229.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.023] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x115b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0229.023] GetCurrentThreadId () returned 0x6f8 [0229.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.023] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b688100, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6b688100, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x25360, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0229.023] GetCurrentThreadId () returned 0x6f8 [0229.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.023] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a375400, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a375400, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x137960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0229.024] GetCurrentThreadId () returned 0x6f8 [0229.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.024] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0229.024] GetCurrentThreadId () returned 0x6f8 [0229.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.024] FindNextFileW (in: hFindFile=0x8034d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0229.024] GetCurrentThreadId () returned 0x6f8 [0229.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.024] FindNextFileW (in: hFindFile=0x8034d58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 1 [0229.024] GetCurrentThreadId () returned 0x6f8 [0229.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.024] GetCurrentThreadId () returned 0x6f8 [0229.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.024] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034dd8 [0229.024] GetCurrentThreadId () returned 0x6f8 [0229.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.024] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.025] GetCurrentThreadId () returned 0x6f8 [0229.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.025] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0229.025] GetCurrentThreadId () returned 0x6f8 [0229.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.025] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xb960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0229.025] GetCurrentThreadId () returned 0x6f8 [0229.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.025] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x39960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0229.025] GetCurrentThreadId () returned 0x6f8 [0229.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.025] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x47d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0229.025] GetCurrentThreadId () returned 0x6f8 [0229.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.025] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0229.025] GetCurrentThreadId () returned 0x6f8 [0229.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.025] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x248aaf00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x248aaf00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x16f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0229.025] GetCurrentThreadId () returned 0x6f8 [0229.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.026] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x25bbdc00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x25bbdc00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2b2560, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0229.026] GetCurrentThreadId () returned 0x6f8 [0229.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.026] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3564d600, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3564d600, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0229.026] GetCurrentThreadId () returned 0x6f8 [0229.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.026] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63b88300, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63b88300, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0229.026] GetCurrentThreadId () returned 0x6f8 [0229.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.026] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62875600, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x62875600, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0229.026] GetCurrentThreadId () returned 0x6f8 [0229.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.026] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x35960, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0229.026] GetCurrentThreadId () returned 0x6f8 [0229.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.026] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x9f560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0229.026] GetCurrentThreadId () returned 0x6f8 [0229.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.026] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x315ed100, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x315ed100, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0229.026] GetCurrentThreadId () returned 0x6f8 [0229.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.027] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a4a9400, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1a4a9400, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0xd160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0229.027] GetCurrentThreadId () returned 0x6f8 [0229.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.027] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19196700, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x19196700, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0x43560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0229.027] GetCurrentThreadId () returned 0x6f8 [0229.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.027] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0229.027] GetCurrentThreadId () returned 0x6f8 [0229.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.027] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57655500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x57655500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x87f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0229.027] GetCurrentThreadId () returned 0x6f8 [0229.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.027] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2720b500, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2720b500, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x57f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0229.027] GetCurrentThreadId () returned 0x6f8 [0229.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.027] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94d0df00, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x94d0df00, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0229.027] GetCurrentThreadId () returned 0x6f8 [0229.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.027] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca190500, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xca190500, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0229.027] GetCurrentThreadId () returned 0x6f8 [0229.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.028] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0229.028] GetCurrentThreadId () returned 0x6f8 [0229.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.028] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70273800, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x70273800, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x73960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0229.028] GetCurrentThreadId () returned 0x6f8 [0229.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.028] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1789a00, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa1789a00, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x24360, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0229.028] GetCurrentThreadId () returned 0x6f8 [0229.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.028] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2a9c700, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa2a9c700, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x110b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0229.028] GetCurrentThreadId () returned 0x6f8 [0229.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.028] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x23960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0229.028] GetCurrentThreadId () returned 0x6f8 [0229.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.028] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x126760, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0229.028] GetCurrentThreadId () returned 0x6f8 [0229.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.028] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0229.028] GetCurrentThreadId () returned 0x6f8 [0229.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.029] FindNextFileW (in: hFindFile=0x8034dd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0229.029] GetCurrentThreadId () returned 0x6f8 [0229.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.029] FindNextFileW (in: hFindFile=0x8034d58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 0 [0229.029] GetCurrentThreadId () returned 0x6f8 [0229.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.029] FindNextFileW (in: hFindFile=0x8034d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 0 [0229.029] GetCurrentThreadId () returned 0x6f8 [0229.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.029] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0229.029] GetCurrentThreadId () returned 0x6f8 [0229.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.029] GetCurrentThreadId () returned 0x6f8 [0229.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.029] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034e18 [0229.029] GetCurrentThreadId () returned 0x6f8 [0229.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.030] FindNextFileW (in: hFindFile=0x8034e18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.030] GetCurrentThreadId () returned 0x6f8 [0229.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.030] FindNextFileW (in: hFindFile=0x8034e18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0229.030] GetCurrentThreadId () returned 0x6f8 [0229.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.030] GetCurrentThreadId () returned 0x6f8 [0229.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.030] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034e58 [0229.030] GetCurrentThreadId () returned 0x6f8 [0229.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.030] FindNextFileW (in: hFindFile=0x8034e58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.030] GetCurrentThreadId () returned 0x6f8 [0229.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.030] FindNextFileW (in: hFindFile=0x8034e58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 1 [0229.030] GetCurrentThreadId () returned 0x6f8 [0229.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.031] FindNextFileW (in: hFindFile=0x8034e58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 0 [0229.031] GetCurrentThreadId () returned 0x6f8 [0229.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.031] FindNextFileW (in: hFindFile=0x8034e18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 1 [0229.031] GetCurrentThreadId () returned 0x6f8 [0229.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.031] FindNextFileW (in: hFindFile=0x8034e18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 0 [0229.031] GetCurrentThreadId () returned 0x6f8 [0229.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.031] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RAC", cAlternateFileName="")) returned 1 [0229.031] GetCurrentThreadId () returned 0x6f8 [0229.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.031] GetCurrentThreadId () returned 0x6f8 [0229.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.031] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034e98 [0229.031] GetCurrentThreadId () returned 0x6f8 [0229.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.031] FindNextFileW (in: hFindFile=0x8034e98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.031] GetCurrentThreadId () returned 0x6f8 [0229.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.032] FindNextFileW (in: hFindFile=0x8034e98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outbound", cAlternateFileName="")) returned 1 [0229.032] GetCurrentThreadId () returned 0x6f8 [0229.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.032] GetCurrentThreadId () returned 0x6f8 [0229.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.032] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034ed8 [0229.032] GetCurrentThreadId () returned 0x6f8 [0229.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.032] FindNextFileW (in: hFindFile=0x8034ed8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.032] GetCurrentThreadId () returned 0x6f8 [0229.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.032] FindNextFileW (in: hFindFile=0x8034ed8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0229.032] GetCurrentThreadId () returned 0x6f8 [0229.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.032] FindNextFileW (in: hFindFile=0x8034e98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublishedData", cAlternateFileName="PUBLIS~1")) returned 1 [0229.032] GetCurrentThreadId () returned 0x6f8 [0229.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.033] GetCurrentThreadId () returned 0x6f8 [0229.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.033] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034f18 [0229.033] GetCurrentThreadId () returned 0x6f8 [0229.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.033] FindNextFileW (in: hFindFile=0x8034f18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.033] GetCurrentThreadId () returned 0x6f8 [0229.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.033] FindNextFileW (in: hFindFile=0x8034f18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x964d9ea0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 1 [0229.033] GetCurrentThreadId () returned 0x6f8 [0229.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.033] FindNextFileW (in: hFindFile=0x8034f18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x964d9ea0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0229.033] GetCurrentThreadId () returned 0x6f8 [0229.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.033] FindNextFileW (in: hFindFile=0x8034e98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StateData", cAlternateFileName="STATED~1")) returned 1 [0229.033] GetCurrentThreadId () returned 0x6f8 [0229.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.033] GetCurrentThreadId () returned 0x6f8 [0229.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.034] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034f58 [0229.034] GetCurrentThreadId () returned 0x6f8 [0229.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd24edd0, dwHighDateTime=0x1d6076d)) [0229.034] FindNextFileW (in: hFindFile=0x8034f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9648dbe0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x9648dbe0, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.034] FindNextFileW (in: hFindFile=0x8034f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb35800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xecb35800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xbddb7d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacDatabase.sdf", cAlternateFileName="RACDAT~1.SDF")) returned 1 [0229.034] FindNextFileW (in: hFindFile=0x8034f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0229.034] FindNextFileW (in: hFindFile=0x8034f58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0229.034] FindNextFileW (in: hFindFile=0x8034e98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x96715340, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x96715340, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0229.034] FindNextFileW (in: hFindFile=0x8034e98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x96715340, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0x96715340, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0 [0229.034] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0229.034] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8034f98 [0229.035] FindNextFileW (in: hFindFile=0x8034f98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.035] FindNextFileW (in: hFindFile=0x8034f98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0229.035] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0229.035] FindNextFileW (in: hFindFile=0x8034f98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 0 [0229.035] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Account Pictures", cAlternateFileName="USERAC~1")) returned 1 [0229.035] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036018 [0229.035] FindNextFileW (in: hFindFile=0x8036018, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.036] FindNextFileW (in: hFindFile=0x8036018, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29423840, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz.dat", cAlternateFileName="5P5NRG~1.DAT")) returned 1 [0229.036] FindNextFileW (in: hFindFile=0x8036018, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default Pictures", cAlternateFileName="DEFAUL~1")) returned 1 [0229.036] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036058 [0229.036] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.036] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xda0a8861, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile10.bmp", cAlternateFileName="")) returned 1 [0229.037] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp", dwFileAttributes=0x80) returned 0 [0229.037] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.038] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.044] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp", dwFileAttributes=0x20) returned 0 [0229.045] GetCurrentThreadId () returned 0x6f8 [0229.045] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp", piIcon=0x4e4ed50) returned 0x270143 [0229.051] GetIconInfo (in: hIcon=0x270143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0229.051] CreateFileW (lpFileName="cCQw.ico" (normalized: "c:\\windows\\system32\\ccqw.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.052] GetObjectA (in: h=0xb5050763, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0229.052] GetObjectA (in: h=0x6d050776, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0229.052] CreateCompatibleDC (hdc=0x0) returned 0x8701018d [0229.052] GetDIBits (in: hdc=0x8701018d, hbm=0xb5050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0229.052] GetDIBits (in: hdc=0x8701018d, hbm=0xb5050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0229.052] GetDIBits (in: hdc=0x8701018d, hbm=0xb5050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0229.052] GetDIBits (in: hdc=0x8701018d, hbm=0x6d050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0229.052] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0229.053] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0229.053] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0229.053] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0229.053] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0229.054] DeleteDC (hdc=0x8701018d) returned 1 [0229.054] CloseHandle (hObject=0x126c) returned 1 [0229.054] DeleteObject (ho=0xb5050763) returned 1 [0229.054] DeleteObject (ho=0x6d050776) returned 1 [0229.054] DestroyCursor (hCursor=0x270143) returned 1 [0229.054] GetCurrentThreadId () returned 0x6f8 [0229.054] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.054] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.059] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0229.059] CloseHandle (hObject=0x126c) returned 1 [0229.059] GetCurrentThreadId () returned 0x6f8 [0229.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd29b090, dwHighDateTime=0x1d6076d)) [0229.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd29b090, dwHighDateTime=0x1d6076d)) [0229.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xd29b090, dwHighDateTime=0x1d6076d)) [0229.140] GetCurrentThreadId () returned 0x6f8 [0229.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd359770, dwHighDateTime=0x1d6076d)) [0229.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd359770, dwHighDateTime=0x1d6076d)) [0229.140] GetCurrentThreadId () returned 0x6f8 [0229.140] CreateFileW (lpFileName="CAEg.exe" (normalized: "c:\\windows\\system32\\caeg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.141] CreateFileW (lpFileName="CAEg.exe" (normalized: "c:\\windows\\system32\\caeg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.141] GetCurrentThreadId () returned 0x6f8 [0229.141] GetCurrentThreadId () returned 0x6f8 [0229.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd359770, dwHighDateTime=0x1d6076d)) [0229.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd359770, dwHighDateTime=0x1d6076d)) [0229.141] CreateFileW (lpFileName="CAEg.exe" (normalized: "c:\\windows\\system32\\caeg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.141] GetCurrentThreadId () returned 0x6f8 [0229.141] BeginUpdateResourceW (pFileName="CAEg.exe" (normalized: "c:\\windows\\system32\\caeg.exe"), bDeleteExistingResources=0) returned 0x0 [0229.141] CreateFileW (lpFileName="cCQw.ico" (normalized: "c:\\windows\\system32\\ccqw.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0229.142] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0229.142] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0229.142] CloseHandle (hObject=0x126c) returned 1 [0229.142] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0229.142] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0229.142] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0229.142] CopyFileW (lpExistingFileName="CAEg.exe" (normalized: "c:\\windows\\system32\\caeg.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp.exe"), bFailIfExists=0) returned 0 [0229.143] SetNamedSecurityInfoW () returned 0x2 [0229.143] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp")) returned 0 [0229.143] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0229.143] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0229.143] DeleteFileW (lpFileName="cCQw.ico" (normalized: "c:\\windows\\system32\\ccqw.ico")) returned 1 [0229.145] DeleteFileW (lpFileName="CAEg.exe" (normalized: "c:\\windows\\system32\\caeg.exe")) returned 0 [0229.145] GetCurrentThreadId () returned 0x6f8 [0229.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xd359770, dwHighDateTime=0x1d6076d)) [0229.145] GetCurrentThreadId () returned 0x6f8 [0229.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd359770, dwHighDateTime=0x1d6076d)) [0229.145] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb5a2927, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile11.bmp", cAlternateFileName="")) returned 1 [0229.145] GetCurrentThreadId () returned 0x6f8 [0229.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xd359770, dwHighDateTime=0x1d6076d)) [0229.145] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp")) returned 0x20 [0229.146] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp", dwFileAttributes=0x80) returned 0 [0229.146] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.146] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.151] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0229.152] GetCurrentThreadId () returned 0x6f8 [0229.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xd37f8d0, dwHighDateTime=0x1d6076d)) [0229.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xd37f8d0, dwHighDateTime=0x1d6076d)) [0229.152] GetCurrentThreadId () returned 0x6f8 [0229.153] CloseHandle (hObject=0x126c) returned 1 [0229.153] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp", dwFileAttributes=0x20) returned 0 [0229.153] GetCurrentThreadId () returned 0x6f8 [0229.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xd37f8d0, dwHighDateTime=0x1d6076d)) [0229.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xd37f8d0, dwHighDateTime=0x1d6076d)) [0229.153] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp", piIcon=0x4e4ed50) returned 0x280143 [0229.159] GetIconInfo (in: hIcon=0x280143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0229.159] CreateFileW (lpFileName="iiIE.ico" (normalized: "c:\\windows\\system32\\iiie.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.160] GetObjectA (in: h=0x180501fa, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0229.160] GetObjectA (in: h=0x24050770, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0229.160] CreateCompatibleDC (hdc=0x0) returned 0x62010772 [0229.160] GetDIBits (in: hdc=0x62010772, hbm=0x180501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0229.160] GetDIBits (in: hdc=0x62010772, hbm=0x180501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0229.160] GetDIBits (in: hdc=0x62010772, hbm=0x180501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0229.160] GetDIBits (in: hdc=0x62010772, hbm=0x24050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0229.160] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0229.161] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0229.161] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0229.161] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0229.162] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0229.162] DeleteDC (hdc=0x62010772) returned 1 [0229.162] CloseHandle (hObject=0x126c) returned 1 [0229.162] DeleteObject (ho=0x180501fa) returned 1 [0229.162] DeleteObject (ho=0x24050770) returned 1 [0229.162] DestroyCursor (hCursor=0x280143) returned 1 [0229.162] GetCurrentThreadId () returned 0x6f8 [0229.162] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.162] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.167] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0229.168] CloseHandle (hObject=0x126c) returned 1 [0229.168] GetCurrentThreadId () returned 0x6f8 [0229.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd3a5a30, dwHighDateTime=0x1d6076d)) [0229.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd3a5a30, dwHighDateTime=0x1d6076d)) [0229.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xd3a5a30, dwHighDateTime=0x1d6076d)) [0229.300] GetCurrentThreadId () returned 0x6f8 [0229.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd4d6530, dwHighDateTime=0x1d6076d)) [0229.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd4d6530, dwHighDateTime=0x1d6076d)) [0229.300] GetCurrentThreadId () returned 0x6f8 [0229.300] CreateFileW (lpFileName="GQgm.exe" (normalized: "c:\\windows\\system32\\gqgm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.301] CreateFileW (lpFileName="GQgm.exe" (normalized: "c:\\windows\\system32\\gqgm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.301] GetCurrentThreadId () returned 0x6f8 [0229.301] GetCurrentThreadId () returned 0x6f8 [0229.301] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd4d6530, dwHighDateTime=0x1d6076d)) [0229.302] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd4d6530, dwHighDateTime=0x1d6076d)) [0229.302] CreateFileW (lpFileName="GQgm.exe" (normalized: "c:\\windows\\system32\\gqgm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.302] GetCurrentThreadId () returned 0x6f8 [0229.302] BeginUpdateResourceW (pFileName="GQgm.exe" (normalized: "c:\\windows\\system32\\gqgm.exe"), bDeleteExistingResources=0) returned 0x0 [0229.302] CreateFileW (lpFileName="iiIE.ico" (normalized: "c:\\windows\\system32\\iiie.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0229.302] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0229.303] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0229.303] CloseHandle (hObject=0x126c) returned 1 [0229.303] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0229.303] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0229.303] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0229.303] CopyFileW (lpExistingFileName="GQgm.exe" (normalized: "c:\\windows\\system32\\gqgm.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp.exe"), bFailIfExists=0) returned 0 [0229.304] SetNamedSecurityInfoW () returned 0x2 [0229.304] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp")) returned 0 [0229.304] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0229.304] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0229.304] DeleteFileW (lpFileName="iiIE.ico" (normalized: "c:\\windows\\system32\\iiie.ico")) returned 1 [0229.305] DeleteFileW (lpFileName="GQgm.exe" (normalized: "c:\\windows\\system32\\gqgm.exe")) returned 0 [0229.306] GetCurrentThreadId () returned 0x6f8 [0229.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xd4fc690, dwHighDateTime=0x1d6076d)) [0229.306] GetCurrentThreadId () returned 0x6f8 [0229.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd4fc690, dwHighDateTime=0x1d6076d)) [0229.306] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2755d1, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2755d1, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb6d3417, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile12.bmp", cAlternateFileName="")) returned 1 [0229.306] GetCurrentThreadId () returned 0x6f8 [0229.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xd4fc690, dwHighDateTime=0x1d6076d)) [0229.306] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp")) returned 0x20 [0229.306] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp", dwFileAttributes=0x80) returned 0 [0229.306] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.306] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.312] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0229.313] GetCurrentThreadId () returned 0x6f8 [0229.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xd4fc690, dwHighDateTime=0x1d6076d)) [0229.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xd4fc690, dwHighDateTime=0x1d6076d)) [0229.313] GetCurrentThreadId () returned 0x6f8 [0229.314] CloseHandle (hObject=0x126c) returned 1 [0229.314] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp", dwFileAttributes=0x20) returned 0 [0229.314] GetCurrentThreadId () returned 0x6f8 [0229.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xd4fc690, dwHighDateTime=0x1d6076d)) [0229.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xd4fc690, dwHighDateTime=0x1d6076d)) [0229.314] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp", piIcon=0x4e4ed50) returned 0x290143 [0229.322] GetIconInfo (in: hIcon=0x290143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0229.322] CreateFileW (lpFileName="yaQc.ico" (normalized: "c:\\windows\\system32\\yaqc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.323] GetObjectA (in: h=0xcb0501fb, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0229.323] GetObjectA (in: h=0xb9050763, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0229.323] CreateCompatibleDC (hdc=0x0) returned 0x8c01018d [0229.323] GetDIBits (in: hdc=0x8c01018d, hbm=0xcb0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0229.323] GetDIBits (in: hdc=0x8c01018d, hbm=0xcb0501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0229.323] GetDIBits (in: hdc=0x8c01018d, hbm=0xcb0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0229.323] GetDIBits (in: hdc=0x8c01018d, hbm=0xb9050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0229.323] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0229.324] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0229.325] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0229.325] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0229.325] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0229.325] DeleteDC (hdc=0x8c01018d) returned 1 [0229.325] CloseHandle (hObject=0x126c) returned 1 [0229.326] DeleteObject (ho=0xcb0501fb) returned 1 [0229.326] DeleteObject (ho=0xb9050763) returned 1 [0229.326] DestroyCursor (hCursor=0x290143) returned 1 [0229.326] GetCurrentThreadId () returned 0x6f8 [0229.326] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.326] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.332] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0229.332] CloseHandle (hObject=0x126c) returned 1 [0229.332] GetCurrentThreadId () returned 0x6f8 [0229.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd5227f0, dwHighDateTime=0x1d6076d)) [0229.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd5227f0, dwHighDateTime=0x1d6076d)) [0229.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xd5227f0, dwHighDateTime=0x1d6076d)) [0229.448] GetCurrentThreadId () returned 0x6f8 [0229.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd6532f0, dwHighDateTime=0x1d6076d)) [0229.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd6532f0, dwHighDateTime=0x1d6076d)) [0229.448] GetCurrentThreadId () returned 0x6f8 [0229.448] CreateFileW (lpFileName="yMMg.exe" (normalized: "c:\\windows\\system32\\ymmg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.449] CreateFileW (lpFileName="yMMg.exe" (normalized: "c:\\windows\\system32\\ymmg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.449] GetCurrentThreadId () returned 0x6f8 [0229.449] GetCurrentThreadId () returned 0x6f8 [0229.449] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd6532f0, dwHighDateTime=0x1d6076d)) [0229.449] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd6532f0, dwHighDateTime=0x1d6076d)) [0229.449] CreateFileW (lpFileName="yMMg.exe" (normalized: "c:\\windows\\system32\\ymmg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.449] GetCurrentThreadId () returned 0x6f8 [0229.450] BeginUpdateResourceW (pFileName="yMMg.exe" (normalized: "c:\\windows\\system32\\ymmg.exe"), bDeleteExistingResources=0) returned 0x0 [0229.450] CreateFileW (lpFileName="yaQc.ico" (normalized: "c:\\windows\\system32\\yaqc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0229.450] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0229.450] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0229.450] CloseHandle (hObject=0x126c) returned 1 [0229.450] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0229.450] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0229.451] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0229.451] CopyFileW (lpExistingFileName="yMMg.exe" (normalized: "c:\\windows\\system32\\ymmg.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp.exe"), bFailIfExists=0) returned 0 [0229.451] SetNamedSecurityInfoW () returned 0x2 [0229.451] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp")) returned 0 [0229.451] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0229.452] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0229.452] DeleteFileW (lpFileName="yaQc.ico" (normalized: "c:\\windows\\system32\\yaqc.ico")) returned 1 [0229.456] DeleteFileW (lpFileName="yMMg.exe" (normalized: "c:\\windows\\system32\\ymmg.exe")) returned 0 [0229.456] GetCurrentThreadId () returned 0x6f8 [0229.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xd6532f0, dwHighDateTime=0x1d6076d)) [0229.456] GetCurrentThreadId () returned 0x6f8 [0229.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd6532f0, dwHighDateTime=0x1d6076d)) [0229.456] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae29b72e, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae29b72e, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb76b98f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xbeb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile13.bmp", cAlternateFileName="")) returned 1 [0229.456] GetCurrentThreadId () returned 0x6f8 [0229.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xd6532f0, dwHighDateTime=0x1d6076d)) [0229.456] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp")) returned 0x20 [0229.457] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp", dwFileAttributes=0x80) returned 0 [0229.457] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.457] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbeb8 [0229.462] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbeb8, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xbeb8, lpOverlapped=0x0) returned 1 [0229.464] GetCurrentThreadId () returned 0x6f8 [0229.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xd679450, dwHighDateTime=0x1d6076d)) [0229.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xd679450, dwHighDateTime=0x1d6076d)) [0229.464] GetCurrentThreadId () returned 0x6f8 [0229.464] CloseHandle (hObject=0x126c) returned 1 [0229.464] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp", dwFileAttributes=0x20) returned 0 [0229.464] GetCurrentThreadId () returned 0x6f8 [0229.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xd679450, dwHighDateTime=0x1d6076d)) [0229.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xd679450, dwHighDateTime=0x1d6076d)) [0229.464] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp", piIcon=0x4e4ed50) returned 0x2a0143 [0229.470] GetIconInfo (in: hIcon=0x2a0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0229.470] CreateFileW (lpFileName="qoIM.ico" (normalized: "c:\\windows\\system32\\qoim.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.470] GetObjectA (in: h=0x74050776, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0229.470] GetObjectA (in: h=0x1c0501fa, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0229.470] CreateCompatibleDC (hdc=0x0) returned 0x67010772 [0229.470] GetDIBits (in: hdc=0x67010772, hbm=0x74050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0229.470] GetDIBits (in: hdc=0x67010772, hbm=0x74050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0229.470] GetDIBits (in: hdc=0x67010772, hbm=0x74050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0229.471] GetDIBits (in: hdc=0x67010772, hbm=0x1c0501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0229.471] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0229.472] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0229.472] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0229.472] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0229.472] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0229.472] DeleteDC (hdc=0x67010772) returned 1 [0229.472] CloseHandle (hObject=0x126c) returned 1 [0229.472] DeleteObject (ho=0x74050776) returned 1 [0229.473] DeleteObject (ho=0x1c0501fa) returned 1 [0229.473] DestroyCursor (hCursor=0x2a0143) returned 1 [0229.473] GetCurrentThreadId () returned 0x6f8 [0229.473] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.473] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbeb8 [0229.478] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbeb8, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xbeb8, lpOverlapped=0x0) returned 1 [0229.478] CloseHandle (hObject=0x126c) returned 1 [0229.478] GetCurrentThreadId () returned 0x6f8 [0229.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd69f5b0, dwHighDateTime=0x1d6076d)) [0229.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd69f5b0, dwHighDateTime=0x1d6076d)) [0229.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xd69f5b0, dwHighDateTime=0x1d6076d)) [0229.573] GetCurrentThreadId () returned 0x6f8 [0229.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd783df0, dwHighDateTime=0x1d6076d)) [0229.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd783df0, dwHighDateTime=0x1d6076d)) [0229.573] GetCurrentThreadId () returned 0x6f8 [0229.573] CreateFileW (lpFileName="ckQg.exe" (normalized: "c:\\windows\\system32\\ckqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.574] CreateFileW (lpFileName="ckQg.exe" (normalized: "c:\\windows\\system32\\ckqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.574] GetCurrentThreadId () returned 0x6f8 [0229.574] GetCurrentThreadId () returned 0x6f8 [0229.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd783df0, dwHighDateTime=0x1d6076d)) [0229.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd783df0, dwHighDateTime=0x1d6076d)) [0229.574] CreateFileW (lpFileName="ckQg.exe" (normalized: "c:\\windows\\system32\\ckqg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.574] GetCurrentThreadId () returned 0x6f8 [0229.574] BeginUpdateResourceW (pFileName="ckQg.exe" (normalized: "c:\\windows\\system32\\ckqg.exe"), bDeleteExistingResources=0) returned 0x0 [0229.574] CreateFileW (lpFileName="qoIM.ico" (normalized: "c:\\windows\\system32\\qoim.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0229.575] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0229.575] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0229.576] CloseHandle (hObject=0x126c) returned 1 [0229.576] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0229.576] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0229.576] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0229.576] CopyFileW (lpExistingFileName="ckQg.exe" (normalized: "c:\\windows\\system32\\ckqg.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp.exe"), bFailIfExists=0) returned 0 [0229.576] SetNamedSecurityInfoW () returned 0x2 [0229.577] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp")) returned 0 [0229.577] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0229.577] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0229.577] DeleteFileW (lpFileName="qoIM.ico" (normalized: "c:\\windows\\system32\\qoim.ico")) returned 1 [0229.578] DeleteFileW (lpFileName="ckQg.exe" (normalized: "c:\\windows\\system32\\ckqg.exe")) returned 0 [0229.578] GetCurrentThreadId () returned 0x6f8 [0229.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xd783df0, dwHighDateTime=0x1d6076d)) [0229.578] GetCurrentThreadId () returned 0x6f8 [0229.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd783df0, dwHighDateTime=0x1d6076d)) [0229.578] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb82a065, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile14.bmp", cAlternateFileName="")) returned 1 [0229.579] GetCurrentThreadId () returned 0x6f8 [0229.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xd783df0, dwHighDateTime=0x1d6076d)) [0229.579] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp")) returned 0x20 [0229.579] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp", dwFileAttributes=0x80) returned 0 [0229.579] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.579] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.584] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0229.585] GetCurrentThreadId () returned 0x6f8 [0229.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xd7a9f50, dwHighDateTime=0x1d6076d)) [0229.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xd7a9f50, dwHighDateTime=0x1d6076d)) [0229.585] GetCurrentThreadId () returned 0x6f8 [0229.586] CloseHandle (hObject=0x126c) returned 1 [0229.586] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp", dwFileAttributes=0x20) returned 0 [0229.586] GetCurrentThreadId () returned 0x6f8 [0229.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xd7a9f50, dwHighDateTime=0x1d6076d)) [0229.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xd7a9f50, dwHighDateTime=0x1d6076d)) [0229.586] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp", piIcon=0x4e4ed50) returned 0x2b0143 [0229.591] GetIconInfo (in: hIcon=0x2b0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0229.591] CreateFileW (lpFileName="Wksw.ico" (normalized: "c:\\windows\\system32\\wksw.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.592] GetObjectA (in: h=0x2b050770, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0229.592] GetObjectA (in: h=0xcf0501fb, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0229.592] CreateCompatibleDC (hdc=0x0) returned 0x9101018d [0229.592] GetDIBits (in: hdc=0x9101018d, hbm=0x2b050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0229.592] GetDIBits (in: hdc=0x9101018d, hbm=0x2b050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0229.592] GetDIBits (in: hdc=0x9101018d, hbm=0x2b050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0229.592] GetDIBits (in: hdc=0x9101018d, hbm=0xcf0501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0229.592] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0229.594] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0229.594] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0229.594] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0229.594] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0229.594] DeleteDC (hdc=0x9101018d) returned 1 [0229.594] CloseHandle (hObject=0x126c) returned 1 [0229.595] DeleteObject (ho=0x2b050770) returned 1 [0229.595] DeleteObject (ho=0xcf0501fb) returned 1 [0229.595] DestroyCursor (hCursor=0x2b0143) returned 1 [0229.595] GetCurrentThreadId () returned 0x6f8 [0229.595] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.595] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.600] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0229.601] CloseHandle (hObject=0x126c) returned 1 [0229.601] GetCurrentThreadId () returned 0x6f8 [0229.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd7d00b0, dwHighDateTime=0x1d6076d)) [0229.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd7d00b0, dwHighDateTime=0x1d6076d)) [0229.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xd7d00b0, dwHighDateTime=0x1d6076d)) [0229.697] GetCurrentThreadId () returned 0x6f8 [0229.697] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd8b48f0, dwHighDateTime=0x1d6076d)) [0229.697] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd8b48f0, dwHighDateTime=0x1d6076d)) [0229.697] GetCurrentThreadId () returned 0x6f8 [0229.697] CreateFileW (lpFileName="cIcg.exe" (normalized: "c:\\windows\\system32\\cicg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.713] CreateFileW (lpFileName="cIcg.exe" (normalized: "c:\\windows\\system32\\cicg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.713] GetCurrentThreadId () returned 0x6f8 [0229.713] GetCurrentThreadId () returned 0x6f8 [0229.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd8daa50, dwHighDateTime=0x1d6076d)) [0229.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd8daa50, dwHighDateTime=0x1d6076d)) [0229.713] CreateFileW (lpFileName="cIcg.exe" (normalized: "c:\\windows\\system32\\cicg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.713] GetCurrentThreadId () returned 0x6f8 [0229.713] BeginUpdateResourceW (pFileName="cIcg.exe" (normalized: "c:\\windows\\system32\\cicg.exe"), bDeleteExistingResources=0) returned 0x0 [0229.714] CreateFileW (lpFileName="Wksw.ico" (normalized: "c:\\windows\\system32\\wksw.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0229.714] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0229.714] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0229.714] CloseHandle (hObject=0x126c) returned 1 [0229.714] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0229.714] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0229.714] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0229.714] CopyFileW (lpExistingFileName="cIcg.exe" (normalized: "c:\\windows\\system32\\cicg.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp.exe"), bFailIfExists=0) returned 0 [0229.715] SetNamedSecurityInfoW () returned 0x2 [0229.715] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp")) returned 0 [0229.715] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0229.715] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0229.715] DeleteFileW (lpFileName="Wksw.ico" (normalized: "c:\\windows\\system32\\wksw.ico")) returned 1 [0229.717] DeleteFileW (lpFileName="cIcg.exe" (normalized: "c:\\windows\\system32\\cicg.exe")) returned 0 [0229.717] GetCurrentThreadId () returned 0x6f8 [0229.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xd8daa50, dwHighDateTime=0x1d6076d)) [0229.717] GetCurrentThreadId () returned 0x6f8 [0229.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xd8daa50, dwHighDateTime=0x1d6076d)) [0229.717] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdbb95fd7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile15.bmp", cAlternateFileName="")) returned 1 [0229.717] GetCurrentThreadId () returned 0x6f8 [0229.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xd8daa50, dwHighDateTime=0x1d6076d)) [0229.717] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp")) returned 0x20 [0229.718] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp", dwFileAttributes=0x80) returned 0 [0229.718] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.718] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.722] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0229.724] GetCurrentThreadId () returned 0x6f8 [0229.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xd8daa50, dwHighDateTime=0x1d6076d)) [0229.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xd8daa50, dwHighDateTime=0x1d6076d)) [0229.724] GetCurrentThreadId () returned 0x6f8 [0229.724] CloseHandle (hObject=0x126c) returned 1 [0229.724] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp", dwFileAttributes=0x20) returned 0 [0229.724] GetCurrentThreadId () returned 0x6f8 [0229.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xd8daa50, dwHighDateTime=0x1d6076d)) [0229.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xd8daa50, dwHighDateTime=0x1d6076d)) [0229.724] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp", piIcon=0x4e4ed50) returned 0x2c0143 [0229.731] GetIconInfo (in: hIcon=0x2c0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0229.731] CreateFileW (lpFileName="GAIc.ico" (normalized: "c:\\windows\\system32\\gaic.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.731] GetObjectA (in: h=0xc0050763, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0229.731] GetObjectA (in: h=0x78050776, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0229.731] CreateCompatibleDC (hdc=0x0) returned 0x6c010772 [0229.732] GetDIBits (in: hdc=0x6c010772, hbm=0xc0050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0229.732] GetDIBits (in: hdc=0x6c010772, hbm=0xc0050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0229.732] GetDIBits (in: hdc=0x6c010772, hbm=0xc0050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0229.732] GetDIBits (in: hdc=0x6c010772, hbm=0x78050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0229.732] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0229.733] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0229.733] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0229.733] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0229.733] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0229.734] DeleteDC (hdc=0x6c010772) returned 1 [0229.734] CloseHandle (hObject=0x126c) returned 1 [0229.734] DeleteObject (ho=0xc0050763) returned 1 [0229.734] DeleteObject (ho=0x78050776) returned 1 [0229.734] DestroyCursor (hCursor=0x2c0143) returned 1 [0229.734] GetCurrentThreadId () returned 0x6f8 [0229.734] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.734] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.739] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0229.739] CloseHandle (hObject=0x126c) returned 1 [0229.739] GetCurrentThreadId () returned 0x6f8 [0229.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd900bb0, dwHighDateTime=0x1d6076d)) [0229.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xd900bb0, dwHighDateTime=0x1d6076d)) [0229.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xd900bb0, dwHighDateTime=0x1d6076d)) [0229.828] GetCurrentThreadId () returned 0x6f8 [0229.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd9e53f0, dwHighDateTime=0x1d6076d)) [0229.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xd9e53f0, dwHighDateTime=0x1d6076d)) [0229.828] GetCurrentThreadId () returned 0x6f8 [0229.828] CreateFileW (lpFileName="AgQE.exe" (normalized: "c:\\windows\\system32\\agqe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.829] CreateFileW (lpFileName="AgQE.exe" (normalized: "c:\\windows\\system32\\agqe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.829] GetCurrentThreadId () returned 0x6f8 [0229.829] GetCurrentThreadId () returned 0x6f8 [0229.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd9e53f0, dwHighDateTime=0x1d6076d)) [0229.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xd9e53f0, dwHighDateTime=0x1d6076d)) [0229.829] CreateFileW (lpFileName="AgQE.exe" (normalized: "c:\\windows\\system32\\agqe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0229.829] GetCurrentThreadId () returned 0x6f8 [0229.829] BeginUpdateResourceW (pFileName="AgQE.exe" (normalized: "c:\\windows\\system32\\agqe.exe"), bDeleteExistingResources=0) returned 0x0 [0229.829] CreateFileW (lpFileName="GAIc.ico" (normalized: "c:\\windows\\system32\\gaic.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0229.829] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0229.830] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0229.830] CloseHandle (hObject=0x126c) returned 1 [0229.830] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0229.830] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0229.830] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0229.830] CopyFileW (lpExistingFileName="AgQE.exe" (normalized: "c:\\windows\\system32\\agqe.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp.exe"), bFailIfExists=0) returned 0 [0229.830] SetNamedSecurityInfoW () returned 0x2 [0229.831] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp")) returned 0 [0229.831] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0229.831] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0229.831] DeleteFileW (lpFileName="GAIc.ico" (normalized: "c:\\windows\\system32\\gaic.ico")) returned 1 [0229.834] DeleteFileW (lpFileName="AgQE.exe" (normalized: "c:\\windows\\system32\\agqe.exe")) returned 0 [0229.834] GetCurrentThreadId () returned 0x6f8 [0229.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xda0b550, dwHighDateTime=0x1d6076d)) [0229.834] GetCurrentThreadId () returned 0x6f8 [0229.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xda0b550, dwHighDateTime=0x1d6076d)) [0229.834] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae30db45, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae30db45, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdca9c9ed, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile16.bmp", cAlternateFileName="")) returned 1 [0229.834] GetCurrentThreadId () returned 0x6f8 [0229.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xda0b550, dwHighDateTime=0x1d6076d)) [0229.835] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp")) returned 0x20 [0229.835] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp", dwFileAttributes=0x80) returned 0 [0229.835] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.835] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.840] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0229.841] GetCurrentThreadId () returned 0x6f8 [0229.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xda0b550, dwHighDateTime=0x1d6076d)) [0229.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xda0b550, dwHighDateTime=0x1d6076d)) [0229.842] GetCurrentThreadId () returned 0x6f8 [0229.842] CloseHandle (hObject=0x126c) returned 1 [0229.842] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp", dwFileAttributes=0x20) returned 0 [0229.842] GetCurrentThreadId () returned 0x6f8 [0229.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xda0b550, dwHighDateTime=0x1d6076d)) [0229.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xda0b550, dwHighDateTime=0x1d6076d)) [0229.842] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp", piIcon=0x4e4ed50) returned 0x2d0143 [0229.848] GetIconInfo (in: hIcon=0x2d0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0229.848] CreateFileW (lpFileName="gyoU.ico" (normalized: "c:\\windows\\system32\\gyou.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.849] GetObjectA (in: h=0x230501fa, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0229.849] GetObjectA (in: h=0x2f050770, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0229.849] CreateCompatibleDC (hdc=0x0) returned 0x9601018d [0229.849] GetDIBits (in: hdc=0x9601018d, hbm=0x230501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0229.849] GetDIBits (in: hdc=0x9601018d, hbm=0x230501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0229.849] GetDIBits (in: hdc=0x9601018d, hbm=0x230501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0229.849] GetDIBits (in: hdc=0x9601018d, hbm=0x2f050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0229.849] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0229.850] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0229.851] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0229.851] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0229.851] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0229.851] DeleteDC (hdc=0x9601018d) returned 1 [0229.851] CloseHandle (hObject=0x126c) returned 1 [0229.851] DeleteObject (ho=0x230501fa) returned 1 [0229.851] DeleteObject (ho=0x2f050770) returned 1 [0229.851] DestroyCursor (hCursor=0x2d0143) returned 1 [0229.851] GetCurrentThreadId () returned 0x6f8 [0229.852] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0229.852] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0229.856] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0229.857] CloseHandle (hObject=0x126c) returned 1 [0229.857] GetCurrentThreadId () returned 0x6f8 [0229.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xda316b0, dwHighDateTime=0x1d6076d)) [0229.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xda316b0, dwHighDateTime=0x1d6076d)) [0229.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xda316b0, dwHighDateTime=0x1d6076d)) [0230.012] GetCurrentThreadId () returned 0x6f8 [0230.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xdbae470, dwHighDateTime=0x1d6076d)) [0230.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xdbae470, dwHighDateTime=0x1d6076d)) [0230.012] GetCurrentThreadId () returned 0x6f8 [0230.013] CreateFileW (lpFileName="sUsU.exe" (normalized: "c:\\windows\\system32\\susu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.013] CreateFileW (lpFileName="sUsU.exe" (normalized: "c:\\windows\\system32\\susu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.014] GetCurrentThreadId () returned 0x6f8 [0230.014] GetCurrentThreadId () returned 0x6f8 [0230.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xdbae470, dwHighDateTime=0x1d6076d)) [0230.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xdbae470, dwHighDateTime=0x1d6076d)) [0230.014] CreateFileW (lpFileName="sUsU.exe" (normalized: "c:\\windows\\system32\\susu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.014] GetCurrentThreadId () returned 0x6f8 [0230.014] BeginUpdateResourceW (pFileName="sUsU.exe" (normalized: "c:\\windows\\system32\\susu.exe"), bDeleteExistingResources=0) returned 0x0 [0230.014] CreateFileW (lpFileName="gyoU.ico" (normalized: "c:\\windows\\system32\\gyou.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0230.014] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0230.015] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0230.015] CloseHandle (hObject=0x126c) returned 1 [0230.015] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0230.015] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0230.015] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0230.015] CopyFileW (lpExistingFileName="sUsU.exe" (normalized: "c:\\windows\\system32\\susu.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp.exe"), bFailIfExists=0) returned 0 [0230.015] SetNamedSecurityInfoW () returned 0x2 [0230.016] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp")) returned 0 [0230.016] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0230.016] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0230.016] DeleteFileW (lpFileName="gyoU.ico" (normalized: "c:\\windows\\system32\\gyou.ico")) returned 1 [0230.018] DeleteFileW (lpFileName="sUsU.exe" (normalized: "c:\\windows\\system32\\susu.exe")) returned 0 [0230.018] GetCurrentThreadId () returned 0x6f8 [0230.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xdbae470, dwHighDateTime=0x1d6076d)) [0230.018] GetCurrentThreadId () returned 0x6f8 [0230.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xdbae470, dwHighDateTime=0x1d6076d)) [0230.018] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc3f8f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile17.bmp", cAlternateFileName="")) returned 1 [0230.018] GetCurrentThreadId () returned 0x6f8 [0230.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xdbae470, dwHighDateTime=0x1d6076d)) [0230.018] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp")) returned 0x20 [0230.018] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp", dwFileAttributes=0x80) returned 0 [0230.018] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.019] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.024] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0230.025] GetCurrentThreadId () returned 0x6f8 [0230.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xdbd45d0, dwHighDateTime=0x1d6076d)) [0230.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xdbd45d0, dwHighDateTime=0x1d6076d)) [0230.025] GetCurrentThreadId () returned 0x6f8 [0230.026] CloseHandle (hObject=0x126c) returned 1 [0230.026] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp", dwFileAttributes=0x20) returned 0 [0230.026] GetCurrentThreadId () returned 0x6f8 [0230.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xdbd45d0, dwHighDateTime=0x1d6076d)) [0230.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xdbd45d0, dwHighDateTime=0x1d6076d)) [0230.026] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp", piIcon=0x4e4ed50) returned 0x2e0143 [0230.033] GetIconInfo (in: hIcon=0x2e0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0230.033] CreateFileW (lpFileName="OWQo.ico" (normalized: "c:\\windows\\system32\\owqo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.034] GetObjectA (in: h=0xd60501fb, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0230.034] GetObjectA (in: h=0xc4050763, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0230.034] CreateCompatibleDC (hdc=0x0) returned 0x71010772 [0230.034] GetDIBits (in: hdc=0x71010772, hbm=0xd60501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0230.034] GetDIBits (in: hdc=0x71010772, hbm=0xd60501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0230.034] GetDIBits (in: hdc=0x71010772, hbm=0xd60501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0230.034] GetDIBits (in: hdc=0x71010772, hbm=0xc4050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0230.034] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0230.035] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0230.035] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0230.036] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0230.036] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0230.036] DeleteDC (hdc=0x71010772) returned 1 [0230.036] CloseHandle (hObject=0x126c) returned 1 [0230.036] DeleteObject (ho=0xd60501fb) returned 1 [0230.036] DeleteObject (ho=0xc4050763) returned 1 [0230.036] DestroyCursor (hCursor=0x2e0143) returned 1 [0230.037] GetCurrentThreadId () returned 0x6f8 [0230.037] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.037] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.044] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0230.044] CloseHandle (hObject=0x126c) returned 1 [0230.044] GetCurrentThreadId () returned 0x6f8 [0230.044] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xdbfa730, dwHighDateTime=0x1d6076d)) [0230.044] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xdbfa730, dwHighDateTime=0x1d6076d)) [0230.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xdbfa730, dwHighDateTime=0x1d6076d)) [0230.226] GetCurrentThreadId () returned 0x6f8 [0230.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.226] GetCurrentThreadId () returned 0x6f8 [0230.226] CreateFileW (lpFileName="yMQO.exe" (normalized: "c:\\windows\\system32\\ymqo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.227] CreateFileW (lpFileName="yMQO.exe" (normalized: "c:\\windows\\system32\\ymqo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.227] GetCurrentThreadId () returned 0x6f8 [0230.227] GetCurrentThreadId () returned 0x6f8 [0230.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.228] CreateFileW (lpFileName="yMQO.exe" (normalized: "c:\\windows\\system32\\ymqo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.228] GetCurrentThreadId () returned 0x6f8 [0230.228] BeginUpdateResourceW (pFileName="yMQO.exe" (normalized: "c:\\windows\\system32\\ymqo.exe"), bDeleteExistingResources=0) returned 0x0 [0230.228] CreateFileW (lpFileName="OWQo.ico" (normalized: "c:\\windows\\system32\\owqo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0230.228] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0230.228] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0230.229] CloseHandle (hObject=0x126c) returned 1 [0230.229] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0230.229] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0230.229] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0230.229] CopyFileW (lpExistingFileName="yMQO.exe" (normalized: "c:\\windows\\system32\\ymqo.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp.exe"), bFailIfExists=0) returned 0 [0230.229] SetNamedSecurityInfoW () returned 0x2 [0230.229] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp")) returned 0 [0230.230] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0230.230] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0230.230] DeleteFileW (lpFileName="OWQo.ico" (normalized: "c:\\windows\\system32\\owqo.ico")) returned 1 [0230.231] DeleteFileW (lpFileName="yMQO.exe" (normalized: "c:\\windows\\system32\\ymqo.exe")) returned 0 [0230.232] GetCurrentThreadId () returned 0x6f8 [0230.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.232] GetCurrentThreadId () returned 0x6f8 [0230.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.232] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc65a55, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile18.bmp", cAlternateFileName="")) returned 1 [0230.232] GetCurrentThreadId () returned 0x6f8 [0230.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.232] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp")) returned 0x20 [0230.232] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp", dwFileAttributes=0x80) returned 0 [0230.232] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.233] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.238] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0230.239] GetCurrentThreadId () returned 0x6f8 [0230.239] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.240] GetCurrentThreadId () returned 0x6f8 [0230.240] CloseHandle (hObject=0x126c) returned 1 [0230.240] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp", dwFileAttributes=0x20) returned 0 [0230.240] GetCurrentThreadId () returned 0x6f8 [0230.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.241] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp", piIcon=0x4e4ed50) returned 0x2f0143 [0230.247] GetIconInfo (in: hIcon=0x2f0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0230.248] CreateFileW (lpFileName="qKMQ.ico" (normalized: "c:\\windows\\system32\\qkmq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.249] GetObjectA (in: h=0x7f050776, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0230.249] GetObjectA (in: h=0x270501fa, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0230.249] CreateCompatibleDC (hdc=0x0) returned 0x9b01018d [0230.249] GetDIBits (in: hdc=0x9b01018d, hbm=0x7f050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0230.249] GetDIBits (in: hdc=0x9b01018d, hbm=0x7f050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0230.249] GetDIBits (in: hdc=0x9b01018d, hbm=0x7f050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0230.249] GetDIBits (in: hdc=0x9b01018d, hbm=0x270501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0230.249] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0230.250] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0230.251] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0230.251] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0230.251] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0230.251] DeleteDC (hdc=0x9b01018d) returned 1 [0230.251] CloseHandle (hObject=0x126c) returned 1 [0230.252] DeleteObject (ho=0x7f050776) returned 1 [0230.252] DeleteObject (ho=0x270501fa) returned 1 [0230.252] DestroyCursor (hCursor=0x2f0143) returned 1 [0230.252] GetCurrentThreadId () returned 0x6f8 [0230.252] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.252] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.258] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0230.258] CloseHandle (hObject=0x126c) returned 1 [0230.258] GetCurrentThreadId () returned 0x6f8 [0230.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xddc37b0, dwHighDateTime=0x1d6076d)) [0230.381] GetCurrentThreadId () returned 0x6f8 [0230.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xdf1a410, dwHighDateTime=0x1d6076d)) [0230.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xdf1a410, dwHighDateTime=0x1d6076d)) [0230.381] GetCurrentThreadId () returned 0x6f8 [0230.381] CreateFileW (lpFileName="kQgG.exe" (normalized: "c:\\windows\\system32\\kqgg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.382] CreateFileW (lpFileName="kQgG.exe" (normalized: "c:\\windows\\system32\\kqgg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.382] GetCurrentThreadId () returned 0x6f8 [0230.382] GetCurrentThreadId () returned 0x6f8 [0230.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xdf1a410, dwHighDateTime=0x1d6076d)) [0230.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xdf1a410, dwHighDateTime=0x1d6076d)) [0230.382] CreateFileW (lpFileName="kQgG.exe" (normalized: "c:\\windows\\system32\\kqgg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.383] GetCurrentThreadId () returned 0x6f8 [0230.383] BeginUpdateResourceW (pFileName="kQgG.exe" (normalized: "c:\\windows\\system32\\kqgg.exe"), bDeleteExistingResources=0) returned 0x0 [0230.383] CreateFileW (lpFileName="qKMQ.ico" (normalized: "c:\\windows\\system32\\qkmq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0230.383] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0230.383] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0230.384] CloseHandle (hObject=0x126c) returned 1 [0230.384] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0230.384] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0230.384] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0230.384] CopyFileW (lpExistingFileName="kQgG.exe" (normalized: "c:\\windows\\system32\\kqgg.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp.exe"), bFailIfExists=0) returned 0 [0230.384] SetNamedSecurityInfoW () returned 0x2 [0230.385] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp")) returned 0 [0230.385] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0230.385] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0230.385] DeleteFileW (lpFileName="qKMQ.ico" (normalized: "c:\\windows\\system32\\qkmq.ico")) returned 1 [0230.387] DeleteFileW (lpFileName="kQgG.exe" (normalized: "c:\\windows\\system32\\kqgg.exe")) returned 0 [0230.387] GetCurrentThreadId () returned 0x6f8 [0230.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xdf1a410, dwHighDateTime=0x1d6076d)) [0230.387] GetCurrentThreadId () returned 0x6f8 [0230.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xdf1a410, dwHighDateTime=0x1d6076d)) [0230.387] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae359dff, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae359dff, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc8bbb3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile19.bmp", cAlternateFileName="")) returned 1 [0230.387] GetCurrentThreadId () returned 0x6f8 [0230.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xdf1a410, dwHighDateTime=0x1d6076d)) [0230.387] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp")) returned 0x20 [0230.387] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp", dwFileAttributes=0x80) returned 0 [0230.388] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.388] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.393] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0230.394] GetCurrentThreadId () returned 0x6f8 [0230.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xdf1a410, dwHighDateTime=0x1d6076d)) [0230.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xdf1a410, dwHighDateTime=0x1d6076d)) [0230.395] GetCurrentThreadId () returned 0x6f8 [0230.395] CloseHandle (hObject=0x126c) returned 1 [0230.395] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp", dwFileAttributes=0x20) returned 0 [0230.395] GetCurrentThreadId () returned 0x6f8 [0230.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xdf40570, dwHighDateTime=0x1d6076d)) [0230.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xdf40570, dwHighDateTime=0x1d6076d)) [0230.395] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp", piIcon=0x4e4ed50) returned 0x300143 [0230.402] GetIconInfo (in: hIcon=0x300143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0230.402] CreateFileW (lpFileName="AmYQ.ico" (normalized: "c:\\windows\\system32\\amyq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.404] GetObjectA (in: h=0x36050770, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0230.404] GetObjectA (in: h=0xda0501fb, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0230.404] CreateCompatibleDC (hdc=0x0) returned 0x76010772 [0230.404] GetDIBits (in: hdc=0x76010772, hbm=0x36050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0230.404] GetDIBits (in: hdc=0x76010772, hbm=0x36050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0230.404] GetDIBits (in: hdc=0x76010772, hbm=0x36050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0230.404] GetDIBits (in: hdc=0x76010772, hbm=0xda0501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0230.404] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0230.406] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0230.406] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0230.406] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0230.406] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0230.406] DeleteDC (hdc=0x76010772) returned 1 [0230.406] CloseHandle (hObject=0x126c) returned 1 [0230.407] DeleteObject (ho=0x36050770) returned 1 [0230.407] DeleteObject (ho=0xda0501fb) returned 1 [0230.407] DestroyCursor (hCursor=0x300143) returned 1 [0230.407] GetCurrentThreadId () returned 0x6f8 [0230.407] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.407] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.413] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0230.413] CloseHandle (hObject=0x126c) returned 1 [0230.413] GetCurrentThreadId () returned 0x6f8 [0230.413] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xdf666d0, dwHighDateTime=0x1d6076d)) [0230.413] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xdf666d0, dwHighDateTime=0x1d6076d)) [0230.413] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xdf666d0, dwHighDateTime=0x1d6076d)) [0230.488] GetCurrentThreadId () returned 0x6f8 [0230.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xdffec50, dwHighDateTime=0x1d6076d)) [0230.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xdffec50, dwHighDateTime=0x1d6076d)) [0230.488] GetCurrentThreadId () returned 0x6f8 [0230.488] CreateFileW (lpFileName="aMMy.exe" (normalized: "c:\\windows\\system32\\ammy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.494] CreateFileW (lpFileName="aMMy.exe" (normalized: "c:\\windows\\system32\\ammy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.494] GetCurrentThreadId () returned 0x6f8 [0230.494] GetCurrentThreadId () returned 0x6f8 [0230.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe024db0, dwHighDateTime=0x1d6076d)) [0230.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe024db0, dwHighDateTime=0x1d6076d)) [0230.494] CreateFileW (lpFileName="aMMy.exe" (normalized: "c:\\windows\\system32\\ammy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.494] GetCurrentThreadId () returned 0x6f8 [0230.494] BeginUpdateResourceW (pFileName="aMMy.exe" (normalized: "c:\\windows\\system32\\ammy.exe"), bDeleteExistingResources=0) returned 0x0 [0230.494] CreateFileW (lpFileName="AmYQ.ico" (normalized: "c:\\windows\\system32\\amyq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0230.495] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0230.495] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0230.495] CloseHandle (hObject=0x126c) returned 1 [0230.495] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0230.495] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0230.495] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0230.496] CopyFileW (lpExistingFileName="aMMy.exe" (normalized: "c:\\windows\\system32\\ammy.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp.exe"), bFailIfExists=0) returned 0 [0230.496] SetNamedSecurityInfoW () returned 0x2 [0230.496] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp")) returned 0 [0230.496] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0230.496] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0230.497] DeleteFileW (lpFileName="AmYQ.ico" (normalized: "c:\\windows\\system32\\amyq.ico")) returned 1 [0230.498] DeleteFileW (lpFileName="aMMy.exe" (normalized: "c:\\windows\\system32\\ammy.exe")) returned 0 [0230.498] GetCurrentThreadId () returned 0x6f8 [0230.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xe024db0, dwHighDateTime=0x1d6076d)) [0230.498] GetCurrentThreadId () returned 0x6f8 [0230.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xe024db0, dwHighDateTime=0x1d6076d)) [0230.498] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae37ff5c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae37ff5c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdccb1d11, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile20.bmp", cAlternateFileName="")) returned 1 [0230.498] GetCurrentThreadId () returned 0x6f8 [0230.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xe024db0, dwHighDateTime=0x1d6076d)) [0230.499] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp")) returned 0x20 [0230.499] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp", dwFileAttributes=0x80) returned 0 [0230.499] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.499] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.504] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0230.506] GetCurrentThreadId () returned 0x6f8 [0230.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe04af10, dwHighDateTime=0x1d6076d)) [0230.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe04af10, dwHighDateTime=0x1d6076d)) [0230.506] GetCurrentThreadId () returned 0x6f8 [0230.506] CloseHandle (hObject=0x126c) returned 1 [0230.506] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp", dwFileAttributes=0x20) returned 0 [0230.506] GetCurrentThreadId () returned 0x6f8 [0230.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe04af10, dwHighDateTime=0x1d6076d)) [0230.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe04af10, dwHighDateTime=0x1d6076d)) [0230.507] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp", piIcon=0x4e4ed50) returned 0x310143 [0230.513] GetIconInfo (in: hIcon=0x310143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0230.513] CreateFileW (lpFileName="wOoo.ico" (normalized: "c:\\windows\\system32\\wooo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.517] GetObjectA (in: h=0xcb050763, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0230.517] GetObjectA (in: h=0x83050776, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0230.517] CreateCompatibleDC (hdc=0x0) returned 0xa001018d [0230.517] GetDIBits (in: hdc=0xa001018d, hbm=0xcb050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0230.517] GetDIBits (in: hdc=0xa001018d, hbm=0xcb050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0230.517] GetDIBits (in: hdc=0xa001018d, hbm=0xcb050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0230.518] GetDIBits (in: hdc=0xa001018d, hbm=0x83050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0230.518] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0230.519] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0230.519] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0230.519] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0230.519] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0230.520] DeleteDC (hdc=0xa001018d) returned 1 [0230.520] CloseHandle (hObject=0x126c) returned 1 [0230.520] DeleteObject (ho=0xcb050763) returned 1 [0230.520] DeleteObject (ho=0x83050776) returned 1 [0230.520] DestroyCursor (hCursor=0x310143) returned 1 [0230.520] GetCurrentThreadId () returned 0x6f8 [0230.520] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.520] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.526] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0230.526] CloseHandle (hObject=0x126c) returned 1 [0230.526] GetCurrentThreadId () returned 0x6f8 [0230.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe071070, dwHighDateTime=0x1d6076d)) [0230.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe071070, dwHighDateTime=0x1d6076d)) [0230.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xe071070, dwHighDateTime=0x1d6076d)) [0230.625] GetCurrentThreadId () returned 0x6f8 [0230.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe1558b0, dwHighDateTime=0x1d6076d)) [0230.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe1558b0, dwHighDateTime=0x1d6076d)) [0230.625] GetCurrentThreadId () returned 0x6f8 [0230.625] CreateFileW (lpFileName="YUQW.exe" (normalized: "c:\\windows\\system32\\yuqw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.626] CreateFileW (lpFileName="YUQW.exe" (normalized: "c:\\windows\\system32\\yuqw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.626] GetCurrentThreadId () returned 0x6f8 [0230.626] GetCurrentThreadId () returned 0x6f8 [0230.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe1558b0, dwHighDateTime=0x1d6076d)) [0230.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe1558b0, dwHighDateTime=0x1d6076d)) [0230.626] CreateFileW (lpFileName="YUQW.exe" (normalized: "c:\\windows\\system32\\yuqw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.627] GetCurrentThreadId () returned 0x6f8 [0230.627] BeginUpdateResourceW (pFileName="YUQW.exe" (normalized: "c:\\windows\\system32\\yuqw.exe"), bDeleteExistingResources=0) returned 0x0 [0230.627] CreateFileW (lpFileName="wOoo.ico" (normalized: "c:\\windows\\system32\\wooo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0230.627] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0230.627] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0230.627] CloseHandle (hObject=0x126c) returned 1 [0230.628] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0230.628] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0230.628] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0230.628] CopyFileW (lpExistingFileName="YUQW.exe" (normalized: "c:\\windows\\system32\\yuqw.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp.exe"), bFailIfExists=0) returned 0 [0230.628] SetNamedSecurityInfoW () returned 0x2 [0230.628] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp")) returned 0 [0230.629] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0230.629] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0230.629] DeleteFileW (lpFileName="wOoo.ico" (normalized: "c:\\windows\\system32\\wooo.ico")) returned 1 [0230.631] DeleteFileW (lpFileName="YUQW.exe" (normalized: "c:\\windows\\system32\\yuqw.exe")) returned 0 [0230.631] GetCurrentThreadId () returned 0x6f8 [0230.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xe17ba10, dwHighDateTime=0x1d6076d)) [0230.631] GetCurrentThreadId () returned 0x6f8 [0230.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xe17ba10, dwHighDateTime=0x1d6076d)) [0230.631] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd069f3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile21.bmp", cAlternateFileName="")) returned 1 [0230.631] GetCurrentThreadId () returned 0x6f8 [0230.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xe17ba10, dwHighDateTime=0x1d6076d)) [0230.631] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp")) returned 0x20 [0230.631] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp", dwFileAttributes=0x80) returned 0 [0230.631] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.632] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.637] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0230.638] GetCurrentThreadId () returned 0x6f8 [0230.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe17ba10, dwHighDateTime=0x1d6076d)) [0230.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe17ba10, dwHighDateTime=0x1d6076d)) [0230.638] GetCurrentThreadId () returned 0x6f8 [0230.638] CloseHandle (hObject=0x126c) returned 1 [0230.639] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp", dwFileAttributes=0x20) returned 0 [0230.639] GetCurrentThreadId () returned 0x6f8 [0230.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe17ba10, dwHighDateTime=0x1d6076d)) [0230.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe17ba10, dwHighDateTime=0x1d6076d)) [0230.639] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp", piIcon=0x4e4ed50) returned 0x320143 [0230.646] GetIconInfo (in: hIcon=0x320143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0230.646] CreateFileW (lpFileName="EacY.ico" (normalized: "c:\\windows\\system32\\eacy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.647] GetObjectA (in: h=0x2e0501fa, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0230.647] GetObjectA (in: h=0x3a050770, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0230.647] CreateCompatibleDC (hdc=0x0) returned 0x7b010772 [0230.647] GetDIBits (in: hdc=0x7b010772, hbm=0x2e0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0230.647] GetDIBits (in: hdc=0x7b010772, hbm=0x2e0501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0230.647] GetDIBits (in: hdc=0x7b010772, hbm=0x2e0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0230.647] GetDIBits (in: hdc=0x7b010772, hbm=0x3a050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0230.647] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0230.648] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0230.648] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0230.649] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0230.649] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0230.649] DeleteDC (hdc=0x7b010772) returned 1 [0230.649] CloseHandle (hObject=0x126c) returned 1 [0230.649] DeleteObject (ho=0x2e0501fa) returned 1 [0230.649] DeleteObject (ho=0x3a050770) returned 1 [0230.649] DestroyCursor (hCursor=0x320143) returned 1 [0230.649] GetCurrentThreadId () returned 0x6f8 [0230.650] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.650] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.655] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0230.655] CloseHandle (hObject=0x126c) returned 1 [0230.655] GetCurrentThreadId () returned 0x6f8 [0230.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe1a1b70, dwHighDateTime=0x1d6076d)) [0230.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe1a1b70, dwHighDateTime=0x1d6076d)) [0230.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xe1a1b70, dwHighDateTime=0x1d6076d)) [0230.805] GetCurrentThreadId () returned 0x6f8 [0230.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe31e930, dwHighDateTime=0x1d6076d)) [0230.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe31e930, dwHighDateTime=0x1d6076d)) [0230.805] GetCurrentThreadId () returned 0x6f8 [0230.805] CreateFileW (lpFileName="oYUS.exe" (normalized: "c:\\windows\\system32\\oyus.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.806] CreateFileW (lpFileName="oYUS.exe" (normalized: "c:\\windows\\system32\\oyus.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.806] GetCurrentThreadId () returned 0x6f8 [0230.806] GetCurrentThreadId () returned 0x6f8 [0230.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe31e930, dwHighDateTime=0x1d6076d)) [0230.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe31e930, dwHighDateTime=0x1d6076d)) [0230.806] CreateFileW (lpFileName="oYUS.exe" (normalized: "c:\\windows\\system32\\oyus.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.807] GetCurrentThreadId () returned 0x6f8 [0230.807] BeginUpdateResourceW (pFileName="oYUS.exe" (normalized: "c:\\windows\\system32\\oyus.exe"), bDeleteExistingResources=0) returned 0x0 [0230.807] CreateFileW (lpFileName="EacY.ico" (normalized: "c:\\windows\\system32\\eacy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0230.807] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0230.807] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0230.808] CloseHandle (hObject=0x126c) returned 1 [0230.808] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0230.808] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0230.808] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0230.808] CopyFileW (lpExistingFileName="oYUS.exe" (normalized: "c:\\windows\\system32\\oyus.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp.exe"), bFailIfExists=0) returned 0 [0230.808] SetNamedSecurityInfoW () returned 0x2 [0230.809] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp")) returned 0 [0230.809] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0230.809] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0230.809] DeleteFileW (lpFileName="EacY.ico" (normalized: "c:\\windows\\system32\\eacy.ico")) returned 1 [0230.811] DeleteFileW (lpFileName="oYUS.exe" (normalized: "c:\\windows\\system32\\oyus.exe")) returned 0 [0230.811] GetCurrentThreadId () returned 0x6f8 [0230.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xe31e930, dwHighDateTime=0x1d6076d)) [0230.811] GetCurrentThreadId () returned 0x6f8 [0230.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xe31e930, dwHighDateTime=0x1d6076d)) [0230.811] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd09009d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile22.bmp", cAlternateFileName="")) returned 1 [0230.811] GetCurrentThreadId () returned 0x6f8 [0230.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xe31e930, dwHighDateTime=0x1d6076d)) [0230.811] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp")) returned 0x20 [0230.811] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp", dwFileAttributes=0x80) returned 0 [0230.812] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.812] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.817] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0230.819] GetCurrentThreadId () returned 0x6f8 [0230.819] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe344a90, dwHighDateTime=0x1d6076d)) [0230.819] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe344a90, dwHighDateTime=0x1d6076d)) [0230.819] GetCurrentThreadId () returned 0x6f8 [0230.819] CloseHandle (hObject=0x126c) returned 1 [0230.819] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp", dwFileAttributes=0x20) returned 0 [0230.820] GetCurrentThreadId () returned 0x6f8 [0230.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe344a90, dwHighDateTime=0x1d6076d)) [0230.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe344a90, dwHighDateTime=0x1d6076d)) [0230.820] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp", piIcon=0x4e4ed50) returned 0x330143 [0230.827] GetIconInfo (in: hIcon=0x330143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0230.827] CreateFileW (lpFileName="cWwk.ico" (normalized: "c:\\windows\\system32\\cwwk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.828] GetObjectA (in: h=0xe10501fb, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0230.828] GetObjectA (in: h=0xcf050763, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0230.828] CreateCompatibleDC (hdc=0x0) returned 0xa501018d [0230.828] GetDIBits (in: hdc=0xa501018d, hbm=0xe10501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0230.828] GetDIBits (in: hdc=0xa501018d, hbm=0xe10501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0230.828] GetDIBits (in: hdc=0xa501018d, hbm=0xe10501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0230.828] GetDIBits (in: hdc=0xa501018d, hbm=0xcf050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0230.828] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0230.829] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0230.829] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0230.830] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0230.830] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0230.830] DeleteDC (hdc=0xa501018d) returned 1 [0230.830] CloseHandle (hObject=0x126c) returned 1 [0230.830] DeleteObject (ho=0xe10501fb) returned 1 [0230.830] DeleteObject (ho=0xcf050763) returned 1 [0230.830] DestroyCursor (hCursor=0x330143) returned 1 [0230.830] GetCurrentThreadId () returned 0x6f8 [0230.831] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.831] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.837] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0230.838] CloseHandle (hObject=0x126c) returned 1 [0230.838] GetCurrentThreadId () returned 0x6f8 [0230.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe36abf0, dwHighDateTime=0x1d6076d)) [0230.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe36abf0, dwHighDateTime=0x1d6076d)) [0230.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xe36abf0, dwHighDateTime=0x1d6076d)) [0230.935] GetCurrentThreadId () returned 0x6f8 [0230.935] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe44f430, dwHighDateTime=0x1d6076d)) [0230.935] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe44f430, dwHighDateTime=0x1d6076d)) [0230.935] GetCurrentThreadId () returned 0x6f8 [0230.935] CreateFileW (lpFileName="cIga.exe" (normalized: "c:\\windows\\system32\\ciga.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.936] CreateFileW (lpFileName="cIga.exe" (normalized: "c:\\windows\\system32\\ciga.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.936] GetCurrentThreadId () returned 0x6f8 [0230.936] GetCurrentThreadId () returned 0x6f8 [0230.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe44f430, dwHighDateTime=0x1d6076d)) [0230.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe44f430, dwHighDateTime=0x1d6076d)) [0230.936] CreateFileW (lpFileName="cIga.exe" (normalized: "c:\\windows\\system32\\ciga.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0230.937] GetCurrentThreadId () returned 0x6f8 [0230.937] BeginUpdateResourceW (pFileName="cIga.exe" (normalized: "c:\\windows\\system32\\ciga.exe"), bDeleteExistingResources=0) returned 0x0 [0230.937] CreateFileW (lpFileName="cWwk.ico" (normalized: "c:\\windows\\system32\\cwwk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0230.937] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0230.937] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0230.937] CloseHandle (hObject=0x126c) returned 1 [0230.938] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0230.938] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0230.938] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0230.938] CopyFileW (lpExistingFileName="cIga.exe" (normalized: "c:\\windows\\system32\\ciga.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp.exe"), bFailIfExists=0) returned 0 [0230.938] SetNamedSecurityInfoW () returned 0x2 [0230.938] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp")) returned 0 [0230.939] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0230.939] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0230.939] DeleteFileW (lpFileName="cWwk.ico" (normalized: "c:\\windows\\system32\\cwwk.ico")) returned 1 [0230.940] DeleteFileW (lpFileName="cIga.exe" (normalized: "c:\\windows\\system32\\ciga.exe")) returned 0 [0230.940] GetCurrentThreadId () returned 0x6f8 [0230.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xe44f430, dwHighDateTime=0x1d6076d)) [0230.940] GetCurrentThreadId () returned 0x6f8 [0230.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xe44f430, dwHighDateTime=0x1d6076d)) [0230.940] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3cc216, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3cc216, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd0b61fb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile23.bmp", cAlternateFileName="")) returned 1 [0230.941] GetCurrentThreadId () returned 0x6f8 [0230.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xe44f430, dwHighDateTime=0x1d6076d)) [0230.941] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp")) returned 0x20 [0230.941] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp", dwFileAttributes=0x80) returned 0 [0230.941] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.941] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.946] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0230.948] GetCurrentThreadId () returned 0x6f8 [0230.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe475590, dwHighDateTime=0x1d6076d)) [0230.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe475590, dwHighDateTime=0x1d6076d)) [0230.948] GetCurrentThreadId () returned 0x6f8 [0230.948] CloseHandle (hObject=0x126c) returned 1 [0230.948] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp", dwFileAttributes=0x20) returned 0 [0230.949] GetCurrentThreadId () returned 0x6f8 [0230.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe475590, dwHighDateTime=0x1d6076d)) [0230.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe475590, dwHighDateTime=0x1d6076d)) [0230.949] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp", piIcon=0x4e4ed50) returned 0x340143 [0230.956] GetIconInfo (in: hIcon=0x340143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0230.956] CreateFileW (lpFileName="SwQY.ico" (normalized: "c:\\windows\\system32\\swqy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.957] GetObjectA (in: h=0x8a050776, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0230.957] GetObjectA (in: h=0x320501fa, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0230.957] CreateCompatibleDC (hdc=0x0) returned 0x80010772 [0230.958] GetDIBits (in: hdc=0x80010772, hbm=0x8a050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0230.958] GetDIBits (in: hdc=0x80010772, hbm=0x8a050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0230.958] GetDIBits (in: hdc=0x80010772, hbm=0x8a050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0230.958] GetDIBits (in: hdc=0x80010772, hbm=0x320501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0230.958] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0230.961] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0230.961] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0230.961] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0230.961] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0230.962] DeleteDC (hdc=0x80010772) returned 1 [0230.962] CloseHandle (hObject=0x126c) returned 1 [0230.962] DeleteObject (ho=0x8a050776) returned 1 [0230.962] DeleteObject (ho=0x320501fa) returned 1 [0230.962] DestroyCursor (hCursor=0x340143) returned 1 [0230.962] GetCurrentThreadId () returned 0x6f8 [0230.962] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0230.962] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0230.968] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0230.968] CloseHandle (hObject=0x126c) returned 1 [0230.968] GetCurrentThreadId () returned 0x6f8 [0230.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe49b6f0, dwHighDateTime=0x1d6076d)) [0230.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe49b6f0, dwHighDateTime=0x1d6076d)) [0230.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xe49b6f0, dwHighDateTime=0x1d6076d)) [0231.050] GetCurrentThreadId () returned 0x6f8 [0231.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe559dd0, dwHighDateTime=0x1d6076d)) [0231.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe559dd0, dwHighDateTime=0x1d6076d)) [0231.050] GetCurrentThreadId () returned 0x6f8 [0231.050] CreateFileW (lpFileName="YssA.exe" (normalized: "c:\\windows\\system32\\yssa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.051] CreateFileW (lpFileName="YssA.exe" (normalized: "c:\\windows\\system32\\yssa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.051] GetCurrentThreadId () returned 0x6f8 [0231.051] GetCurrentThreadId () returned 0x6f8 [0231.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe57ff30, dwHighDateTime=0x1d6076d)) [0231.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe57ff30, dwHighDateTime=0x1d6076d)) [0231.052] CreateFileW (lpFileName="YssA.exe" (normalized: "c:\\windows\\system32\\yssa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.052] GetCurrentThreadId () returned 0x6f8 [0231.052] BeginUpdateResourceW (pFileName="YssA.exe" (normalized: "c:\\windows\\system32\\yssa.exe"), bDeleteExistingResources=0) returned 0x0 [0231.052] CreateFileW (lpFileName="SwQY.ico" (normalized: "c:\\windows\\system32\\swqy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0231.052] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0231.052] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0231.052] CloseHandle (hObject=0x126c) returned 1 [0231.053] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0231.053] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0231.053] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0231.053] CopyFileW (lpExistingFileName="YssA.exe" (normalized: "c:\\windows\\system32\\yssa.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp.exe"), bFailIfExists=0) returned 0 [0231.053] SetNamedSecurityInfoW () returned 0x2 [0231.053] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp")) returned 0 [0231.053] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0231.054] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0231.054] DeleteFileW (lpFileName="SwQY.ico" (normalized: "c:\\windows\\system32\\swqy.ico")) returned 1 [0231.055] DeleteFileW (lpFileName="YssA.exe" (normalized: "c:\\windows\\system32\\yssa.exe")) returned 0 [0231.055] GetCurrentThreadId () returned 0x6f8 [0231.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xe57ff30, dwHighDateTime=0x1d6076d)) [0231.056] GetCurrentThreadId () returned 0x6f8 [0231.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xe57ff30, dwHighDateTime=0x1d6076d)) [0231.056] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd232fa7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile24.bmp", cAlternateFileName="")) returned 1 [0231.056] GetCurrentThreadId () returned 0x6f8 [0231.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xe57ff30, dwHighDateTime=0x1d6076d)) [0231.056] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp")) returned 0x20 [0231.056] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp", dwFileAttributes=0x80) returned 0 [0231.056] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.056] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.062] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0231.064] GetCurrentThreadId () returned 0x6f8 [0231.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe57ff30, dwHighDateTime=0x1d6076d)) [0231.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe57ff30, dwHighDateTime=0x1d6076d)) [0231.064] GetCurrentThreadId () returned 0x6f8 [0231.064] CloseHandle (hObject=0x126c) returned 1 [0231.064] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp", dwFileAttributes=0x20) returned 0 [0231.065] GetCurrentThreadId () returned 0x6f8 [0231.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe57ff30, dwHighDateTime=0x1d6076d)) [0231.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe57ff30, dwHighDateTime=0x1d6076d)) [0231.065] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp", piIcon=0x4e4ed50) returned 0x350143 [0231.072] GetIconInfo (in: hIcon=0x350143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0231.072] CreateFileW (lpFileName="KYIM.ico" (normalized: "c:\\windows\\system32\\kyim.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.072] GetObjectA (in: h=0x41050770, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0231.073] GetObjectA (in: h=0xe50501fb, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0231.073] CreateCompatibleDC (hdc=0x0) returned 0xaa01018d [0231.073] GetDIBits (in: hdc=0xaa01018d, hbm=0x41050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0231.073] GetDIBits (in: hdc=0xaa01018d, hbm=0x41050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0231.073] GetDIBits (in: hdc=0xaa01018d, hbm=0x41050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0231.073] GetDIBits (in: hdc=0xaa01018d, hbm=0xe50501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0231.073] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0231.074] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0231.074] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0231.075] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0231.075] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0231.075] DeleteDC (hdc=0xaa01018d) returned 1 [0231.075] CloseHandle (hObject=0x126c) returned 1 [0231.075] DeleteObject (ho=0x41050770) returned 1 [0231.075] DeleteObject (ho=0xe50501fb) returned 1 [0231.075] DestroyCursor (hCursor=0x350143) returned 1 [0231.075] GetCurrentThreadId () returned 0x6f8 [0231.075] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.076] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.081] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0231.081] CloseHandle (hObject=0x126c) returned 1 [0231.081] GetCurrentThreadId () returned 0x6f8 [0231.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe5a6090, dwHighDateTime=0x1d6076d)) [0231.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe5a6090, dwHighDateTime=0x1d6076d)) [0231.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xe5a6090, dwHighDateTime=0x1d6076d)) [0231.198] GetCurrentThreadId () returned 0x6f8 [0231.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe6d6b90, dwHighDateTime=0x1d6076d)) [0231.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe6d6b90, dwHighDateTime=0x1d6076d)) [0231.199] GetCurrentThreadId () returned 0x6f8 [0231.199] CreateFileW (lpFileName="UYEQ.exe" (normalized: "c:\\windows\\system32\\uyeq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.199] CreateFileW (lpFileName="UYEQ.exe" (normalized: "c:\\windows\\system32\\uyeq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.200] GetCurrentThreadId () returned 0x6f8 [0231.200] GetCurrentThreadId () returned 0x6f8 [0231.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe6d6b90, dwHighDateTime=0x1d6076d)) [0231.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe6d6b90, dwHighDateTime=0x1d6076d)) [0231.200] CreateFileW (lpFileName="UYEQ.exe" (normalized: "c:\\windows\\system32\\uyeq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.200] GetCurrentThreadId () returned 0x6f8 [0231.200] BeginUpdateResourceW (pFileName="UYEQ.exe" (normalized: "c:\\windows\\system32\\uyeq.exe"), bDeleteExistingResources=0) returned 0x0 [0231.200] CreateFileW (lpFileName="KYIM.ico" (normalized: "c:\\windows\\system32\\kyim.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0231.201] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0231.201] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0231.201] CloseHandle (hObject=0x126c) returned 1 [0231.201] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0231.201] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0231.201] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0231.201] CopyFileW (lpExistingFileName="UYEQ.exe" (normalized: "c:\\windows\\system32\\uyeq.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp.exe"), bFailIfExists=0) returned 0 [0231.202] SetNamedSecurityInfoW () returned 0x2 [0231.202] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp")) returned 0 [0231.202] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0231.202] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0231.203] DeleteFileW (lpFileName="KYIM.ico" (normalized: "c:\\windows\\system32\\kyim.ico")) returned 1 [0231.204] DeleteFileW (lpFileName="UYEQ.exe" (normalized: "c:\\windows\\system32\\uyeq.exe")) returned 0 [0231.204] GetCurrentThreadId () returned 0x6f8 [0231.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xe6d6b90, dwHighDateTime=0x1d6076d)) [0231.204] GetCurrentThreadId () returned 0x6f8 [0231.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xe6d6b90, dwHighDateTime=0x1d6076d)) [0231.204] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd259105, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile25.bmp", cAlternateFileName="")) returned 1 [0231.205] GetCurrentThreadId () returned 0x6f8 [0231.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xe6d6b90, dwHighDateTime=0x1d6076d)) [0231.205] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp")) returned 0x20 [0231.205] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp", dwFileAttributes=0x80) returned 0 [0231.205] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.205] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.210] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0231.212] GetCurrentThreadId () returned 0x6f8 [0231.212] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe6fccf0, dwHighDateTime=0x1d6076d)) [0231.212] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe6fccf0, dwHighDateTime=0x1d6076d)) [0231.212] GetCurrentThreadId () returned 0x6f8 [0231.212] CloseHandle (hObject=0x126c) returned 1 [0231.212] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp", dwFileAttributes=0x20) returned 0 [0231.213] GetCurrentThreadId () returned 0x6f8 [0231.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe6fccf0, dwHighDateTime=0x1d6076d)) [0231.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe6fccf0, dwHighDateTime=0x1d6076d)) [0231.213] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp", piIcon=0x4e4ed50) returned 0x360143 [0231.219] GetIconInfo (in: hIcon=0x360143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0231.219] CreateFileW (lpFileName="wIQw.ico" (normalized: "c:\\windows\\system32\\wiqw.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.220] GetObjectA (in: h=0xd6050763, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0231.220] GetObjectA (in: h=0x8e050776, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0231.220] CreateCompatibleDC (hdc=0x0) returned 0x85010772 [0231.220] GetDIBits (in: hdc=0x85010772, hbm=0xd6050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0231.220] GetDIBits (in: hdc=0x85010772, hbm=0xd6050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0231.220] GetDIBits (in: hdc=0x85010772, hbm=0xd6050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0231.220] GetDIBits (in: hdc=0x85010772, hbm=0x8e050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0231.220] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0231.222] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0231.222] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0231.222] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0231.222] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0231.223] DeleteDC (hdc=0x85010772) returned 1 [0231.223] CloseHandle (hObject=0x126c) returned 1 [0231.223] DeleteObject (ho=0xd6050763) returned 1 [0231.223] DeleteObject (ho=0x8e050776) returned 1 [0231.223] DestroyCursor (hCursor=0x360143) returned 1 [0231.223] GetCurrentThreadId () returned 0x6f8 [0231.223] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.223] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.228] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0231.229] CloseHandle (hObject=0x126c) returned 1 [0231.229] GetCurrentThreadId () returned 0x6f8 [0231.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe722e50, dwHighDateTime=0x1d6076d)) [0231.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe722e50, dwHighDateTime=0x1d6076d)) [0231.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xe722e50, dwHighDateTime=0x1d6076d)) [0231.329] GetCurrentThreadId () returned 0x6f8 [0231.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe807690, dwHighDateTime=0x1d6076d)) [0231.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe807690, dwHighDateTime=0x1d6076d)) [0231.329] GetCurrentThreadId () returned 0x6f8 [0231.329] CreateFileW (lpFileName="gYkk.exe" (normalized: "c:\\windows\\system32\\gykk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.332] CreateFileW (lpFileName="gYkk.exe" (normalized: "c:\\windows\\system32\\gykk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.332] GetCurrentThreadId () returned 0x6f8 [0231.332] GetCurrentThreadId () returned 0x6f8 [0231.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe82d7f0, dwHighDateTime=0x1d6076d)) [0231.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe82d7f0, dwHighDateTime=0x1d6076d)) [0231.332] CreateFileW (lpFileName="gYkk.exe" (normalized: "c:\\windows\\system32\\gykk.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.332] GetCurrentThreadId () returned 0x6f8 [0231.332] BeginUpdateResourceW (pFileName="gYkk.exe" (normalized: "c:\\windows\\system32\\gykk.exe"), bDeleteExistingResources=0) returned 0x0 [0231.333] CreateFileW (lpFileName="wIQw.ico" (normalized: "c:\\windows\\system32\\wiqw.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0231.333] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0231.333] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0231.333] CloseHandle (hObject=0x126c) returned 1 [0231.333] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0231.333] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0231.333] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0231.333] CopyFileW (lpExistingFileName="gYkk.exe" (normalized: "c:\\windows\\system32\\gykk.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp.exe"), bFailIfExists=0) returned 0 [0231.334] SetNamedSecurityInfoW () returned 0x2 [0231.334] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp")) returned 0 [0231.334] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0231.334] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0231.334] DeleteFileW (lpFileName="wIQw.ico" (normalized: "c:\\windows\\system32\\wiqw.ico")) returned 1 [0231.336] DeleteFileW (lpFileName="gYkk.exe" (normalized: "c:\\windows\\system32\\gykk.exe")) returned 0 [0231.336] GetCurrentThreadId () returned 0x6f8 [0231.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xe82d7f0, dwHighDateTime=0x1d6076d)) [0231.336] GetCurrentThreadId () returned 0x6f8 [0231.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xe82d7f0, dwHighDateTime=0x1d6076d)) [0231.336] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd27f263, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile26.bmp", cAlternateFileName="")) returned 1 [0231.336] GetCurrentThreadId () returned 0x6f8 [0231.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xe82d7f0, dwHighDateTime=0x1d6076d)) [0231.336] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp")) returned 0x20 [0231.336] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp", dwFileAttributes=0x80) returned 0 [0231.337] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.337] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.342] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0231.343] GetCurrentThreadId () returned 0x6f8 [0231.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe82d7f0, dwHighDateTime=0x1d6076d)) [0231.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xe82d7f0, dwHighDateTime=0x1d6076d)) [0231.343] GetCurrentThreadId () returned 0x6f8 [0231.343] CloseHandle (hObject=0x126c) returned 1 [0231.344] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp", dwFileAttributes=0x20) returned 0 [0231.344] GetCurrentThreadId () returned 0x6f8 [0231.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe82d7f0, dwHighDateTime=0x1d6076d)) [0231.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xe82d7f0, dwHighDateTime=0x1d6076d)) [0231.344] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp", piIcon=0x4e4ed50) returned 0x370143 [0231.349] GetIconInfo (in: hIcon=0x370143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0231.349] CreateFileW (lpFileName="YsAg.ico" (normalized: "c:\\windows\\system32\\ysag.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.350] GetObjectA (in: h=0x390501fa, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0231.350] GetObjectA (in: h=0x45050770, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0231.350] CreateCompatibleDC (hdc=0x0) returned 0xaf01018d [0231.350] GetDIBits (in: hdc=0xaf01018d, hbm=0x390501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0231.350] GetDIBits (in: hdc=0xaf01018d, hbm=0x390501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0231.351] GetDIBits (in: hdc=0xaf01018d, hbm=0x390501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0231.351] GetDIBits (in: hdc=0xaf01018d, hbm=0x45050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0231.351] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0231.352] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0231.352] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0231.352] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0231.352] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0231.352] DeleteDC (hdc=0xaf01018d) returned 1 [0231.352] CloseHandle (hObject=0x126c) returned 1 [0231.352] DeleteObject (ho=0x390501fa) returned 1 [0231.352] DeleteObject (ho=0x45050770) returned 1 [0231.353] DestroyCursor (hCursor=0x370143) returned 1 [0231.353] GetCurrentThreadId () returned 0x6f8 [0231.353] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.353] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.357] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0231.358] CloseHandle (hObject=0x126c) returned 1 [0231.358] GetCurrentThreadId () returned 0x6f8 [0231.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe853950, dwHighDateTime=0x1d6076d)) [0231.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xe853950, dwHighDateTime=0x1d6076d)) [0231.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xe853950, dwHighDateTime=0x1d6076d)) [0231.523] GetCurrentThreadId () returned 0x6f8 [0231.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe9f6870, dwHighDateTime=0x1d6076d)) [0231.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xe9f6870, dwHighDateTime=0x1d6076d)) [0231.523] GetCurrentThreadId () returned 0x6f8 [0231.523] CreateFileW (lpFileName="KgsG.exe" (normalized: "c:\\windows\\system32\\kgsg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.523] CreateFileW (lpFileName="KgsG.exe" (normalized: "c:\\windows\\system32\\kgsg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.524] GetCurrentThreadId () returned 0x6f8 [0231.524] GetCurrentThreadId () returned 0x6f8 [0231.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe9f6870, dwHighDateTime=0x1d6076d)) [0231.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xe9f6870, dwHighDateTime=0x1d6076d)) [0231.524] CreateFileW (lpFileName="KgsG.exe" (normalized: "c:\\windows\\system32\\kgsg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.524] GetCurrentThreadId () returned 0x6f8 [0231.524] BeginUpdateResourceW (pFileName="KgsG.exe" (normalized: "c:\\windows\\system32\\kgsg.exe"), bDeleteExistingResources=0) returned 0x0 [0231.524] CreateFileW (lpFileName="YsAg.ico" (normalized: "c:\\windows\\system32\\ysag.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0231.524] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0231.525] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0231.526] CloseHandle (hObject=0x126c) returned 1 [0231.526] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0231.526] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0231.526] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0231.526] CopyFileW (lpExistingFileName="KgsG.exe" (normalized: "c:\\windows\\system32\\kgsg.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp.exe"), bFailIfExists=0) returned 0 [0231.526] SetNamedSecurityInfoW () returned 0x2 [0231.527] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp")) returned 0 [0231.527] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0231.527] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0231.527] DeleteFileW (lpFileName="YsAg.ico" (normalized: "c:\\windows\\system32\\ysag.ico")) returned 1 [0231.528] DeleteFileW (lpFileName="KgsG.exe" (normalized: "c:\\windows\\system32\\kgsg.exe")) returned 0 [0231.529] GetCurrentThreadId () returned 0x6f8 [0231.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xe9f6870, dwHighDateTime=0x1d6076d)) [0231.529] GetCurrentThreadId () returned 0x6f8 [0231.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xe9f6870, dwHighDateTime=0x1d6076d)) [0231.529] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4184d0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4184d0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd2a53c1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile27.bmp", cAlternateFileName="")) returned 1 [0231.529] GetCurrentThreadId () returned 0x6f8 [0231.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xe9f6870, dwHighDateTime=0x1d6076d)) [0231.529] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp")) returned 0x20 [0231.529] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp", dwFileAttributes=0x80) returned 0 [0231.529] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.529] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.535] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0231.536] GetCurrentThreadId () returned 0x6f8 [0231.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xea1c9d0, dwHighDateTime=0x1d6076d)) [0231.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xea1c9d0, dwHighDateTime=0x1d6076d)) [0231.536] GetCurrentThreadId () returned 0x6f8 [0231.537] CloseHandle (hObject=0x126c) returned 1 [0231.537] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp", dwFileAttributes=0x20) returned 0 [0231.537] GetCurrentThreadId () returned 0x6f8 [0231.537] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xea1c9d0, dwHighDateTime=0x1d6076d)) [0231.537] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xea1c9d0, dwHighDateTime=0x1d6076d)) [0231.537] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp", piIcon=0x4e4ed50) returned 0x380143 [0231.546] GetIconInfo (in: hIcon=0x380143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0231.546] CreateFileW (lpFileName="kAIQ.ico" (normalized: "c:\\windows\\system32\\kaiq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.547] GetObjectA (in: h=0xec0501fb, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0231.547] GetObjectA (in: h=0xda050763, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0231.547] CreateCompatibleDC (hdc=0x0) returned 0x8a010772 [0231.547] GetDIBits (in: hdc=0x8a010772, hbm=0xec0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0231.547] GetDIBits (in: hdc=0x8a010772, hbm=0xec0501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0231.548] GetDIBits (in: hdc=0x8a010772, hbm=0xec0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0231.548] GetDIBits (in: hdc=0x8a010772, hbm=0xda050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0231.548] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0231.549] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0231.549] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0231.549] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0231.549] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0231.550] DeleteDC (hdc=0x8a010772) returned 1 [0231.550] CloseHandle (hObject=0x126c) returned 1 [0231.550] DeleteObject (ho=0xec0501fb) returned 1 [0231.550] DeleteObject (ho=0xda050763) returned 1 [0231.550] DestroyCursor (hCursor=0x380143) returned 1 [0231.550] GetCurrentThreadId () returned 0x6f8 [0231.550] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.550] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.555] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0231.556] CloseHandle (hObject=0x126c) returned 1 [0231.556] GetCurrentThreadId () returned 0x6f8 [0231.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xea42b30, dwHighDateTime=0x1d6076d)) [0231.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xea42b30, dwHighDateTime=0x1d6076d)) [0231.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xea42b30, dwHighDateTime=0x1d6076d)) [0231.635] GetCurrentThreadId () returned 0x6f8 [0231.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xeb01210, dwHighDateTime=0x1d6076d)) [0231.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xeb01210, dwHighDateTime=0x1d6076d)) [0231.635] GetCurrentThreadId () returned 0x6f8 [0231.635] CreateFileW (lpFileName="yoYW.exe" (normalized: "c:\\windows\\system32\\yoyw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.636] CreateFileW (lpFileName="yoYW.exe" (normalized: "c:\\windows\\system32\\yoyw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.636] GetCurrentThreadId () returned 0x6f8 [0231.636] GetCurrentThreadId () returned 0x6f8 [0231.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xeb01210, dwHighDateTime=0x1d6076d)) [0231.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xeb01210, dwHighDateTime=0x1d6076d)) [0231.636] CreateFileW (lpFileName="yoYW.exe" (normalized: "c:\\windows\\system32\\yoyw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.636] GetCurrentThreadId () returned 0x6f8 [0231.636] BeginUpdateResourceW (pFileName="yoYW.exe" (normalized: "c:\\windows\\system32\\yoyw.exe"), bDeleteExistingResources=0) returned 0x0 [0231.637] CreateFileW (lpFileName="kAIQ.ico" (normalized: "c:\\windows\\system32\\kaiq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0231.637] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0231.637] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0231.637] CloseHandle (hObject=0x126c) returned 1 [0231.637] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0231.637] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0231.637] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0231.637] CopyFileW (lpExistingFileName="yoYW.exe" (normalized: "c:\\windows\\system32\\yoyw.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp.exe"), bFailIfExists=0) returned 0 [0231.638] SetNamedSecurityInfoW () returned 0x2 [0231.638] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp")) returned 0 [0231.638] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0231.638] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0231.638] DeleteFileW (lpFileName="kAIQ.ico" (normalized: "c:\\windows\\system32\\kaiq.ico")) returned 1 [0231.640] DeleteFileW (lpFileName="yoYW.exe" (normalized: "c:\\windows\\system32\\yoyw.exe")) returned 0 [0231.640] GetCurrentThreadId () returned 0x6f8 [0231.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xeb01210, dwHighDateTime=0x1d6076d)) [0231.640] GetCurrentThreadId () returned 0x6f8 [0231.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xeb01210, dwHighDateTime=0x1d6076d)) [0231.640] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3177db, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile28.bmp", cAlternateFileName="")) returned 1 [0231.640] GetCurrentThreadId () returned 0x6f8 [0231.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xeb01210, dwHighDateTime=0x1d6076d)) [0231.640] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp")) returned 0x20 [0231.640] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp", dwFileAttributes=0x80) returned 0 [0231.640] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.640] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.645] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0231.646] GetCurrentThreadId () returned 0x6f8 [0231.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xeb27370, dwHighDateTime=0x1d6076d)) [0231.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xeb27370, dwHighDateTime=0x1d6076d)) [0231.646] GetCurrentThreadId () returned 0x6f8 [0231.646] CloseHandle (hObject=0x126c) returned 1 [0231.646] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp", dwFileAttributes=0x20) returned 0 [0231.647] GetCurrentThreadId () returned 0x6f8 [0231.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xeb27370, dwHighDateTime=0x1d6076d)) [0231.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xeb27370, dwHighDateTime=0x1d6076d)) [0231.647] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp", piIcon=0x4e4ed50) returned 0x390143 [0231.651] GetIconInfo (in: hIcon=0x390143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0231.651] CreateFileW (lpFileName="CiMc.ico" (normalized: "c:\\windows\\system32\\cimc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.652] GetObjectA (in: h=0x95050776, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0231.652] GetObjectA (in: h=0x3d0501fa, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0231.652] CreateCompatibleDC (hdc=0x0) returned 0xb401018d [0231.652] GetDIBits (in: hdc=0xb401018d, hbm=0x95050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0231.652] GetDIBits (in: hdc=0xb401018d, hbm=0x95050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0231.652] GetDIBits (in: hdc=0xb401018d, hbm=0x95050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0231.652] GetDIBits (in: hdc=0xb401018d, hbm=0x3d0501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0231.652] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0231.653] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0231.653] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0231.653] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0231.654] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0231.654] DeleteDC (hdc=0xb401018d) returned 1 [0231.654] CloseHandle (hObject=0x126c) returned 1 [0231.654] DeleteObject (ho=0x95050776) returned 1 [0231.654] DeleteObject (ho=0x3d0501fa) returned 1 [0231.654] DestroyCursor (hCursor=0x390143) returned 1 [0231.654] GetCurrentThreadId () returned 0x6f8 [0231.654] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.654] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.659] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0231.660] CloseHandle (hObject=0x126c) returned 1 [0231.660] GetCurrentThreadId () returned 0x6f8 [0231.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xeb4d4d0, dwHighDateTime=0x1d6076d)) [0231.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xeb4d4d0, dwHighDateTime=0x1d6076d)) [0231.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xeb4d4d0, dwHighDateTime=0x1d6076d)) [0231.802] GetCurrentThreadId () returned 0x6f8 [0231.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xeca4130, dwHighDateTime=0x1d6076d)) [0231.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xeca4130, dwHighDateTime=0x1d6076d)) [0231.802] GetCurrentThreadId () returned 0x6f8 [0231.802] CreateFileW (lpFileName="QEgi.exe" (normalized: "c:\\windows\\system32\\qegi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.803] CreateFileW (lpFileName="QEgi.exe" (normalized: "c:\\windows\\system32\\qegi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.803] GetCurrentThreadId () returned 0x6f8 [0231.803] GetCurrentThreadId () returned 0x6f8 [0231.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xeca4130, dwHighDateTime=0x1d6076d)) [0231.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xeca4130, dwHighDateTime=0x1d6076d)) [0231.803] CreateFileW (lpFileName="QEgi.exe" (normalized: "c:\\windows\\system32\\qegi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.803] GetCurrentThreadId () returned 0x6f8 [0231.803] BeginUpdateResourceW (pFileName="QEgi.exe" (normalized: "c:\\windows\\system32\\qegi.exe"), bDeleteExistingResources=0) returned 0x0 [0231.803] CreateFileW (lpFileName="CiMc.ico" (normalized: "c:\\windows\\system32\\cimc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0231.804] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0231.804] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0231.804] CloseHandle (hObject=0x126c) returned 1 [0231.804] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0231.804] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0231.804] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0231.804] CopyFileW (lpExistingFileName="QEgi.exe" (normalized: "c:\\windows\\system32\\qegi.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp.exe"), bFailIfExists=0) returned 0 [0231.805] SetNamedSecurityInfoW () returned 0x2 [0231.805] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp")) returned 0 [0231.805] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0231.805] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0231.805] DeleteFileW (lpFileName="CiMc.ico" (normalized: "c:\\windows\\system32\\cimc.ico")) returned 1 [0231.807] DeleteFileW (lpFileName="QEgi.exe" (normalized: "c:\\windows\\system32\\qegi.exe")) returned 0 [0231.807] GetCurrentThreadId () returned 0x6f8 [0231.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xeca4130, dwHighDateTime=0x1d6076d)) [0231.807] GetCurrentThreadId () returned 0x6f8 [0231.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xeca4130, dwHighDateTime=0x1d6076d)) [0231.807] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd33d939, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile29.bmp", cAlternateFileName="")) returned 1 [0231.807] GetCurrentThreadId () returned 0x6f8 [0231.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xeca4130, dwHighDateTime=0x1d6076d)) [0231.807] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp")) returned 0x20 [0231.807] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp", dwFileAttributes=0x80) returned 0 [0231.808] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.808] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.813] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0231.814] GetCurrentThreadId () returned 0x6f8 [0231.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xeca4130, dwHighDateTime=0x1d6076d)) [0231.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xeca4130, dwHighDateTime=0x1d6076d)) [0231.814] GetCurrentThreadId () returned 0x6f8 [0231.815] CloseHandle (hObject=0x126c) returned 1 [0231.815] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp", dwFileAttributes=0x20) returned 0 [0231.815] GetCurrentThreadId () returned 0x6f8 [0231.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xecca290, dwHighDateTime=0x1d6076d)) [0231.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xecca290, dwHighDateTime=0x1d6076d)) [0231.815] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp", piIcon=0x4e4ed50) returned 0x3a0143 [0231.822] GetIconInfo (in: hIcon=0x3a0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0231.822] CreateFileW (lpFileName="sYww.ico" (normalized: "c:\\windows\\system32\\syww.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.822] GetObjectA (in: h=0x4c050770, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0231.823] GetObjectA (in: h=0xf00501fb, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0231.823] CreateCompatibleDC (hdc=0x0) returned 0x8f010772 [0231.823] GetDIBits (in: hdc=0x8f010772, hbm=0x4c050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0231.823] GetDIBits (in: hdc=0x8f010772, hbm=0x4c050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0231.823] GetDIBits (in: hdc=0x8f010772, hbm=0x4c050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0231.823] GetDIBits (in: hdc=0x8f010772, hbm=0xf00501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0231.823] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0231.824] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0231.824] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0231.824] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0231.825] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0231.825] DeleteDC (hdc=0x8f010772) returned 1 [0231.825] CloseHandle (hObject=0x126c) returned 1 [0231.825] DeleteObject (ho=0x4c050770) returned 1 [0231.825] DeleteObject (ho=0xf00501fb) returned 1 [0231.825] DestroyCursor (hCursor=0x3a0143) returned 1 [0231.825] GetCurrentThreadId () returned 0x6f8 [0231.825] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.826] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.831] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0231.831] CloseHandle (hObject=0x126c) returned 1 [0231.831] GetCurrentThreadId () returned 0x6f8 [0231.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xecf03f0, dwHighDateTime=0x1d6076d)) [0231.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xecf03f0, dwHighDateTime=0x1d6076d)) [0231.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xecf03f0, dwHighDateTime=0x1d6076d)) [0231.925] GetCurrentThreadId () returned 0x6f8 [0231.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.925] GetCurrentThreadId () returned 0x6f8 [0231.925] CreateFileW (lpFileName="uAwE.exe" (normalized: "c:\\windows\\system32\\uawe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.926] CreateFileW (lpFileName="uAwE.exe" (normalized: "c:\\windows\\system32\\uawe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.926] GetCurrentThreadId () returned 0x6f8 [0231.926] GetCurrentThreadId () returned 0x6f8 [0231.926] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.926] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.926] CreateFileW (lpFileName="uAwE.exe" (normalized: "c:\\windows\\system32\\uawe.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0231.926] GetCurrentThreadId () returned 0x6f8 [0231.926] BeginUpdateResourceW (pFileName="uAwE.exe" (normalized: "c:\\windows\\system32\\uawe.exe"), bDeleteExistingResources=0) returned 0x0 [0231.926] CreateFileW (lpFileName="sYww.ico" (normalized: "c:\\windows\\system32\\syww.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0231.927] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0231.927] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0231.927] CloseHandle (hObject=0x126c) returned 1 [0231.927] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0231.927] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0231.927] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0231.927] CopyFileW (lpExistingFileName="uAwE.exe" (normalized: "c:\\windows\\system32\\uawe.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp.exe"), bFailIfExists=0) returned 0 [0231.928] SetNamedSecurityInfoW () returned 0x2 [0231.928] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp")) returned 0 [0231.928] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0231.928] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0231.928] DeleteFileW (lpFileName="sYww.ico" (normalized: "c:\\windows\\system32\\syww.ico")) returned 1 [0231.929] DeleteFileW (lpFileName="uAwE.exe" (normalized: "c:\\windows\\system32\\uawe.exe")) returned 0 [0231.929] GetCurrentThreadId () returned 0x6f8 [0231.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.929] GetCurrentThreadId () returned 0x6f8 [0231.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.929] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae46478a, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae46478a, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile30.bmp", cAlternateFileName="")) returned 1 [0231.930] GetCurrentThreadId () returned 0x6f8 [0231.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.930] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp")) returned 0x20 [0231.930] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp", dwFileAttributes=0x80) returned 0 [0231.930] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.930] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.935] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0231.936] GetCurrentThreadId () returned 0x6f8 [0231.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.936] GetCurrentThreadId () returned 0x6f8 [0231.936] CloseHandle (hObject=0x126c) returned 1 [0231.936] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp", dwFileAttributes=0x20) returned 0 [0231.937] GetCurrentThreadId () returned 0x6f8 [0231.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xedd4c30, dwHighDateTime=0x1d6076d)) [0231.937] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp", piIcon=0x4e4ed50) returned 0x3b0143 [0231.944] GetIconInfo (in: hIcon=0x3b0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0231.944] CreateFileW (lpFileName="WYYs.ico" (normalized: "c:\\windows\\system32\\wyys.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.945] GetObjectA (in: h=0xe1050763, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0231.945] GetObjectA (in: h=0x99050776, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0231.945] CreateCompatibleDC (hdc=0x0) returned 0xb901018d [0231.945] GetDIBits (in: hdc=0xb901018d, hbm=0xe1050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0231.945] GetDIBits (in: hdc=0xb901018d, hbm=0xe1050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0231.945] GetDIBits (in: hdc=0xb901018d, hbm=0xe1050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0231.945] GetDIBits (in: hdc=0xb901018d, hbm=0x99050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0231.945] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0231.946] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0231.946] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0231.946] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0231.947] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0231.947] DeleteDC (hdc=0xb901018d) returned 1 [0231.947] CloseHandle (hObject=0x126c) returned 1 [0231.947] DeleteObject (ho=0xe1050763) returned 1 [0231.947] DeleteObject (ho=0x99050776) returned 1 [0231.947] DestroyCursor (hCursor=0x3b0143) returned 1 [0231.947] GetCurrentThreadId () returned 0x6f8 [0231.947] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0231.947] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0231.952] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0231.953] CloseHandle (hObject=0x126c) returned 1 [0231.953] GetCurrentThreadId () returned 0x6f8 [0231.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xedfad90, dwHighDateTime=0x1d6076d)) [0231.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xedfad90, dwHighDateTime=0x1d6076d)) [0231.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xedfad90, dwHighDateTime=0x1d6076d)) [0232.028] GetCurrentThreadId () returned 0x6f8 [0232.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xeeb9470, dwHighDateTime=0x1d6076d)) [0232.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xeeb9470, dwHighDateTime=0x1d6076d)) [0232.028] GetCurrentThreadId () returned 0x6f8 [0232.028] CreateFileW (lpFileName="kwsA.exe" (normalized: "c:\\windows\\system32\\kwsa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.029] CreateFileW (lpFileName="kwsA.exe" (normalized: "c:\\windows\\system32\\kwsa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.029] GetCurrentThreadId () returned 0x6f8 [0232.029] GetCurrentThreadId () returned 0x6f8 [0232.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xeeb9470, dwHighDateTime=0x1d6076d)) [0232.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xeeb9470, dwHighDateTime=0x1d6076d)) [0232.030] CreateFileW (lpFileName="kwsA.exe" (normalized: "c:\\windows\\system32\\kwsa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.030] GetCurrentThreadId () returned 0x6f8 [0232.030] BeginUpdateResourceW (pFileName="kwsA.exe" (normalized: "c:\\windows\\system32\\kwsa.exe"), bDeleteExistingResources=0) returned 0x0 [0232.030] CreateFileW (lpFileName="WYYs.ico" (normalized: "c:\\windows\\system32\\wyys.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0232.030] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0232.030] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0232.031] CloseHandle (hObject=0x126c) returned 1 [0232.031] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0232.031] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0232.031] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0232.031] CopyFileW (lpExistingFileName="kwsA.exe" (normalized: "c:\\windows\\system32\\kwsa.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp.exe"), bFailIfExists=0) returned 0 [0232.031] SetNamedSecurityInfoW () returned 0x2 [0232.031] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp")) returned 0 [0232.032] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0232.032] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0232.032] DeleteFileW (lpFileName="WYYs.ico" (normalized: "c:\\windows\\system32\\wyys.ico")) returned 1 [0232.034] DeleteFileW (lpFileName="kwsA.exe" (normalized: "c:\\windows\\system32\\kwsa.exe")) returned 0 [0232.034] GetCurrentThreadId () returned 0x6f8 [0232.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xeedf5d0, dwHighDateTime=0x1d6076d)) [0232.034] GetCurrentThreadId () returned 0x6f8 [0232.035] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xeedf5d0, dwHighDateTime=0x1d6076d)) [0232.035] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile31.bmp", cAlternateFileName="")) returned 1 [0232.035] GetCurrentThreadId () returned 0x6f8 [0232.035] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xeedf5d0, dwHighDateTime=0x1d6076d)) [0232.035] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp")) returned 0x20 [0232.035] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp", dwFileAttributes=0x80) returned 0 [0232.035] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.035] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.040] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0232.042] GetCurrentThreadId () returned 0x6f8 [0232.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xeedf5d0, dwHighDateTime=0x1d6076d)) [0232.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xeedf5d0, dwHighDateTime=0x1d6076d)) [0232.042] GetCurrentThreadId () returned 0x6f8 [0232.042] CloseHandle (hObject=0x126c) returned 1 [0232.042] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp", dwFileAttributes=0x20) returned 0 [0232.043] GetCurrentThreadId () returned 0x6f8 [0232.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xeedf5d0, dwHighDateTime=0x1d6076d)) [0232.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xeedf5d0, dwHighDateTime=0x1d6076d)) [0232.043] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp", piIcon=0x4e4ed50) returned 0x3c0143 [0232.049] GetIconInfo (in: hIcon=0x3c0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0232.049] CreateFileW (lpFileName="kUcg.ico" (normalized: "c:\\windows\\system32\\kucg.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.049] GetObjectA (in: h=0x440501fa, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0232.050] GetObjectA (in: h=0x50050770, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0232.050] CreateCompatibleDC (hdc=0x0) returned 0x94010772 [0232.050] GetDIBits (in: hdc=0x94010772, hbm=0x440501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0232.050] GetDIBits (in: hdc=0x94010772, hbm=0x440501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0232.050] GetDIBits (in: hdc=0x94010772, hbm=0x440501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0232.050] GetDIBits (in: hdc=0x94010772, hbm=0x50050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0232.050] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0232.051] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0232.051] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0232.052] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0232.052] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0232.052] DeleteDC (hdc=0x94010772) returned 1 [0232.052] CloseHandle (hObject=0x126c) returned 1 [0232.052] DeleteObject (ho=0x440501fa) returned 1 [0232.052] DeleteObject (ho=0x50050770) returned 1 [0232.052] DestroyCursor (hCursor=0x3c0143) returned 1 [0232.052] GetCurrentThreadId () returned 0x6f8 [0232.052] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.053] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.058] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0232.058] CloseHandle (hObject=0x126c) returned 1 [0232.058] GetCurrentThreadId () returned 0x6f8 [0232.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xef05730, dwHighDateTime=0x1d6076d)) [0232.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xef05730, dwHighDateTime=0x1d6076d)) [0232.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xef05730, dwHighDateTime=0x1d6076d)) [0232.150] GetCurrentThreadId () returned 0x6f8 [0232.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xefe9f70, dwHighDateTime=0x1d6076d)) [0232.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xefe9f70, dwHighDateTime=0x1d6076d)) [0232.150] GetCurrentThreadId () returned 0x6f8 [0232.150] CreateFileW (lpFileName="YgoS.exe" (normalized: "c:\\windows\\system32\\ygos.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.151] CreateFileW (lpFileName="YgoS.exe" (normalized: "c:\\windows\\system32\\ygos.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.152] GetCurrentThreadId () returned 0x6f8 [0232.152] GetCurrentThreadId () returned 0x6f8 [0232.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xefe9f70, dwHighDateTime=0x1d6076d)) [0232.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xefe9f70, dwHighDateTime=0x1d6076d)) [0232.152] CreateFileW (lpFileName="YgoS.exe" (normalized: "c:\\windows\\system32\\ygos.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.152] GetCurrentThreadId () returned 0x6f8 [0232.152] BeginUpdateResourceW (pFileName="YgoS.exe" (normalized: "c:\\windows\\system32\\ygos.exe"), bDeleteExistingResources=0) returned 0x0 [0232.152] CreateFileW (lpFileName="kUcg.ico" (normalized: "c:\\windows\\system32\\kucg.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0232.152] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0232.153] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0232.153] CloseHandle (hObject=0x126c) returned 1 [0232.153] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0232.153] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0232.153] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0232.153] CopyFileW (lpExistingFileName="YgoS.exe" (normalized: "c:\\windows\\system32\\ygos.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp.exe"), bFailIfExists=0) returned 0 [0232.153] SetNamedSecurityInfoW () returned 0x2 [0232.154] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp")) returned 0 [0232.154] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0232.154] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0232.154] DeleteFileW (lpFileName="kUcg.ico" (normalized: "c:\\windows\\system32\\kucg.ico")) returned 1 [0232.155] DeleteFileW (lpFileName="YgoS.exe" (normalized: "c:\\windows\\system32\\ygos.exe")) returned 0 [0232.156] GetCurrentThreadId () returned 0x6f8 [0232.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xefe9f70, dwHighDateTime=0x1d6076d)) [0232.156] GetCurrentThreadId () returned 0x6f8 [0232.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xefe9f70, dwHighDateTime=0x1d6076d)) [0232.156] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd42216d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile32.bmp", cAlternateFileName="")) returned 1 [0232.156] GetCurrentThreadId () returned 0x6f8 [0232.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xefe9f70, dwHighDateTime=0x1d6076d)) [0232.156] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp")) returned 0x20 [0232.156] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp", dwFileAttributes=0x80) returned 0 [0232.156] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.156] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.161] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0232.163] GetCurrentThreadId () returned 0x6f8 [0232.163] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf0100d0, dwHighDateTime=0x1d6076d)) [0232.163] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf0100d0, dwHighDateTime=0x1d6076d)) [0232.163] GetCurrentThreadId () returned 0x6f8 [0232.164] CloseHandle (hObject=0x126c) returned 1 [0232.164] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp", dwFileAttributes=0x20) returned 0 [0232.164] GetCurrentThreadId () returned 0x6f8 [0232.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf0100d0, dwHighDateTime=0x1d6076d)) [0232.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf0100d0, dwHighDateTime=0x1d6076d)) [0232.164] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp", piIcon=0x4e4ed50) returned 0x3d0143 [0232.170] GetIconInfo (in: hIcon=0x3d0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0232.171] CreateFileW (lpFileName="guUg.ico" (normalized: "c:\\windows\\system32\\guug.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.171] GetObjectA (in: h=0xf70501fb, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0232.171] GetObjectA (in: h=0xe5050763, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0232.171] CreateCompatibleDC (hdc=0x0) returned 0xbe01018d [0232.172] GetDIBits (in: hdc=0xbe01018d, hbm=0xf70501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0232.172] GetDIBits (in: hdc=0xbe01018d, hbm=0xf70501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0232.172] GetDIBits (in: hdc=0xbe01018d, hbm=0xf70501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0232.172] GetDIBits (in: hdc=0xbe01018d, hbm=0xe5050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0232.172] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0232.173] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0232.173] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0232.173] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0232.174] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0232.174] DeleteDC (hdc=0xbe01018d) returned 1 [0232.174] CloseHandle (hObject=0x126c) returned 1 [0232.174] DeleteObject (ho=0xf70501fb) returned 1 [0232.174] DeleteObject (ho=0xe5050763) returned 1 [0232.174] DestroyCursor (hCursor=0x3d0143) returned 1 [0232.174] GetCurrentThreadId () returned 0x6f8 [0232.174] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.175] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.180] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0232.180] CloseHandle (hObject=0x126c) returned 1 [0232.180] GetCurrentThreadId () returned 0x6f8 [0232.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf036230, dwHighDateTime=0x1d6076d)) [0232.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf036230, dwHighDateTime=0x1d6076d)) [0232.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf036230, dwHighDateTime=0x1d6076d)) [0232.266] GetCurrentThreadId () returned 0x6f8 [0232.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf0f4910, dwHighDateTime=0x1d6076d)) [0232.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf0f4910, dwHighDateTime=0x1d6076d)) [0232.266] GetCurrentThreadId () returned 0x6f8 [0232.266] CreateFileW (lpFileName="Ykks.exe" (normalized: "c:\\windows\\system32\\ykks.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.267] CreateFileW (lpFileName="Ykks.exe" (normalized: "c:\\windows\\system32\\ykks.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.267] GetCurrentThreadId () returned 0x6f8 [0232.268] GetCurrentThreadId () returned 0x6f8 [0232.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf11aa70, dwHighDateTime=0x1d6076d)) [0232.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf11aa70, dwHighDateTime=0x1d6076d)) [0232.275] CreateFileW (lpFileName="Ykks.exe" (normalized: "c:\\windows\\system32\\ykks.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.275] GetCurrentThreadId () returned 0x6f8 [0232.275] BeginUpdateResourceW (pFileName="Ykks.exe" (normalized: "c:\\windows\\system32\\ykks.exe"), bDeleteExistingResources=0) returned 0x0 [0232.275] CreateFileW (lpFileName="guUg.ico" (normalized: "c:\\windows\\system32\\guug.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0232.276] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0232.276] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0232.276] CloseHandle (hObject=0x126c) returned 1 [0232.276] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0232.276] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0232.276] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0232.277] CopyFileW (lpExistingFileName="Ykks.exe" (normalized: "c:\\windows\\system32\\ykks.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp.exe"), bFailIfExists=0) returned 0 [0232.277] SetNamedSecurityInfoW () returned 0x2 [0232.277] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp")) returned 0 [0232.277] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0232.277] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0232.278] DeleteFileW (lpFileName="guUg.ico" (normalized: "c:\\windows\\system32\\guug.ico")) returned 1 [0232.279] DeleteFileW (lpFileName="Ykks.exe" (normalized: "c:\\windows\\system32\\ykks.exe")) returned 0 [0232.279] GetCurrentThreadId () returned 0x6f8 [0232.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf11aa70, dwHighDateTime=0x1d6076d)) [0232.279] GetCurrentThreadId () returned 0x6f8 [0232.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf11aa70, dwHighDateTime=0x1d6076d)) [0232.279] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4b0a44, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4b0a44, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd4482cb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile33.bmp", cAlternateFileName="")) returned 1 [0232.279] GetCurrentThreadId () returned 0x6f8 [0232.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf11aa70, dwHighDateTime=0x1d6076d)) [0232.279] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp")) returned 0x20 [0232.279] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp", dwFileAttributes=0x80) returned 0 [0232.280] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.280] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.285] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0232.286] GetCurrentThreadId () returned 0x6f8 [0232.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf140bd0, dwHighDateTime=0x1d6076d)) [0232.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf140bd0, dwHighDateTime=0x1d6076d)) [0232.286] GetCurrentThreadId () returned 0x6f8 [0232.286] CloseHandle (hObject=0x126c) returned 1 [0232.287] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp", dwFileAttributes=0x20) returned 0 [0232.287] GetCurrentThreadId () returned 0x6f8 [0232.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf140bd0, dwHighDateTime=0x1d6076d)) [0232.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf140bd0, dwHighDateTime=0x1d6076d)) [0232.287] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp", piIcon=0x4e4ed50) returned 0x3e0143 [0232.293] GetIconInfo (in: hIcon=0x3e0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0232.293] CreateFileW (lpFileName="EckA.ico" (normalized: "c:\\windows\\system32\\ecka.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.294] GetObjectA (in: h=0xa0050776, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0232.294] GetObjectA (in: h=0x480501fa, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0232.294] CreateCompatibleDC (hdc=0x0) returned 0x99010772 [0232.294] GetDIBits (in: hdc=0x99010772, hbm=0xa0050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0232.294] GetDIBits (in: hdc=0x99010772, hbm=0xa0050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0232.294] GetDIBits (in: hdc=0x99010772, hbm=0xa0050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0232.294] GetDIBits (in: hdc=0x99010772, hbm=0x480501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0232.294] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0232.295] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0232.296] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0232.296] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0232.296] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0232.296] DeleteDC (hdc=0x99010772) returned 1 [0232.296] CloseHandle (hObject=0x126c) returned 1 [0232.297] DeleteObject (ho=0xa0050776) returned 1 [0232.297] DeleteObject (ho=0x480501fa) returned 1 [0232.297] DestroyCursor (hCursor=0x3e0143) returned 1 [0232.297] GetCurrentThreadId () returned 0x6f8 [0232.297] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.297] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.302] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0232.303] CloseHandle (hObject=0x126c) returned 1 [0232.303] GetCurrentThreadId () returned 0x6f8 [0232.303] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf166d30, dwHighDateTime=0x1d6076d)) [0232.303] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf166d30, dwHighDateTime=0x1d6076d)) [0232.303] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf166d30, dwHighDateTime=0x1d6076d)) [0232.398] GetCurrentThreadId () returned 0x6f8 [0232.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf24b570, dwHighDateTime=0x1d6076d)) [0232.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf24b570, dwHighDateTime=0x1d6076d)) [0232.398] GetCurrentThreadId () returned 0x6f8 [0232.398] CreateFileW (lpFileName="yUgY.exe" (normalized: "c:\\windows\\system32\\yugy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.399] CreateFileW (lpFileName="yUgY.exe" (normalized: "c:\\windows\\system32\\yugy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.400] GetCurrentThreadId () returned 0x6f8 [0232.400] GetCurrentThreadId () returned 0x6f8 [0232.400] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf24b570, dwHighDateTime=0x1d6076d)) [0232.400] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf24b570, dwHighDateTime=0x1d6076d)) [0232.400] CreateFileW (lpFileName="yUgY.exe" (normalized: "c:\\windows\\system32\\yugy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.400] GetCurrentThreadId () returned 0x6f8 [0232.400] BeginUpdateResourceW (pFileName="yUgY.exe" (normalized: "c:\\windows\\system32\\yugy.exe"), bDeleteExistingResources=0) returned 0x0 [0232.400] CreateFileW (lpFileName="EckA.ico" (normalized: "c:\\windows\\system32\\ecka.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0232.400] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0232.401] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0232.401] CloseHandle (hObject=0x126c) returned 1 [0232.401] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0232.401] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0232.401] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0232.401] CopyFileW (lpExistingFileName="yUgY.exe" (normalized: "c:\\windows\\system32\\yugy.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp.exe"), bFailIfExists=0) returned 0 [0232.401] SetNamedSecurityInfoW () returned 0x2 [0232.402] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp")) returned 0 [0232.402] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0232.402] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0232.402] DeleteFileW (lpFileName="EckA.ico" (normalized: "c:\\windows\\system32\\ecka.ico")) returned 1 [0232.404] DeleteFileW (lpFileName="yUgY.exe" (normalized: "c:\\windows\\system32\\yugy.exe")) returned 0 [0232.404] GetCurrentThreadId () returned 0x6f8 [0232.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf24b570, dwHighDateTime=0x1d6076d)) [0232.404] GetCurrentThreadId () returned 0x6f8 [0232.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf24b570, dwHighDateTime=0x1d6076d)) [0232.404] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9c9561, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile34.bmp", cAlternateFileName="")) returned 1 [0232.404] GetCurrentThreadId () returned 0x6f8 [0232.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf24b570, dwHighDateTime=0x1d6076d)) [0232.404] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp")) returned 0x20 [0232.404] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp", dwFileAttributes=0x80) returned 0 [0232.404] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.405] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.410] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0232.411] GetCurrentThreadId () returned 0x6f8 [0232.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf2716d0, dwHighDateTime=0x1d6076d)) [0232.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf2716d0, dwHighDateTime=0x1d6076d)) [0232.411] GetCurrentThreadId () returned 0x6f8 [0232.411] CloseHandle (hObject=0x126c) returned 1 [0232.412] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp", dwFileAttributes=0x20) returned 0 [0232.412] GetCurrentThreadId () returned 0x6f8 [0232.412] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf2716d0, dwHighDateTime=0x1d6076d)) [0232.412] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf2716d0, dwHighDateTime=0x1d6076d)) [0232.412] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp", piIcon=0x4e4ed50) returned 0x3f0143 [0232.418] GetIconInfo (in: hIcon=0x3f0143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0232.418] CreateFileW (lpFileName="EGEU.ico" (normalized: "c:\\windows\\system32\\egeu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.419] GetObjectA (in: h=0x57050770, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0232.419] GetObjectA (in: h=0xfb0501fb, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0232.419] CreateCompatibleDC (hdc=0x0) returned 0xc301018d [0232.419] GetDIBits (in: hdc=0xc301018d, hbm=0x57050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0232.419] GetDIBits (in: hdc=0xc301018d, hbm=0x57050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0232.419] GetDIBits (in: hdc=0xc301018d, hbm=0x57050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0232.419] GetDIBits (in: hdc=0xc301018d, hbm=0xfb0501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0232.420] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0232.421] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0232.421] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0232.421] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0232.421] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0232.422] DeleteDC (hdc=0xc301018d) returned 1 [0232.422] CloseHandle (hObject=0x126c) returned 1 [0232.422] DeleteObject (ho=0x57050770) returned 1 [0232.422] DeleteObject (ho=0xfb0501fb) returned 1 [0232.422] DestroyCursor (hCursor=0x3f0143) returned 1 [0232.422] GetCurrentThreadId () returned 0x6f8 [0232.422] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.422] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.427] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0232.428] CloseHandle (hObject=0x126c) returned 1 [0232.428] GetCurrentThreadId () returned 0x6f8 [0232.428] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf297830, dwHighDateTime=0x1d6076d)) [0232.428] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf297830, dwHighDateTime=0x1d6076d)) [0232.428] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf297830, dwHighDateTime=0x1d6076d)) [0232.516] GetCurrentThreadId () returned 0x6f8 [0232.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf355f10, dwHighDateTime=0x1d6076d)) [0232.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf355f10, dwHighDateTime=0x1d6076d)) [0232.516] GetCurrentThreadId () returned 0x6f8 [0232.516] CreateFileW (lpFileName="GcAi.exe" (normalized: "c:\\windows\\system32\\gcai.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.517] CreateFileW (lpFileName="GcAi.exe" (normalized: "c:\\windows\\system32\\gcai.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.518] GetCurrentThreadId () returned 0x6f8 [0232.518] GetCurrentThreadId () returned 0x6f8 [0232.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf37c070, dwHighDateTime=0x1d6076d)) [0232.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf37c070, dwHighDateTime=0x1d6076d)) [0232.518] CreateFileW (lpFileName="GcAi.exe" (normalized: "c:\\windows\\system32\\gcai.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.518] GetCurrentThreadId () returned 0x6f8 [0232.518] BeginUpdateResourceW (pFileName="GcAi.exe" (normalized: "c:\\windows\\system32\\gcai.exe"), bDeleteExistingResources=0) returned 0x0 [0232.518] CreateFileW (lpFileName="EGEU.ico" (normalized: "c:\\windows\\system32\\egeu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0232.518] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0232.519] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0232.519] CloseHandle (hObject=0x126c) returned 1 [0232.519] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0232.519] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0232.519] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0232.519] CopyFileW (lpExistingFileName="GcAi.exe" (normalized: "c:\\windows\\system32\\gcai.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp.exe"), bFailIfExists=0) returned 0 [0232.519] SetNamedSecurityInfoW () returned 0x2 [0232.520] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp")) returned 0 [0232.520] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0232.520] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0232.520] DeleteFileW (lpFileName="EGEU.ico" (normalized: "c:\\windows\\system32\\egeu.ico")) returned 1 [0232.522] DeleteFileW (lpFileName="GcAi.exe" (normalized: "c:\\windows\\system32\\gcai.exe")) returned 0 [0232.522] GetCurrentThreadId () returned 0x6f8 [0232.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf37c070, dwHighDateTime=0x1d6076d)) [0232.522] GetCurrentThreadId () returned 0x6f8 [0232.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf37c070, dwHighDateTime=0x1d6076d)) [0232.522] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile35.bmp", cAlternateFileName="")) returned 1 [0232.522] GetCurrentThreadId () returned 0x6f8 [0232.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf37c070, dwHighDateTime=0x1d6076d)) [0232.522] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp")) returned 0x20 [0232.522] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp", dwFileAttributes=0x80) returned 0 [0232.522] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.522] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.527] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0232.529] GetCurrentThreadId () returned 0x6f8 [0232.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf37c070, dwHighDateTime=0x1d6076d)) [0232.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf37c070, dwHighDateTime=0x1d6076d)) [0232.529] GetCurrentThreadId () returned 0x6f8 [0232.529] CloseHandle (hObject=0x126c) returned 1 [0232.529] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp", dwFileAttributes=0x20) returned 0 [0232.530] GetCurrentThreadId () returned 0x6f8 [0232.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf37c070, dwHighDateTime=0x1d6076d)) [0232.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf37c070, dwHighDateTime=0x1d6076d)) [0232.530] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp", piIcon=0x4e4ed50) returned 0x400143 [0232.537] GetIconInfo (in: hIcon=0x400143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0232.537] CreateFileW (lpFileName="OQYU.ico" (normalized: "c:\\windows\\system32\\oqyu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.537] GetObjectA (in: h=0xec050763, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0232.537] GetObjectA (in: h=0xa4050776, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0232.538] CreateCompatibleDC (hdc=0x0) returned 0x9e010772 [0232.538] GetDIBits (in: hdc=0x9e010772, hbm=0xec050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0232.538] GetDIBits (in: hdc=0x9e010772, hbm=0xec050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0232.538] GetDIBits (in: hdc=0x9e010772, hbm=0xec050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0232.538] GetDIBits (in: hdc=0x9e010772, hbm=0xa4050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0232.538] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0232.539] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0232.539] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0232.539] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0232.540] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0232.540] DeleteDC (hdc=0x9e010772) returned 1 [0232.540] CloseHandle (hObject=0x126c) returned 1 [0232.540] DeleteObject (ho=0xec050763) returned 1 [0232.540] DeleteObject (ho=0xa4050776) returned 1 [0232.540] DestroyCursor (hCursor=0x400143) returned 1 [0232.540] GetCurrentThreadId () returned 0x6f8 [0232.540] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.540] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.545] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0232.546] CloseHandle (hObject=0x126c) returned 1 [0232.546] GetCurrentThreadId () returned 0x6f8 [0232.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf3a21d0, dwHighDateTime=0x1d6076d)) [0232.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf3a21d0, dwHighDateTime=0x1d6076d)) [0232.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf3a21d0, dwHighDateTime=0x1d6076d)) [0232.638] GetCurrentThreadId () returned 0x6f8 [0232.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf486a10, dwHighDateTime=0x1d6076d)) [0232.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf486a10, dwHighDateTime=0x1d6076d)) [0232.638] GetCurrentThreadId () returned 0x6f8 [0232.638] CreateFileW (lpFileName="AQwo.exe" (normalized: "c:\\windows\\system32\\aqwo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.639] CreateFileW (lpFileName="AQwo.exe" (normalized: "c:\\windows\\system32\\aqwo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.639] GetCurrentThreadId () returned 0x6f8 [0232.639] GetCurrentThreadId () returned 0x6f8 [0232.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf486a10, dwHighDateTime=0x1d6076d)) [0232.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf486a10, dwHighDateTime=0x1d6076d)) [0232.639] CreateFileW (lpFileName="AQwo.exe" (normalized: "c:\\windows\\system32\\aqwo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.639] GetCurrentThreadId () returned 0x6f8 [0232.640] BeginUpdateResourceW (pFileName="AQwo.exe" (normalized: "c:\\windows\\system32\\aqwo.exe"), bDeleteExistingResources=0) returned 0x0 [0232.640] CreateFileW (lpFileName="OQYU.ico" (normalized: "c:\\windows\\system32\\oqyu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0232.640] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0232.640] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0232.640] CloseHandle (hObject=0x126c) returned 1 [0232.640] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0232.641] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0232.641] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0232.641] CopyFileW (lpExistingFileName="AQwo.exe" (normalized: "c:\\windows\\system32\\aqwo.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp.exe"), bFailIfExists=0) returned 0 [0232.641] SetNamedSecurityInfoW () returned 0x2 [0232.641] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp")) returned 0 [0232.641] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0232.642] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0232.642] DeleteFileW (lpFileName="OQYU.ico" (normalized: "c:\\windows\\system32\\oqyu.ico")) returned 1 [0232.643] DeleteFileW (lpFileName="AQwo.exe" (normalized: "c:\\windows\\system32\\aqwo.exe")) returned 0 [0232.643] GetCurrentThreadId () returned 0x6f8 [0232.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf4acb70, dwHighDateTime=0x1d6076d)) [0232.643] GetCurrentThreadId () returned 0x6f8 [0232.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf4acb70, dwHighDateTime=0x1d6076d)) [0232.643] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae548fb8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae548fb8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile36.bmp", cAlternateFileName="")) returned 1 [0232.643] GetCurrentThreadId () returned 0x6f8 [0232.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf4acb70, dwHighDateTime=0x1d6076d)) [0232.644] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp")) returned 0x20 [0232.644] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp", dwFileAttributes=0x80) returned 0 [0232.644] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.644] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.649] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0232.650] GetCurrentThreadId () returned 0x6f8 [0232.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf4acb70, dwHighDateTime=0x1d6076d)) [0232.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf4acb70, dwHighDateTime=0x1d6076d)) [0232.650] GetCurrentThreadId () returned 0x6f8 [0232.651] CloseHandle (hObject=0x126c) returned 1 [0232.651] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp", dwFileAttributes=0x20) returned 0 [0232.651] GetCurrentThreadId () returned 0x6f8 [0232.651] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf4acb70, dwHighDateTime=0x1d6076d)) [0232.651] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf4acb70, dwHighDateTime=0x1d6076d)) [0232.651] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp", piIcon=0x4e4ed50) returned 0x410143 [0232.657] GetIconInfo (in: hIcon=0x410143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0232.657] CreateFileW (lpFileName="eYoA.ico" (normalized: "c:\\windows\\system32\\eyoa.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.658] GetObjectA (in: h=0x4f0501fa, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0232.658] GetObjectA (in: h=0x5b050770, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0232.658] CreateCompatibleDC (hdc=0x0) returned 0xc801018d [0232.658] GetDIBits (in: hdc=0xc801018d, hbm=0x4f0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0232.658] GetDIBits (in: hdc=0xc801018d, hbm=0x4f0501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0232.658] GetDIBits (in: hdc=0xc801018d, hbm=0x4f0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0232.658] GetDIBits (in: hdc=0xc801018d, hbm=0x5b050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0232.658] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0232.659] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0232.660] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0232.660] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0232.660] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0232.660] DeleteDC (hdc=0xc801018d) returned 1 [0232.660] CloseHandle (hObject=0x126c) returned 1 [0232.661] DeleteObject (ho=0x4f0501fa) returned 1 [0232.661] DeleteObject (ho=0x5b050770) returned 1 [0232.661] DestroyCursor (hCursor=0x410143) returned 1 [0232.661] GetCurrentThreadId () returned 0x6f8 [0232.661] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.661] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.666] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0232.666] CloseHandle (hObject=0x126c) returned 1 [0232.666] GetCurrentThreadId () returned 0x6f8 [0232.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf4d2cd0, dwHighDateTime=0x1d6076d)) [0232.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf4d2cd0, dwHighDateTime=0x1d6076d)) [0232.667] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf4d2cd0, dwHighDateTime=0x1d6076d)) [0232.777] GetCurrentThreadId () returned 0x6f8 [0232.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf5dd670, dwHighDateTime=0x1d6076d)) [0232.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf5dd670, dwHighDateTime=0x1d6076d)) [0232.777] GetCurrentThreadId () returned 0x6f8 [0232.777] CreateFileW (lpFileName="IQIe.exe" (normalized: "c:\\windows\\system32\\iqie.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.777] CreateFileW (lpFileName="IQIe.exe" (normalized: "c:\\windows\\system32\\iqie.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.778] GetCurrentThreadId () returned 0x6f8 [0232.778] GetCurrentThreadId () returned 0x6f8 [0232.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf5dd670, dwHighDateTime=0x1d6076d)) [0232.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf5dd670, dwHighDateTime=0x1d6076d)) [0232.778] CreateFileW (lpFileName="IQIe.exe" (normalized: "c:\\windows\\system32\\iqie.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.778] GetCurrentThreadId () returned 0x6f8 [0232.778] BeginUpdateResourceW (pFileName="IQIe.exe" (normalized: "c:\\windows\\system32\\iqie.exe"), bDeleteExistingResources=0) returned 0x0 [0232.778] CreateFileW (lpFileName="eYoA.ico" (normalized: "c:\\windows\\system32\\eyoa.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0232.778] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0232.779] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0232.779] CloseHandle (hObject=0x126c) returned 1 [0232.779] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0232.779] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0232.779] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0232.779] CopyFileW (lpExistingFileName="IQIe.exe" (normalized: "c:\\windows\\system32\\iqie.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp.exe"), bFailIfExists=0) returned 0 [0232.779] SetNamedSecurityInfoW () returned 0x2 [0232.780] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp")) returned 0 [0232.780] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0232.780] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0232.780] DeleteFileW (lpFileName="eYoA.ico" (normalized: "c:\\windows\\system32\\eyoa.ico")) returned 1 [0232.782] DeleteFileW (lpFileName="IQIe.exe" (normalized: "c:\\windows\\system32\\iqie.exe")) returned 0 [0232.782] GetCurrentThreadId () returned 0x6f8 [0232.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf5dd670, dwHighDateTime=0x1d6076d)) [0232.782] GetCurrentThreadId () returned 0x6f8 [0232.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf5dd670, dwHighDateTime=0x1d6076d)) [0232.782] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae595272, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae595272, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile37.bmp", cAlternateFileName="")) returned 1 [0232.782] GetCurrentThreadId () returned 0x6f8 [0232.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf5dd670, dwHighDateTime=0x1d6076d)) [0232.782] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp")) returned 0x20 [0232.783] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp", dwFileAttributes=0x80) returned 0 [0232.783] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.783] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.788] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0232.789] GetCurrentThreadId () returned 0x6f8 [0232.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf6037d0, dwHighDateTime=0x1d6076d)) [0232.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf6037d0, dwHighDateTime=0x1d6076d)) [0232.789] GetCurrentThreadId () returned 0x6f8 [0232.790] CloseHandle (hObject=0x126c) returned 1 [0232.790] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp", dwFileAttributes=0x20) returned 0 [0232.790] GetCurrentThreadId () returned 0x6f8 [0232.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf6037d0, dwHighDateTime=0x1d6076d)) [0232.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf6037d0, dwHighDateTime=0x1d6076d)) [0232.790] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp", piIcon=0x4e4ed50) returned 0x420143 [0232.797] GetIconInfo (in: hIcon=0x420143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0232.797] CreateFileW (lpFileName="caMI.ico" (normalized: "c:\\windows\\system32\\cami.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.798] GetObjectA (in: h=0x20501fb, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0232.798] GetObjectA (in: h=0xf0050763, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0232.798] CreateCompatibleDC (hdc=0x0) returned 0xa3010772 [0232.798] GetDIBits (in: hdc=0xa3010772, hbm=0x20501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0232.798] GetDIBits (in: hdc=0xa3010772, hbm=0x20501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0232.798] GetDIBits (in: hdc=0xa3010772, hbm=0x20501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0232.798] GetDIBits (in: hdc=0xa3010772, hbm=0xf0050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0232.798] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0232.799] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0232.799] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0232.800] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0232.800] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0232.800] DeleteDC (hdc=0xa3010772) returned 1 [0232.800] CloseHandle (hObject=0x126c) returned 1 [0232.800] DeleteObject (ho=0x20501fb) returned 1 [0232.800] DeleteObject (ho=0xf0050763) returned 1 [0232.800] DestroyCursor (hCursor=0x420143) returned 1 [0232.800] GetCurrentThreadId () returned 0x6f8 [0232.800] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.801] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.805] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0232.806] CloseHandle (hObject=0x126c) returned 1 [0232.806] GetCurrentThreadId () returned 0x6f8 [0232.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf629930, dwHighDateTime=0x1d6076d)) [0232.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf629930, dwHighDateTime=0x1d6076d)) [0232.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf629930, dwHighDateTime=0x1d6076d)) [0232.907] GetCurrentThreadId () returned 0x6f8 [0232.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.907] GetCurrentThreadId () returned 0x6f8 [0232.907] CreateFileW (lpFileName="sAcE.exe" (normalized: "c:\\windows\\system32\\sace.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.908] CreateFileW (lpFileName="sAcE.exe" (normalized: "c:\\windows\\system32\\sace.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.910] GetCurrentThreadId () returned 0x6f8 [0232.910] GetCurrentThreadId () returned 0x6f8 [0232.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.910] CreateFileW (lpFileName="sAcE.exe" (normalized: "c:\\windows\\system32\\sace.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.910] GetCurrentThreadId () returned 0x6f8 [0232.910] BeginUpdateResourceW (pFileName="sAcE.exe" (normalized: "c:\\windows\\system32\\sace.exe"), bDeleteExistingResources=0) returned 0x0 [0232.910] CreateFileW (lpFileName="caMI.ico" (normalized: "c:\\windows\\system32\\cami.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0232.910] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0232.911] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0232.911] CloseHandle (hObject=0x126c) returned 1 [0232.911] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0232.911] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0232.911] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0232.911] CopyFileW (lpExistingFileName="sAcE.exe" (normalized: "c:\\windows\\system32\\sace.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp.exe"), bFailIfExists=0) returned 0 [0232.911] SetNamedSecurityInfoW () returned 0x2 [0232.912] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp")) returned 0 [0232.912] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0232.912] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0232.912] DeleteFileW (lpFileName="caMI.ico" (normalized: "c:\\windows\\system32\\cami.ico")) returned 1 [0232.913] DeleteFileW (lpFileName="sAcE.exe" (normalized: "c:\\windows\\system32\\sace.exe")) returned 0 [0232.913] GetCurrentThreadId () returned 0x6f8 [0232.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.914] GetCurrentThreadId () returned 0x6f8 [0232.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.914] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5bb3cf, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5bb3cf, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile38.bmp", cAlternateFileName="")) returned 1 [0232.914] GetCurrentThreadId () returned 0x6f8 [0232.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.914] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp")) returned 0x20 [0232.914] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp", dwFileAttributes=0x80) returned 0 [0232.914] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.914] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.919] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0232.920] GetCurrentThreadId () returned 0x6f8 [0232.920] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.920] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.920] GetCurrentThreadId () returned 0x6f8 [0232.921] CloseHandle (hObject=0x126c) returned 1 [0232.921] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp", dwFileAttributes=0x20) returned 0 [0232.921] GetCurrentThreadId () returned 0x6f8 [0232.921] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.921] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf7342d0, dwHighDateTime=0x1d6076d)) [0232.921] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp", piIcon=0x4e4ed50) returned 0x430143 [0232.927] GetIconInfo (in: hIcon=0x430143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0232.927] CreateFileW (lpFileName="IEwg.ico" (normalized: "c:\\windows\\system32\\iewg.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.928] GetObjectA (in: h=0xab050776, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0232.928] GetObjectA (in: h=0x530501fa, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0232.928] CreateCompatibleDC (hdc=0x0) returned 0xcd01018d [0232.928] GetDIBits (in: hdc=0xcd01018d, hbm=0xab050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0232.928] GetDIBits (in: hdc=0xcd01018d, hbm=0xab050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0232.928] GetDIBits (in: hdc=0xcd01018d, hbm=0xab050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0232.928] GetDIBits (in: hdc=0xcd01018d, hbm=0x530501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0232.928] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0232.930] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0232.930] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0232.930] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0232.930] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0232.931] DeleteDC (hdc=0xcd01018d) returned 1 [0232.931] CloseHandle (hObject=0x126c) returned 1 [0232.931] DeleteObject (ho=0xab050776) returned 1 [0232.931] DeleteObject (ho=0x530501fa) returned 1 [0232.931] DestroyCursor (hCursor=0x430143) returned 1 [0232.931] GetCurrentThreadId () returned 0x6f8 [0232.931] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0232.935] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0232.940] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0232.940] CloseHandle (hObject=0x126c) returned 1 [0232.941] GetCurrentThreadId () returned 0x6f8 [0232.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf780590, dwHighDateTime=0x1d6076d)) [0232.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf780590, dwHighDateTime=0x1d6076d)) [0232.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf780590, dwHighDateTime=0x1d6076d)) [0233.050] GetCurrentThreadId () returned 0x6f8 [0233.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf88af30, dwHighDateTime=0x1d6076d)) [0233.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf88af30, dwHighDateTime=0x1d6076d)) [0233.050] GetCurrentThreadId () returned 0x6f8 [0233.050] CreateFileW (lpFileName="yIEg.exe" (normalized: "c:\\windows\\system32\\yieg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.051] CreateFileW (lpFileName="yIEg.exe" (normalized: "c:\\windows\\system32\\yieg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.051] GetCurrentThreadId () returned 0x6f8 [0233.051] GetCurrentThreadId () returned 0x6f8 [0233.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf88af30, dwHighDateTime=0x1d6076d)) [0233.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf88af30, dwHighDateTime=0x1d6076d)) [0233.052] CreateFileW (lpFileName="yIEg.exe" (normalized: "c:\\windows\\system32\\yieg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.052] GetCurrentThreadId () returned 0x6f8 [0233.052] BeginUpdateResourceW (pFileName="yIEg.exe" (normalized: "c:\\windows\\system32\\yieg.exe"), bDeleteExistingResources=0) returned 0x0 [0233.052] CreateFileW (lpFileName="IEwg.ico" (normalized: "c:\\windows\\system32\\iewg.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0233.052] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0233.052] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0233.053] CloseHandle (hObject=0x126c) returned 1 [0233.053] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0233.053] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0233.053] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0233.053] CopyFileW (lpExistingFileName="yIEg.exe" (normalized: "c:\\windows\\system32\\yieg.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp.exe"), bFailIfExists=0) returned 0 [0233.053] SetNamedSecurityInfoW () returned 0x2 [0233.053] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp")) returned 0 [0233.054] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0233.054] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0233.054] DeleteFileW (lpFileName="IEwg.ico" (normalized: "c:\\windows\\system32\\iewg.ico")) returned 1 [0233.055] DeleteFileW (lpFileName="yIEg.exe" (normalized: "c:\\windows\\system32\\yieg.exe")) returned 0 [0233.056] GetCurrentThreadId () returned 0x6f8 [0233.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf88af30, dwHighDateTime=0x1d6076d)) [0233.056] GetCurrentThreadId () returned 0x6f8 [0233.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf88af30, dwHighDateTime=0x1d6076d)) [0233.056] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5e152c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5e152c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc2ab41, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile39.bmp", cAlternateFileName="")) returned 1 [0233.056] GetCurrentThreadId () returned 0x6f8 [0233.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf88af30, dwHighDateTime=0x1d6076d)) [0233.056] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp")) returned 0x20 [0233.056] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp", dwFileAttributes=0x80) returned 0 [0233.056] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.056] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0233.061] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0233.063] GetCurrentThreadId () returned 0x6f8 [0233.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf88af30, dwHighDateTime=0x1d6076d)) [0233.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xf88af30, dwHighDateTime=0x1d6076d)) [0233.063] GetCurrentThreadId () returned 0x6f8 [0233.063] CloseHandle (hObject=0x126c) returned 1 [0233.064] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp", dwFileAttributes=0x20) returned 0 [0233.064] GetCurrentThreadId () returned 0x6f8 [0233.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf8b1090, dwHighDateTime=0x1d6076d)) [0233.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xf8b1090, dwHighDateTime=0x1d6076d)) [0233.064] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp", piIcon=0x4e4ed50) returned 0x440143 [0233.070] GetIconInfo (in: hIcon=0x440143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0233.070] CreateFileW (lpFileName="iEEE.ico" (normalized: "c:\\windows\\system32\\ieee.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.071] GetObjectA (in: h=0x62050770, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0233.071] GetObjectA (in: h=0x60501fb, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0233.071] CreateCompatibleDC (hdc=0x0) returned 0xa8010772 [0233.071] GetDIBits (in: hdc=0xa8010772, hbm=0x62050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0233.072] GetDIBits (in: hdc=0xa8010772, hbm=0x62050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0233.072] GetDIBits (in: hdc=0xa8010772, hbm=0x62050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0233.072] GetDIBits (in: hdc=0xa8010772, hbm=0x60501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0233.072] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0233.073] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0233.073] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0233.073] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0233.073] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0233.074] DeleteDC (hdc=0xa8010772) returned 1 [0233.074] CloseHandle (hObject=0x126c) returned 1 [0233.074] DeleteObject (ho=0x62050770) returned 1 [0233.074] DeleteObject (ho=0x60501fb) returned 1 [0233.074] DestroyCursor (hCursor=0x440143) returned 1 [0233.074] GetCurrentThreadId () returned 0x6f8 [0233.074] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.074] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0233.079] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0233.079] CloseHandle (hObject=0x126c) returned 1 [0233.080] GetCurrentThreadId () returned 0x6f8 [0233.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf8d71f0, dwHighDateTime=0x1d6076d)) [0233.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xf8d71f0, dwHighDateTime=0x1d6076d)) [0233.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xf8d71f0, dwHighDateTime=0x1d6076d)) [0233.185] GetCurrentThreadId () returned 0x6f8 [0233.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf9bba30, dwHighDateTime=0x1d6076d)) [0233.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xf9bba30, dwHighDateTime=0x1d6076d)) [0233.186] GetCurrentThreadId () returned 0x6f8 [0233.186] CreateFileW (lpFileName="GIcW.exe" (normalized: "c:\\windows\\system32\\gicw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.186] CreateFileW (lpFileName="GIcW.exe" (normalized: "c:\\windows\\system32\\gicw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.187] GetCurrentThreadId () returned 0x6f8 [0233.187] GetCurrentThreadId () returned 0x6f8 [0233.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf9bba30, dwHighDateTime=0x1d6076d)) [0233.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xf9bba30, dwHighDateTime=0x1d6076d)) [0233.187] CreateFileW (lpFileName="GIcW.exe" (normalized: "c:\\windows\\system32\\gicw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.187] GetCurrentThreadId () returned 0x6f8 [0233.187] BeginUpdateResourceW (pFileName="GIcW.exe" (normalized: "c:\\windows\\system32\\gicw.exe"), bDeleteExistingResources=0) returned 0x0 [0233.187] CreateFileW (lpFileName="iEEE.ico" (normalized: "c:\\windows\\system32\\ieee.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0233.188] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0233.188] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0233.188] CloseHandle (hObject=0x126c) returned 1 [0233.188] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0233.188] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0233.188] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0233.188] CopyFileW (lpExistingFileName="GIcW.exe" (normalized: "c:\\windows\\system32\\gicw.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp.exe"), bFailIfExists=0) returned 0 [0233.189] SetNamedSecurityInfoW () returned 0x2 [0233.189] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp")) returned 0 [0233.189] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0233.189] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0233.189] DeleteFileW (lpFileName="iEEE.ico" (normalized: "c:\\windows\\system32\\ieee.ico")) returned 1 [0233.191] DeleteFileW (lpFileName="GIcW.exe" (normalized: "c:\\windows\\system32\\gicw.exe")) returned 0 [0233.191] GetCurrentThreadId () returned 0x6f8 [0233.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xf9e1b90, dwHighDateTime=0x1d6076d)) [0233.191] GetCurrentThreadId () returned 0x6f8 [0233.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xf9e1b90, dwHighDateTime=0x1d6076d)) [0233.193] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae607689, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae607689, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc50c9f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile40.bmp", cAlternateFileName="")) returned 1 [0233.193] GetCurrentThreadId () returned 0x6f8 [0233.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xf9e1b90, dwHighDateTime=0x1d6076d)) [0233.193] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp")) returned 0x20 [0233.193] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp", dwFileAttributes=0x80) returned 0 [0233.194] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.194] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0233.202] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0233.204] GetCurrentThreadId () returned 0x6f8 [0233.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xfa07cf0, dwHighDateTime=0x1d6076d)) [0233.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xfa07cf0, dwHighDateTime=0x1d6076d)) [0233.204] GetCurrentThreadId () returned 0x6f8 [0233.205] CloseHandle (hObject=0x126c) returned 1 [0233.205] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp", dwFileAttributes=0x20) returned 0 [0233.205] GetCurrentThreadId () returned 0x6f8 [0233.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xfa07cf0, dwHighDateTime=0x1d6076d)) [0233.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xfa07cf0, dwHighDateTime=0x1d6076d)) [0233.205] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp", piIcon=0x4e4ed50) returned 0x450143 [0233.212] GetIconInfo (in: hIcon=0x450143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0233.212] CreateFileW (lpFileName="mqkk.ico" (normalized: "c:\\windows\\system32\\mqkk.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.213] GetObjectA (in: h=0xf7050763, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0233.213] GetObjectA (in: h=0xaf050776, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0233.213] CreateCompatibleDC (hdc=0x0) returned 0xd201018d [0233.213] GetDIBits (in: hdc=0xd201018d, hbm=0xf7050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0233.213] GetDIBits (in: hdc=0xd201018d, hbm=0xf7050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0233.214] GetDIBits (in: hdc=0xd201018d, hbm=0xf7050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0233.214] GetDIBits (in: hdc=0xd201018d, hbm=0xaf050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0233.214] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0233.215] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0233.215] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0233.215] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0233.216] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0233.216] DeleteDC (hdc=0xd201018d) returned 1 [0233.216] CloseHandle (hObject=0x126c) returned 1 [0233.216] DeleteObject (ho=0xf7050763) returned 1 [0233.216] DeleteObject (ho=0xaf050776) returned 1 [0233.216] DestroyCursor (hCursor=0x450143) returned 1 [0233.216] GetCurrentThreadId () returned 0x6f8 [0233.216] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.217] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0233.228] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0233.228] CloseHandle (hObject=0x126c) returned 1 [0233.228] GetCurrentThreadId () returned 0x6f8 [0233.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.391] GetCurrentThreadId () returned 0x6f8 [0233.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.391] GetCurrentThreadId () returned 0x6f8 [0233.392] CreateFileW (lpFileName="AkMO.exe" (normalized: "c:\\windows\\system32\\akmo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.392] CreateFileW (lpFileName="AkMO.exe" (normalized: "c:\\windows\\system32\\akmo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.393] GetCurrentThreadId () returned 0x6f8 [0233.393] GetCurrentThreadId () returned 0x6f8 [0233.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.393] CreateFileW (lpFileName="AkMO.exe" (normalized: "c:\\windows\\system32\\akmo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.393] GetCurrentThreadId () returned 0x6f8 [0233.393] BeginUpdateResourceW (pFileName="AkMO.exe" (normalized: "c:\\windows\\system32\\akmo.exe"), bDeleteExistingResources=0) returned 0x0 [0233.393] CreateFileW (lpFileName="mqkk.ico" (normalized: "c:\\windows\\system32\\mqkk.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0233.393] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0233.393] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0233.394] CloseHandle (hObject=0x126c) returned 1 [0233.394] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0233.394] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0233.394] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0233.394] CopyFileW (lpExistingFileName="AkMO.exe" (normalized: "c:\\windows\\system32\\akmo.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp.exe"), bFailIfExists=0) returned 0 [0233.394] SetNamedSecurityInfoW () returned 0x2 [0233.394] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp")) returned 0 [0233.395] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0233.395] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0233.395] DeleteFileW (lpFileName="mqkk.ico" (normalized: "c:\\windows\\system32\\mqkk.ico")) returned 1 [0233.396] DeleteFileW (lpFileName="AkMO.exe" (normalized: "c:\\windows\\system32\\akmo.exe")) returned 0 [0233.397] GetCurrentThreadId () returned 0x6f8 [0233.397] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.397] GetCurrentThreadId () returned 0x6f8 [0233.397] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.397] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae62d7e6, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae62d7e6, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddcc30b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile41.bmp", cAlternateFileName="")) returned 1 [0233.397] GetCurrentThreadId () returned 0x6f8 [0233.397] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.397] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp")) returned 0x20 [0233.397] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp", dwFileAttributes=0x80) returned 0 [0233.397] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.397] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0233.402] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0233.404] GetCurrentThreadId () returned 0x6f8 [0233.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.404] GetCurrentThreadId () returned 0x6f8 [0233.404] CloseHandle (hObject=0x126c) returned 1 [0233.404] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp", dwFileAttributes=0x20) returned 0 [0233.404] GetCurrentThreadId () returned 0x6f8 [0233.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xfbd0d70, dwHighDateTime=0x1d6076d)) [0233.405] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp", piIcon=0x4e4ed50) returned 0x460143 [0233.413] GetIconInfo (in: hIcon=0x460143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0233.413] CreateFileW (lpFileName="mKcQ.ico" (normalized: "c:\\windows\\system32\\mkcq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.414] GetObjectA (in: h=0x5a0501fa, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0233.414] GetObjectA (in: h=0x66050770, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0233.414] CreateCompatibleDC (hdc=0x0) returned 0xad010772 [0233.414] GetDIBits (in: hdc=0xad010772, hbm=0x5a0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0233.414] GetDIBits (in: hdc=0xad010772, hbm=0x5a0501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0233.414] GetDIBits (in: hdc=0xad010772, hbm=0x5a0501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0233.414] GetDIBits (in: hdc=0xad010772, hbm=0x66050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0233.414] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0233.416] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0233.416] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0233.416] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0233.416] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0233.416] DeleteDC (hdc=0xad010772) returned 1 [0233.416] CloseHandle (hObject=0x126c) returned 1 [0233.417] DeleteObject (ho=0x5a0501fa) returned 1 [0233.417] DeleteObject (ho=0x66050770) returned 1 [0233.417] DestroyCursor (hCursor=0x460143) returned 1 [0233.417] GetCurrentThreadId () returned 0x6f8 [0233.417] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.417] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0233.426] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0233.426] CloseHandle (hObject=0x126c) returned 1 [0233.426] GetCurrentThreadId () returned 0x6f8 [0233.426] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xfc1d030, dwHighDateTime=0x1d6076d)) [0233.426] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xfc1d030, dwHighDateTime=0x1d6076d)) [0233.426] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xfc1d030, dwHighDateTime=0x1d6076d)) [0233.560] GetCurrentThreadId () returned 0x6f8 [0233.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xfd4db30, dwHighDateTime=0x1d6076d)) [0233.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0xfd4db30, dwHighDateTime=0x1d6076d)) [0233.560] GetCurrentThreadId () returned 0x6f8 [0233.560] CreateFileW (lpFileName="EUEu.exe" (normalized: "c:\\windows\\system32\\eueu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.561] CreateFileW (lpFileName="EUEu.exe" (normalized: "c:\\windows\\system32\\eueu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.562] GetCurrentThreadId () returned 0x6f8 [0233.562] GetCurrentThreadId () returned 0x6f8 [0233.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xfd4db30, dwHighDateTime=0x1d6076d)) [0233.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0xfd4db30, dwHighDateTime=0x1d6076d)) [0233.562] CreateFileW (lpFileName="EUEu.exe" (normalized: "c:\\windows\\system32\\eueu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.562] GetCurrentThreadId () returned 0x6f8 [0233.562] BeginUpdateResourceW (pFileName="EUEu.exe" (normalized: "c:\\windows\\system32\\eueu.exe"), bDeleteExistingResources=0) returned 0x0 [0233.562] CreateFileW (lpFileName="mKcQ.ico" (normalized: "c:\\windows\\system32\\mkcq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0233.588] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0233.588] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0233.589] CloseHandle (hObject=0x126c) returned 1 [0233.589] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0233.589] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0233.590] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0233.590] CopyFileW (lpExistingFileName="EUEu.exe" (normalized: "c:\\windows\\system32\\eueu.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp.exe"), bFailIfExists=0) returned 0 [0233.590] SetNamedSecurityInfoW () returned 0x2 [0233.590] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp")) returned 0 [0233.590] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0233.590] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0233.591] DeleteFileW (lpFileName="mKcQ.ico" (normalized: "c:\\windows\\system32\\mkcq.ico")) returned 1 [0233.592] DeleteFileW (lpFileName="EUEu.exe" (normalized: "c:\\windows\\system32\\eueu.exe")) returned 0 [0233.592] GetCurrentThreadId () returned 0x6f8 [0233.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.592] GetCurrentThreadId () returned 0x6f8 [0233.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.592] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddce9217, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile42.bmp", cAlternateFileName="")) returned 1 [0233.592] GetCurrentThreadId () returned 0x6f8 [0233.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0xfd99df0, dwHighDateTime=0x1d6076d)) [0233.592] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp")) returned 0x20 [0233.592] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp", dwFileAttributes=0x80) returned 0 [0233.593] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.593] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0233.597] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0233.599] GetCurrentThreadId () returned 0x6f8 [0233.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xfdbff50, dwHighDateTime=0x1d6076d)) [0233.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0xfdbff50, dwHighDateTime=0x1d6076d)) [0233.599] GetCurrentThreadId () returned 0x6f8 [0233.599] CloseHandle (hObject=0x126c) returned 1 [0233.599] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp", dwFileAttributes=0x20) returned 0 [0233.599] GetCurrentThreadId () returned 0x6f8 [0233.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xfdbff50, dwHighDateTime=0x1d6076d)) [0233.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0xfdbff50, dwHighDateTime=0x1d6076d)) [0233.600] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp", piIcon=0x4e4ed50) returned 0x470143 [0233.607] GetIconInfo (in: hIcon=0x470143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0233.607] CreateFileW (lpFileName="ukkw.ico" (normalized: "c:\\windows\\system32\\ukkw.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.608] GetObjectA (in: h=0xd0501fb, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0233.608] GetObjectA (in: h=0xfb050763, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0233.608] CreateCompatibleDC (hdc=0x0) returned 0xd701018d [0233.608] GetDIBits (in: hdc=0xd701018d, hbm=0xd0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0233.608] GetDIBits (in: hdc=0xd701018d, hbm=0xd0501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0233.608] GetDIBits (in: hdc=0xd701018d, hbm=0xd0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0233.608] GetDIBits (in: hdc=0xd701018d, hbm=0xfb050763, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0233.608] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0233.609] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0233.609] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0233.610] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0233.610] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0233.610] DeleteDC (hdc=0xd701018d) returned 1 [0233.610] CloseHandle (hObject=0x126c) returned 1 [0233.610] DeleteObject (ho=0xd0501fb) returned 1 [0233.610] DeleteObject (ho=0xfb050763) returned 1 [0233.610] DestroyCursor (hCursor=0x470143) returned 1 [0233.610] GetCurrentThreadId () returned 0x6f8 [0233.611] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0233.611] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0233.616] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0233.616] CloseHandle (hObject=0x126c) returned 1 [0233.616] GetCurrentThreadId () returned 0x6f8 [0233.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xfde60b0, dwHighDateTime=0x1d6076d)) [0233.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0xfde60b0, dwHighDateTime=0x1d6076d)) [0233.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0xfde60b0, dwHighDateTime=0x1d6076d)) [0234.004] GetCurrentThreadId () returned 0x6f8 [0234.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0x1019e310, dwHighDateTime=0x1d6076d)) [0234.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0x1019e310, dwHighDateTime=0x1d6076d)) [0234.005] GetCurrentThreadId () returned 0x6f8 [0234.005] CreateFileW (lpFileName="ogwS.exe" (normalized: "c:\\windows\\system32\\ogws.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.006] CreateFileW (lpFileName="ogwS.exe" (normalized: "c:\\windows\\system32\\ogws.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.006] GetCurrentThreadId () returned 0x6f8 [0234.006] GetCurrentThreadId () returned 0x6f8 [0234.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0x1019e310, dwHighDateTime=0x1d6076d)) [0234.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0x1019e310, dwHighDateTime=0x1d6076d)) [0234.006] CreateFileW (lpFileName="ogwS.exe" (normalized: "c:\\windows\\system32\\ogws.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.006] GetCurrentThreadId () returned 0x6f8 [0234.007] BeginUpdateResourceW (pFileName="ogwS.exe" (normalized: "c:\\windows\\system32\\ogws.exe"), bDeleteExistingResources=0) returned 0x0 [0234.007] CreateFileW (lpFileName="ukkw.ico" (normalized: "c:\\windows\\system32\\ukkw.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0234.007] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0234.007] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0234.007] CloseHandle (hObject=0x126c) returned 1 [0234.007] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0234.008] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0234.008] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0234.008] CopyFileW (lpExistingFileName="ogwS.exe" (normalized: "c:\\windows\\system32\\ogws.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp.exe"), bFailIfExists=0) returned 0 [0234.008] SetNamedSecurityInfoW () returned 0x2 [0234.008] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp")) returned 0 [0234.008] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0234.009] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0234.009] DeleteFileW (lpFileName="ukkw.ico" (normalized: "c:\\windows\\system32\\ukkw.ico")) returned 1 [0234.010] DeleteFileW (lpFileName="ogwS.exe" (normalized: "c:\\windows\\system32\\ogws.exe")) returned 0 [0234.010] GetCurrentThreadId () returned 0x6f8 [0234.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0x1019e310, dwHighDateTime=0x1d6076d)) [0234.010] GetCurrentThreadId () returned 0x6f8 [0234.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1019e310, dwHighDateTime=0x1d6076d)) [0234.010] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd0f375, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile43.bmp", cAlternateFileName="")) returned 1 [0234.011] GetCurrentThreadId () returned 0x6f8 [0234.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0x1019e310, dwHighDateTime=0x1d6076d)) [0234.011] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp")) returned 0x20 [0234.011] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp", dwFileAttributes=0x80) returned 0 [0234.011] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.011] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0234.017] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0234.018] GetCurrentThreadId () returned 0x6f8 [0234.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0x101c4470, dwHighDateTime=0x1d6076d)) [0234.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0x101c4470, dwHighDateTime=0x1d6076d)) [0234.018] GetCurrentThreadId () returned 0x6f8 [0234.019] CloseHandle (hObject=0x126c) returned 1 [0234.019] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp", dwFileAttributes=0x20) returned 0 [0234.019] GetCurrentThreadId () returned 0x6f8 [0234.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0x101c4470, dwHighDateTime=0x1d6076d)) [0234.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0x101c4470, dwHighDateTime=0x1d6076d)) [0234.019] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp", piIcon=0x4e4ed50) returned 0x480143 [0234.025] GetIconInfo (in: hIcon=0x480143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0234.025] CreateFileW (lpFileName="SKwE.ico" (normalized: "c:\\windows\\system32\\skwe.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.026] GetObjectA (in: h=0xb6050776, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0234.026] GetObjectA (in: h=0x5e0501fa, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0234.026] CreateCompatibleDC (hdc=0x0) returned 0xb2010772 [0234.026] GetDIBits (in: hdc=0xb2010772, hbm=0xb6050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0234.026] GetDIBits (in: hdc=0xb2010772, hbm=0xb6050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0234.027] GetDIBits (in: hdc=0xb2010772, hbm=0xb6050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0234.027] GetDIBits (in: hdc=0xb2010772, hbm=0x5e0501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0234.027] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0234.028] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0234.028] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0234.028] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0234.028] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0234.029] DeleteDC (hdc=0xb2010772) returned 1 [0234.029] CloseHandle (hObject=0x126c) returned 1 [0234.029] DeleteObject (ho=0xb6050776) returned 1 [0234.029] DeleteObject (ho=0x5e0501fa) returned 1 [0234.029] DestroyCursor (hCursor=0x480143) returned 1 [0234.029] GetCurrentThreadId () returned 0x6f8 [0234.029] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.029] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0234.035] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0234.035] CloseHandle (hObject=0x126c) returned 1 [0234.036] GetCurrentThreadId () returned 0x6f8 [0234.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0x101ea5d0, dwHighDateTime=0x1d6076d)) [0234.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0x101ea5d0, dwHighDateTime=0x1d6076d)) [0234.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0x101ea5d0, dwHighDateTime=0x1d6076d)) [0234.146] GetCurrentThreadId () returned 0x6f8 [0234.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0x102f4f70, dwHighDateTime=0x1d6076d)) [0234.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0x102f4f70, dwHighDateTime=0x1d6076d)) [0234.146] GetCurrentThreadId () returned 0x6f8 [0234.147] CreateFileW (lpFileName="AgsO.exe" (normalized: "c:\\windows\\system32\\agso.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.147] CreateFileW (lpFileName="AgsO.exe" (normalized: "c:\\windows\\system32\\agso.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.149] GetCurrentThreadId () returned 0x6f8 [0234.149] GetCurrentThreadId () returned 0x6f8 [0234.149] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0x102f4f70, dwHighDateTime=0x1d6076d)) [0234.149] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0x102f4f70, dwHighDateTime=0x1d6076d)) [0234.149] CreateFileW (lpFileName="AgsO.exe" (normalized: "c:\\windows\\system32\\agso.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.149] GetCurrentThreadId () returned 0x6f8 [0234.149] BeginUpdateResourceW (pFileName="AgsO.exe" (normalized: "c:\\windows\\system32\\agso.exe"), bDeleteExistingResources=0) returned 0x0 [0234.149] CreateFileW (lpFileName="SKwE.ico" (normalized: "c:\\windows\\system32\\skwe.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0234.149] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0234.150] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0234.150] CloseHandle (hObject=0x126c) returned 1 [0234.150] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0234.150] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0234.150] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0234.150] CopyFileW (lpExistingFileName="AgsO.exe" (normalized: "c:\\windows\\system32\\agso.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp.exe"), bFailIfExists=0) returned 0 [0234.150] SetNamedSecurityInfoW () returned 0x2 [0234.151] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp")) returned 0 [0234.151] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0234.151] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0234.151] DeleteFileW (lpFileName="SKwE.ico" (normalized: "c:\\windows\\system32\\skwe.ico")) returned 1 [0234.153] DeleteFileW (lpFileName="AgsO.exe" (normalized: "c:\\windows\\system32\\agso.exe")) returned 0 [0234.153] GetCurrentThreadId () returned 0x6f8 [0234.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0x102f4f70, dwHighDateTime=0x1d6076d)) [0234.153] GetCurrentThreadId () returned 0x6f8 [0234.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x102f4f70, dwHighDateTime=0x1d6076d)) [0234.153] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd354d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile44.bmp", cAlternateFileName="")) returned 1 [0234.153] GetCurrentThreadId () returned 0x6f8 [0234.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed6c | out: lpSystemTimeAsFileTime=0x4e4ed6c*(dwLowDateTime=0x102f4f70, dwHighDateTime=0x1d6076d)) [0234.153] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp")) returned 0x20 [0234.153] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp", dwFileAttributes=0x80) returned 0 [0234.153] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.154] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0234.159] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4ed44, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4ed44*=0xc038, lpOverlapped=0x0) returned 1 [0234.160] GetCurrentThreadId () returned 0x6f8 [0234.160] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0x1031b0d0, dwHighDateTime=0x1d6076d)) [0234.160] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eccc | out: lpSystemTimeAsFileTime=0x4e4eccc*(dwLowDateTime=0x1031b0d0, dwHighDateTime=0x1d6076d)) [0234.160] GetCurrentThreadId () returned 0x6f8 [0234.161] CloseHandle (hObject=0x126c) returned 1 [0234.161] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp", dwFileAttributes=0x20) returned 0 [0234.161] GetCurrentThreadId () returned 0x6f8 [0234.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0x1031b0d0, dwHighDateTime=0x1d6076d)) [0234.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e424 | out: lpSystemTimeAsFileTime=0x4e4e424*(dwLowDateTime=0x1031b0d0, dwHighDateTime=0x1d6076d)) [0234.161] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp", piIcon=0x4e4ed50 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp", piIcon=0x4e4ed50) returned 0x490143 [0234.167] GetIconInfo (in: hIcon=0x490143, piconinfo=0x4e4ed3c | out: piconinfo=0x4e4ed3c) returned 1 [0234.167] CreateFileW (lpFileName="oOwM.ico" (normalized: "c:\\windows\\system32\\oowm.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.168] GetObjectA (in: h=0x6d050770, c=24, pv=0x4e4ed00 | out: pv=0x4e4ed00) returned 24 [0234.168] GetObjectA (in: h=0x110501fb, c=24, pv=0x4e4ed18 | out: pv=0x4e4ed18) returned 24 [0234.168] CreateCompatibleDC (hdc=0x0) returned 0xdc01018d [0234.168] GetDIBits (in: hdc=0xdc01018d, hbm=0x6d050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e8b0) returned 1 [0234.168] GetDIBits (in: hdc=0xdc01018d, hbm=0x6d050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4e8b0, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4e8b0) returned 32 [0234.168] GetDIBits (in: hdc=0xdc01018d, hbm=0x6d050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e488) returned 1 [0234.168] GetDIBits (in: hdc=0xdc01018d, hbm=0x110501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e488, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e488) returned 32 [0234.168] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e468*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e468*, lpNumberOfBytesWritten=0x4e4e450*=0x6, lpOverlapped=0x0) returned 1 [0234.169] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e458*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4e458*, lpNumberOfBytesWritten=0x4e4e450*=0x10, lpOverlapped=0x0) returned 1 [0234.169] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ecd8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x4e4ecd8*, lpNumberOfBytesWritten=0x4e4e450*=0x28, lpOverlapped=0x0) returned 1 [0234.169] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e450*=0x1000, lpOverlapped=0x0) returned 1 [0234.169] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e450, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e450*=0x80, lpOverlapped=0x0) returned 1 [0234.169] DeleteDC (hdc=0xdc01018d) returned 1 [0234.169] CloseHandle (hObject=0x126c) returned 1 [0234.170] DeleteObject (ho=0x6d050770) returned 1 [0234.170] DeleteObject (ho=0x110501fb) returned 1 [0234.170] DestroyCursor (hCursor=0x490143) returned 1 [0234.170] GetCurrentThreadId () returned 0x6f8 [0234.170] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.170] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0234.175] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f03c, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f03c*=0xc038, lpOverlapped=0x0) returned 1 [0234.175] CloseHandle (hObject=0x126c) returned 1 [0234.175] GetCurrentThreadId () returned 0x6f8 [0234.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0x10341230, dwHighDateTime=0x1d6076d)) [0234.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec9c | out: lpSystemTimeAsFileTime=0x4e4ec9c*(dwLowDateTime=0x10341230, dwHighDateTime=0x1d6076d)) [0234.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ecb8 | out: lpSystemTimeAsFileTime=0x4e4ecb8*(dwLowDateTime=0x10341230, dwHighDateTime=0x1d6076d)) [0234.224] GetCurrentThreadId () returned 0x6f8 [0234.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0x103b3650, dwHighDateTime=0x1d6076d)) [0234.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ec6c | out: lpSystemTimeAsFileTime=0x4e4ec6c*(dwLowDateTime=0x103b3650, dwHighDateTime=0x1d6076d)) [0234.224] GetCurrentThreadId () returned 0x6f8 [0234.224] CreateFileW (lpFileName="wwYe.exe" (normalized: "c:\\windows\\system32\\wwye.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.225] CreateFileW (lpFileName="wwYe.exe" (normalized: "c:\\windows\\system32\\wwye.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.225] GetCurrentThreadId () returned 0x6f8 [0234.225] GetCurrentThreadId () returned 0x6f8 [0234.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0x103b3650, dwHighDateTime=0x1d6076d)) [0234.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed2c | out: lpSystemTimeAsFileTime=0x4e4ed2c*(dwLowDateTime=0x103b3650, dwHighDateTime=0x1d6076d)) [0234.225] CreateFileW (lpFileName="wwYe.exe" (normalized: "c:\\windows\\system32\\wwye.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.225] GetCurrentThreadId () returned 0x6f8 [0234.225] BeginUpdateResourceW (pFileName="wwYe.exe" (normalized: "c:\\windows\\system32\\wwye.exe"), bDeleteExistingResources=0) returned 0x0 [0234.225] CreateFileW (lpFileName="oOwM.ico" (normalized: "c:\\windows\\system32\\oowm.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0234.226] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0234.226] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4ed50, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4ed50*=0x10be, lpOverlapped=0x0) returned 1 [0234.226] CloseHandle (hObject=0x126c) returned 1 [0234.226] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0234.226] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4ed3c, cb=0x14) returned 0 [0234.226] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0234.226] CopyFileW (lpExistingFileName="wwYe.exe" (normalized: "c:\\windows\\system32\\wwye.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp.exe"), bFailIfExists=0) returned 0 [0234.226] SetNamedSecurityInfoW () returned 0x2 [0234.227] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp")) returned 0 [0234.227] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4ed94*=0xa4, lpOverlapped=0x0) returned 1 [0234.227] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4ed94, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4ed94*=0x4, lpOverlapped=0x0) returned 1 [0234.227] DeleteFileW (lpFileName="oOwM.ico" (normalized: "c:\\windows\\system32\\oowm.ico")) returned 1 [0234.228] DeleteFileW (lpFileName="wwYe.exe" (normalized: "c:\\windows\\system32\\wwye.exe")) returned 0 [0234.228] GetCurrentThreadId () returned 0x6f8 [0234.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ed44 | out: lpSystemTimeAsFileTime=0x4e4ed44*(dwLowDateTime=0x103b3650, dwHighDateTime=0x1d6076d)) [0234.228] GetCurrentThreadId () returned 0x6f8 [0234.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x103b3650, dwHighDateTime=0x1d6076d)) [0234.228] FindNextFileW (in: hFindFile=0x8036058, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd354d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="usertile44.bmp", cAlternateFileName="")) returned 0 [0234.228] GetCurrentThreadId () returned 0x6f8 [0234.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x103b3650, dwHighDateTime=0x1d6076d)) [0234.228] FindNextFileW (in: hFindFile=0x8036018, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="guest.bmp", cAlternateFileName="")) returned 1 [0234.228] GetCurrentThreadId () returned 0x6f8 [0234.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x103b3650, dwHighDateTime=0x1d6076d)) [0234.229] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp")) returned 0x20 [0234.229] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", dwFileAttributes=0x80) returned 0 [0234.229] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.229] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0234.234] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0234.236] GetCurrentThreadId () returned 0x6f8 [0234.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x103d97b0, dwHighDateTime=0x1d6076d)) [0234.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x103d97b0, dwHighDateTime=0x1d6076d)) [0234.236] GetCurrentThreadId () returned 0x6f8 [0234.236] CloseHandle (hObject=0x126c) returned 1 [0234.236] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", dwFileAttributes=0x20) returned 0 [0234.236] GetCurrentThreadId () returned 0x6f8 [0234.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x103d97b0, dwHighDateTime=0x1d6076d)) [0234.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x103d97b0, dwHighDateTime=0x1d6076d)) [0234.237] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", piIcon=0x4e4efc4) returned 0x4a0143 [0234.242] GetIconInfo (in: hIcon=0x4a0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0234.242] CreateFileW (lpFileName="auYY.ico" (normalized: "c:\\windows\\system32\\auyy.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.243] GetObjectA (in: h=0x2050763, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0234.243] GetObjectA (in: h=0xba050776, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0234.243] CreateCompatibleDC (hdc=0x0) returned 0xb7010772 [0234.243] GetDIBits (in: hdc=0xb7010772, hbm=0x2050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0234.243] GetDIBits (in: hdc=0xb7010772, hbm=0x2050763, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0234.243] GetDIBits (in: hdc=0xb7010772, hbm=0x2050763, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0234.243] GetDIBits (in: hdc=0xb7010772, hbm=0xba050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0234.244] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0234.245] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0234.245] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0234.245] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0234.245] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0234.245] DeleteDC (hdc=0xb7010772) returned 1 [0234.245] CloseHandle (hObject=0x126c) returned 1 [0234.246] DeleteObject (ho=0x2050763) returned 1 [0234.246] DeleteObject (ho=0xba050776) returned 1 [0234.246] DestroyCursor (hCursor=0x4a0143) returned 1 [0234.246] GetCurrentThreadId () returned 0x6f8 [0234.246] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.246] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0234.251] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0234.251] CloseHandle (hObject=0x126c) returned 1 [0234.251] GetCurrentThreadId () returned 0x6f8 [0234.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x103ff910, dwHighDateTime=0x1d6076d)) [0234.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x103ff910, dwHighDateTime=0x1d6076d)) [0234.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x103ff910, dwHighDateTime=0x1d6076d)) [0234.399] GetCurrentThreadId () returned 0x6f8 [0234.403] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x10556570, dwHighDateTime=0x1d6076d)) [0234.403] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x10556570, dwHighDateTime=0x1d6076d)) [0234.407] GetCurrentThreadId () returned 0x6f8 [0234.407] CreateFileW (lpFileName="AcQS.exe" (normalized: "c:\\windows\\system32\\acqs.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.429] CreateFileW (lpFileName="AcQS.exe" (normalized: "c:\\windows\\system32\\acqs.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.430] GetCurrentThreadId () returned 0x6f8 [0234.434] GetCurrentThreadId () returned 0x6f8 [0234.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x105a2830, dwHighDateTime=0x1d6076d)) [0234.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x105a2830, dwHighDateTime=0x1d6076d)) [0234.434] CreateFileW (lpFileName="AcQS.exe" (normalized: "c:\\windows\\system32\\acqs.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.450] GetCurrentThreadId () returned 0x6f8 [0234.450] BeginUpdateResourceW (pFileName="AcQS.exe" (normalized: "c:\\windows\\system32\\acqs.exe"), bDeleteExistingResources=0) returned 0x0 [0234.450] CreateFileW (lpFileName="auYY.ico" (normalized: "c:\\windows\\system32\\auyy.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0234.451] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0234.451] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0234.451] CloseHandle (hObject=0x126c) returned 1 [0234.451] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0234.451] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0234.451] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0234.451] CopyFileW (lpExistingFileName="AcQS.exe" (normalized: "c:\\windows\\system32\\acqs.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp.exe"), bFailIfExists=0) returned 0 [0234.452] SetNamedSecurityInfoW () returned 0x2 [0234.452] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp")) returned 0 [0234.452] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x78, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x78, lpOverlapped=0x0) returned 1 [0234.452] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0234.453] DeleteFileW (lpFileName="auYY.ico" (normalized: "c:\\windows\\system32\\auyy.ico")) returned 1 [0234.454] DeleteFileW (lpFileName="AcQS.exe" (normalized: "c:\\windows\\system32\\acqs.exe")) returned 0 [0234.454] GetCurrentThreadId () returned 0x6f8 [0234.454] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x105eeaf0, dwHighDateTime=0x1d6076d)) [0234.457] GetCurrentThreadId () returned 0x6f8 [0234.457] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x105eeaf0, dwHighDateTime=0x1d6076d)) [0234.457] FindNextFileW (in: hFindFile=0x8036018, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="user.bmp", cAlternateFileName="")) returned 1 [0234.457] GetCurrentThreadId () returned 0x6f8 [0234.457] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x105eeaf0, dwHighDateTime=0x1d6076d)) [0234.459] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp")) returned 0x20 [0234.498] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp", dwFileAttributes=0x80) returned 0 [0234.498] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.498] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0234.503] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xc038, lpOverlapped=0x0) returned 1 [0234.504] GetCurrentThreadId () returned 0x6f8 [0234.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x10660f10, dwHighDateTime=0x1d6076d)) [0234.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x10660f10, dwHighDateTime=0x1d6076d)) [0234.504] GetCurrentThreadId () returned 0x6f8 [0234.504] CloseHandle (hObject=0x126c) returned 1 [0234.505] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp", dwFileAttributes=0x20) returned 0 [0234.505] GetCurrentThreadId () returned 0x6f8 [0234.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x10660f10, dwHighDateTime=0x1d6076d)) [0234.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x10660f10, dwHighDateTime=0x1d6076d)) [0234.505] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp", piIcon=0x4e4efc4) returned 0x4b0143 [0234.512] GetIconInfo (in: hIcon=0x4b0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0234.512] CreateFileW (lpFileName="KWoQ.ico" (normalized: "c:\\windows\\system32\\kwoq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.513] GetObjectA (in: h=0x650501fa, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0234.513] GetObjectA (in: h=0x71050770, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0234.513] CreateCompatibleDC (hdc=0x0) returned 0xe101018d [0234.513] GetDIBits (in: hdc=0xe101018d, hbm=0x650501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0234.513] GetDIBits (in: hdc=0xe101018d, hbm=0x650501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0234.513] GetDIBits (in: hdc=0xe101018d, hbm=0x650501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0234.513] GetDIBits (in: hdc=0xe101018d, hbm=0x71050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0234.513] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0234.514] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0234.514] WriteFile (in: hFile=0x126c, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0234.514] WriteFile (in: hFile=0x126c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0234.515] WriteFile (in: hFile=0x126c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0234.515] DeleteDC (hdc=0xe101018d) returned 1 [0234.515] CloseHandle (hObject=0x126c) returned 1 [0234.515] DeleteObject (ho=0x650501fa) returned 1 [0234.515] DeleteObject (ho=0x71050770) returned 1 [0234.515] DestroyCursor (hCursor=0x4b0143) returned 1 [0234.515] GetCurrentThreadId () returned 0x6f8 [0234.515] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x126c [0234.515] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0234.520] ReadFile (in: hFile=0x126c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xc038, lpOverlapped=0x0) returned 1 [0234.521] CloseHandle (hObject=0x126c) returned 1 [0234.521] GetCurrentThreadId () returned 0x6f8 [0234.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x10687070, dwHighDateTime=0x1d6076d)) [0234.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x10687070, dwHighDateTime=0x1d6076d)) [0234.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x10687070, dwHighDateTime=0x1d6076d)) [0234.761] GetCurrentThreadId () returned 0x6f8 [0234.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x108c2510, dwHighDateTime=0x1d6076d)) [0234.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x108c2510, dwHighDateTime=0x1d6076d)) [0234.762] GetCurrentThreadId () returned 0x6f8 [0234.762] CreateFileW (lpFileName="YUMq.exe" (normalized: "c:\\windows\\system32\\yumq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.762] CreateFileW (lpFileName="YUMq.exe" (normalized: "c:\\windows\\system32\\yumq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.764] GetCurrentThreadId () returned 0x6f8 [0234.764] GetCurrentThreadId () returned 0x6f8 [0234.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x108e8670, dwHighDateTime=0x1d6076d)) [0234.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x108e8670, dwHighDateTime=0x1d6076d)) [0234.764] CreateFileW (lpFileName="YUMq.exe" (normalized: "c:\\windows\\system32\\yumq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.764] GetCurrentThreadId () returned 0x6f8 [0234.764] BeginUpdateResourceW (pFileName="YUMq.exe" (normalized: "c:\\windows\\system32\\yumq.exe"), bDeleteExistingResources=0) returned 0x0 [0234.764] CreateFileW (lpFileName="KWoQ.ico" (normalized: "c:\\windows\\system32\\kwoq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0234.764] GetFileSize (in: hFile=0x126c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0234.765] ReadFile (in: hFile=0x126c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0234.765] CloseHandle (hObject=0x126c) returned 1 [0234.765] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0234.765] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0234.765] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0234.765] CopyFileW (lpExistingFileName="YUMq.exe" (normalized: "c:\\windows\\system32\\yumq.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp.exe"), bFailIfExists=0) returned 0 [0234.766] SetNamedSecurityInfoW () returned 0x2 [0234.766] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp")) returned 0 [0234.766] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x76, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x76, lpOverlapped=0x0) returned 1 [0234.766] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0234.766] DeleteFileW (lpFileName="KWoQ.ico" (normalized: "c:\\windows\\system32\\kwoq.ico")) returned 1 [0234.800] DeleteFileW (lpFileName="YUMq.exe" (normalized: "c:\\windows\\system32\\yumq.exe")) returned 0 [0234.800] GetCurrentThreadId () returned 0x6f8 [0234.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.800] GetCurrentThreadId () returned 0x6f8 [0234.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.801] FindNextFileW (in: hFindFile=0x8036018, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x0, cFileName="user.bmp", cAlternateFileName="")) returned 0 [0234.801] GetCurrentThreadId () returned 0x6f8 [0234.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.801] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0234.801] GetCurrentThreadId () returned 0x6f8 [0234.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.801] GetCurrentThreadId () returned 0x6f8 [0234.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.801] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Vault\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036098 [0234.801] GetCurrentThreadId () returned 0x6f8 [0234.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.801] FindNextFileW (in: hFindFile=0x8036098, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.801] GetCurrentThreadId () returned 0x6f8 [0234.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.802] FindNextFileW (in: hFindFile=0x8036098, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0234.802] GetCurrentThreadId () returned 0x6f8 [0234.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.802] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISIO", cAlternateFileName="")) returned 1 [0234.802] GetCurrentThreadId () returned 0x6f8 [0234.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.802] GetCurrentThreadId () returned 0x6f8 [0234.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.802] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\VISIO\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80360d8 [0234.802] GetCurrentThreadId () returned 0x6f8 [0234.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.802] FindNextFileW (in: hFindFile=0x80360d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.802] GetCurrentThreadId () returned 0x6f8 [0234.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.802] FindNextFileW (in: hFindFile=0x80360d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0234.802] GetCurrentThreadId () returned 0x6f8 [0234.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.802] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0234.803] GetCurrentThreadId () returned 0x6f8 [0234.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.803] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x591e8ca0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0x591e8ca0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0234.803] GetCurrentThreadId () returned 0x6f8 [0234.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.803] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0234.803] GetCurrentThreadId () returned 0x6f8 [0234.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.803] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0234.803] GetCurrentThreadId () returned 0x6f8 [0234.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.803] GetCurrentThreadId () returned 0x6f8 [0234.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.803] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036118 [0234.803] GetCurrentThreadId () returned 0x6f8 [0234.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.803] FindNextFileW (in: hFindFile=0x8036118, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.803] GetCurrentThreadId () returned 0x6f8 [0234.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.803] FindNextFileW (in: hFindFile=0x8036118, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0234.804] GetCurrentThreadId () returned 0x6f8 [0234.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.804] GetCurrentThreadId () returned 0x6f8 [0234.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.804] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036158 [0234.804] GetCurrentThreadId () returned 0x6f8 [0234.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.804] FindNextFileW (in: hFindFile=0x8036158, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.804] GetCurrentThreadId () returned 0x6f8 [0234.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.804] FindNextFileW (in: hFindFile=0x8036158, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0234.804] GetCurrentThreadId () returned 0x6f8 [0234.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.804] FindNextFileW (in: hFindFile=0x8036118, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 0 [0234.804] GetCurrentThreadId () returned 0x6f8 [0234.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.804] FindNextFileW (in: hFindFile=0x8034418, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 0 [0234.804] GetCurrentThreadId () returned 0x6f8 [0234.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.804] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0234.805] GetCurrentThreadId () returned 0x6f8 [0234.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.805] GetCurrentThreadId () returned 0x6f8 [0234.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.805] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft Help\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036198 [0234.805] GetCurrentThreadId () returned 0x6f8 [0234.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.805] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.806] GetCurrentThreadId () returned 0x6f8 [0234.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.806] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x896b9210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x896b9210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hx.hxn", cAlternateFileName="")) returned 1 [0234.806] GetCurrentThreadId () returned 0x6f8 [0234.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.806] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa72fc10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa72fc10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.EXCEL.14.1033.hxn", cAlternateFileName="MSEXCE~1.HXN")) returned 1 [0234.806] GetCurrentThreadId () returned 0x6f8 [0234.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.806] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa755d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa755d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.EXCEL.DEV.14.1033.hxn", cAlternateFileName="MSEXCE~2.HXN")) returned 1 [0234.806] GetCurrentThreadId () returned 0x6f8 [0234.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.806] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.GRAPH.14.1033.hxn", cAlternateFileName="MSGRAP~1.HXN")) returned 1 [0234.806] GetCurrentThreadId () returned 0x6f8 [0234.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.806] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfd789af0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd789af0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfd822070, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.GROOVE.14.1033.hxn", cAlternateFileName="MSGROO~1.HXN")) returned 1 [0234.806] GetCurrentThreadId () returned 0x6f8 [0234.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.806] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x11446a50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.INFOPATH.14.1033.hxn", cAlternateFileName="MSINFO~1.HXN")) returned 1 [0234.806] GetCurrentThreadId () returned 0x6f8 [0234.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.806] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1146cbb0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.INFOPATHEDITOR.14.1033.hxn", cAlternateFileName="MSINFO~2.HXN")) returned 1 [0234.806] GetCurrentThreadId () returned 0x6f8 [0234.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.807] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSACCESS.14.1033.hxn", cAlternateFileName="MSMSAC~1.HXN")) returned 1 [0234.807] GetCurrentThreadId () returned 0x6f8 [0234.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.807] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSACCESS.DEV.14.1033.hxn", cAlternateFileName="MSMSAC~2.HXN")) returned 1 [0234.807] GetCurrentThreadId () returned 0x6f8 [0234.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.807] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSOUC.14.1033.hxn", cAlternateFileName="MSMSOU~1.HXN")) returned 1 [0234.807] GetCurrentThreadId () returned 0x6f8 [0234.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.807] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSPUB.14.1033.hxn", cAlternateFileName="MSMSPU~1.HXN")) returned 1 [0234.807] GetCurrentThreadId () returned 0x6f8 [0234.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.807] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSPUB.DEV.14.1033.hxn", cAlternateFileName="MSMSPU~2.HXN")) returned 1 [0234.807] GetCurrentThreadId () returned 0x6f8 [0234.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.807] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.MSTORE.14.1033.hxn", cAlternateFileName="MSMSTO~1.HXN")) returned 1 [0234.807] GetCurrentThreadId () returned 0x6f8 [0234.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.807] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x13a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.OIS.14.1033.hxn", cAlternateFileName="MSOIS1~1.HXN")) returned 1 [0234.807] GetCurrentThreadId () returned 0x6f8 [0234.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.807] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xc997810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc997810, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc9e3ad0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.ONENOTE.14.1033.hxn", cAlternateFileName="MSONEN~1.HXN")) returned 1 [0234.808] GetCurrentThreadId () returned 0x6f8 [0234.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.808] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2689510, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.OUTLOOK.14.1033.hxn", cAlternateFileName="MSOUTL~1.HXN")) returned 1 [0234.808] GetCurrentThreadId () returned 0x6f8 [0234.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.808] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x26af670, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.OUTLOOK.DEV.14.1033.hxn", cAlternateFileName="MSOUTL~2.HXN")) returned 1 [0234.808] GetCurrentThreadId () returned 0x6f8 [0234.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.808] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.POWERPNT.14.1033.hxn", cAlternateFileName="MSPOWE~1.HXN")) returned 1 [0234.808] GetCurrentThreadId () returned 0x6f8 [0234.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.808] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.POWERPNT.DEV.14.1033.hxn", cAlternateFileName="MSPOWE~2.HXN")) returned 1 [0234.808] GetCurrentThreadId () returned 0x6f8 [0234.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.808] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.SETLANG.14.1033.hxn", cAlternateFileName="MSSETL~1.HXN")) returned 1 [0234.808] GetCurrentThreadId () returned 0x6f8 [0234.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.808] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x5269fec0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.VISIO.14.1033.hxn", cAlternateFileName="MSVISI~1.HXN")) returned 1 [0234.808] GetCurrentThreadId () returned 0x6f8 [0234.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.808] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.VISIO.DEV.14.1033.hxn", cAlternateFileName="MSVISI~3.HXN")) returned 1 [0234.808] GetCurrentThreadId () returned 0x6f8 [0234.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.808] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52738440, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.VISIO.SHAPESHEET.14.1033.hxn", cAlternateFileName="MSVISI~4.HXN")) returned 1 [0234.809] GetCurrentThreadId () returned 0x6f8 [0234.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.809] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52738440, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.VISIO_PRM.14.1033.hxn", cAlternateFileName="MSE1C9~1.HXN")) returned 1 [0234.809] GetCurrentThreadId () returned 0x6f8 [0234.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.809] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.VISIO_STD.14.1033.hxn", cAlternateFileName="MSVISI~2.HXN")) returned 1 [0234.809] GetCurrentThreadId () returned 0x6f8 [0234.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.809] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf7d9300, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.WINPROJ.14.1033.hxn", cAlternateFileName="MSWINP~1.HXN")) returned 1 [0234.809] GetCurrentThreadId () returned 0x6f8 [0234.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.809] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf7d9300, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.WINPROJ.DEV.14.1033.hxn", cAlternateFileName="MSWINP~2.HXN")) returned 1 [0234.809] GetCurrentThreadId () returned 0x6f8 [0234.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.809] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1e6f0550, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.WINWORD.14.1033.hxn", cAlternateFileName="MSWINW~1.HXN")) returned 1 [0234.809] GetCurrentThreadId () returned 0x6f8 [0234.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.809] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1e6f0550, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.WINWORD.DEV.14.1033.hxn", cAlternateFileName="MSWINW~2.HXN")) returned 1 [0234.809] GetCurrentThreadId () returned 0x6f8 [0234.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.809] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x21dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="nslist.hxl", cAlternateFileName="")) returned 1 [0234.809] GetCurrentThreadId () returned 0x6f8 [0234.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.810] FindNextFileW (in: hFindFile=0x8036198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x21dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="nslist.hxl", cAlternateFileName="")) returned 0 [0234.810] GetCurrentThreadId () returned 0x6f8 [0234.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.810] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0234.810] GetCurrentThreadId () returned 0x6f8 [0234.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.810] GetCurrentThreadId () returned 0x6f8 [0234.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1090e7d0, dwHighDateTime=0x1d6076d)) [0234.810] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80361d8 [0234.810] GetCurrentThreadId () returned 0x6f8 [0234.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.810] FindNextFileW (in: hFindFile=0x80361d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.811] GetCurrentThreadId () returned 0x6f8 [0234.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.811] FindNextFileW (in: hFindFile=0x80361d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 1 [0234.811] GetCurrentThreadId () returned 0x6f8 [0234.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.811] GetCurrentThreadId () returned 0x6f8 [0234.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.811] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036218 [0234.811] GetCurrentThreadId () returned 0x6f8 [0234.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.811] FindNextFileW (in: hFindFile=0x8036218, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.811] GetCurrentThreadId () returned 0x6f8 [0234.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.811] FindNextFileW (in: hFindFile=0x8036218, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 1 [0234.811] GetCurrentThreadId () returned 0x6f8 [0234.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.811] FindNextFileW (in: hFindFile=0x8036218, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 0 [0234.811] GetCurrentThreadId () returned 0x6f8 [0234.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.812] FindNextFileW (in: hFindFile=0x80361d8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 0 [0234.812] GetCurrentThreadId () returned 0x6f8 [0234.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.812] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Oracle", cAlternateFileName="")) returned 1 [0234.812] GetCurrentThreadId () returned 0x6f8 [0234.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.812] GetCurrentThreadId () returned 0x6f8 [0234.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.812] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036258 [0234.812] GetCurrentThreadId () returned 0x6f8 [0234.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.812] FindNextFileW (in: hFindFile=0x8036258, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.812] GetCurrentThreadId () returned 0x6f8 [0234.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.812] FindNextFileW (in: hFindFile=0x8036258, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0234.812] GetCurrentThreadId () returned 0x6f8 [0234.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.812] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0234.813] GetCurrentThreadId () returned 0x6f8 [0234.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.813] GetCurrentThreadId () returned 0x6f8 [0234.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.813] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036298 [0234.813] GetCurrentThreadId () returned 0x6f8 [0234.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.813] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.813] GetCurrentThreadId () returned 0x6f8 [0234.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.813] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cAlternateFileName="42D5BE~1")) returned 1 [0234.813] GetCurrentThreadId () returned 0x6f8 [0234.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.813] GetCurrentThreadId () returned 0x6f8 [0234.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.813] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80362d8 [0234.814] GetCurrentThreadId () returned 0x6f8 [0234.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.814] FindNextFileW (in: hFindFile=0x80362d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.814] GetCurrentThreadId () returned 0x6f8 [0234.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.814] FindNextFileW (in: hFindFile=0x80362d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0234.814] GetCurrentThreadId () returned 0x6f8 [0234.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.814] GetCurrentThreadId () returned 0x6f8 [0234.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.814] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036318 [0234.814] GetCurrentThreadId () returned 0x6f8 [0234.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.814] FindNextFileW (in: hFindFile=0x8036318, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.815] GetCurrentThreadId () returned 0x6f8 [0234.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.815] FindNextFileW (in: hFindFile=0x8036318, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 1 [0234.815] GetCurrentThreadId () returned 0x6f8 [0234.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.815] GetCurrentThreadId () returned 0x6f8 [0234.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.815] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036358 [0234.815] GetCurrentThreadId () returned 0x6f8 [0234.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.815] FindNextFileW (in: hFindFile=0x8036358, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.815] GetCurrentThreadId () returned 0x6f8 [0234.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.815] FindNextFileW (in: hFindFile=0x8036358, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 1 [0234.815] GetCurrentThreadId () returned 0x6f8 [0234.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.816] GetCurrentThreadId () returned 0x6f8 [0234.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.816] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036398 [0234.816] GetCurrentThreadId () returned 0x6f8 [0234.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.816] FindNextFileW (in: hFindFile=0x8036398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.816] GetCurrentThreadId () returned 0x6f8 [0234.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.816] FindNextFileW (in: hFindFile=0x8036398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x59d2100, ftLastWriteTime.dwHighDateTime=0x1d0a100, nFileSizeHigh=0x0, nFileSizeLow=0xf7139, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0234.816] GetCurrentThreadId () returned 0x6f8 [0234.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.816] FindNextFileW (in: hFindFile=0x8036398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x59d2100, ftLastWriteTime.dwHighDateTime=0x1d0a100, nFileSizeHigh=0x0, nFileSizeLow=0xf7139, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 0 [0234.816] GetCurrentThreadId () returned 0x6f8 [0234.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.817] FindNextFileW (in: hFindFile=0x8036358, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 0 [0234.817] GetCurrentThreadId () returned 0x6f8 [0234.817] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.817] FindNextFileW (in: hFindFile=0x8036318, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 0 [0234.817] GetCurrentThreadId () returned 0x6f8 [0234.817] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.817] FindNextFileW (in: hFindFile=0x80362d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0234.817] GetCurrentThreadId () returned 0x6f8 [0234.817] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.817] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cAlternateFileName="54050A~1")) returned 1 [0234.817] GetCurrentThreadId () returned 0x6f8 [0234.817] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.817] GetCurrentThreadId () returned 0x6f8 [0234.817] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.817] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80363d8 [0234.817] GetCurrentThreadId () returned 0x6f8 [0234.817] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.817] FindNextFileW (in: hFindFile=0x80363d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.818] GetCurrentThreadId () returned 0x6f8 [0234.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.818] FindNextFileW (in: hFindFile=0x80363d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0234.818] GetCurrentThreadId () returned 0x6f8 [0234.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.818] GetCurrentThreadId () returned 0x6f8 [0234.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.818] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036418 [0234.818] GetCurrentThreadId () returned 0x6f8 [0234.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.818] FindNextFileW (in: hFindFile=0x8036418, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.821] GetCurrentThreadId () returned 0x6f8 [0234.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.821] FindNextFileW (in: hFindFile=0x8036418, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 1 [0234.821] GetCurrentThreadId () returned 0x6f8 [0234.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.821] GetCurrentThreadId () returned 0x6f8 [0234.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.821] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036458 [0234.821] GetCurrentThreadId () returned 0x6f8 [0234.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.821] FindNextFileW (in: hFindFile=0x8036458, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.821] GetCurrentThreadId () returned 0x6f8 [0234.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.821] FindNextFileW (in: hFindFile=0x8036458, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 1 [0234.822] GetCurrentThreadId () returned 0x6f8 [0234.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.822] GetCurrentThreadId () returned 0x6f8 [0234.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.822] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036498 [0234.822] GetCurrentThreadId () returned 0x6f8 [0234.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.822] FindNextFileW (in: hFindFile=0x8036498, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.822] GetCurrentThreadId () returned 0x6f8 [0234.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.822] FindNextFileW (in: hFindFile=0x8036498, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x9ab54b00, ftLastWriteTime.dwHighDateTime=0x1d1a02d, nFileSizeHigh=0x0, nFileSizeLow=0xfc93c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0234.822] GetCurrentThreadId () returned 0x6f8 [0234.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.822] FindNextFileW (in: hFindFile=0x8036498, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x9ab54b00, ftLastWriteTime.dwHighDateTime=0x1d1a02d, nFileSizeHigh=0x0, nFileSizeLow=0xfc93c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 0 [0234.822] GetCurrentThreadId () returned 0x6f8 [0234.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.822] FindNextFileW (in: hFindFile=0x8036458, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 0 [0234.822] GetCurrentThreadId () returned 0x6f8 [0234.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.822] FindNextFileW (in: hFindFile=0x8036418, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 0 [0234.822] GetCurrentThreadId () returned 0x6f8 [0234.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.823] FindNextFileW (in: hFindFile=0x80363d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0234.823] GetCurrentThreadId () returned 0x6f8 [0234.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.823] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cAlternateFileName="{13A4E~1.210")) returned 1 [0234.823] GetCurrentThreadId () returned 0x6f8 [0234.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.823] GetCurrentThreadId () returned 0x6f8 [0234.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10934930, dwHighDateTime=0x1d6076d)) [0234.823] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80364d8 [0234.823] GetCurrentThreadId () returned 0x6f8 [0234.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.827] FindNextFileW (in: hFindFile=0x80364d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.827] GetCurrentThreadId () returned 0x6f8 [0234.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.827] FindNextFileW (in: hFindFile=0x80364d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0234.828] GetCurrentThreadId () returned 0x6f8 [0234.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.828] GetCurrentThreadId () returned 0x6f8 [0234.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.828] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036518 [0234.828] GetCurrentThreadId () returned 0x6f8 [0234.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.828] FindNextFileW (in: hFindFile=0x8036518, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.828] GetCurrentThreadId () returned 0x6f8 [0234.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.828] FindNextFileW (in: hFindFile=0x8036518, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0234.828] GetCurrentThreadId () returned 0x6f8 [0234.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.828] GetCurrentThreadId () returned 0x6f8 [0234.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.828] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036558 [0234.829] GetCurrentThreadId () returned 0x6f8 [0234.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.829] FindNextFileW (in: hFindFile=0x8036558, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.829] GetCurrentThreadId () returned 0x6f8 [0234.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.829] FindNextFileW (in: hFindFile=0x8036558, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0xf36be, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0234.829] GetCurrentThreadId () returned 0x6f8 [0234.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.829] FindNextFileW (in: hFindFile=0x8036558, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0234.829] GetCurrentThreadId () returned 0x6f8 [0234.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.829] FindNextFileW (in: hFindFile=0x8036558, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0234.829] GetCurrentThreadId () returned 0x6f8 [0234.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.829] FindNextFileW (in: hFindFile=0x8036518, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0234.829] GetCurrentThreadId () returned 0x6f8 [0234.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.829] FindNextFileW (in: hFindFile=0x80364d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0234.829] GetCurrentThreadId () returned 0x6f8 [0234.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.830] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cAlternateFileName="{33D1F~1")) returned 1 [0234.830] GetCurrentThreadId () returned 0x6f8 [0234.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.830] GetCurrentThreadId () returned 0x6f8 [0234.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.830] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036598 [0234.830] GetCurrentThreadId () returned 0x6f8 [0234.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.830] FindNextFileW (in: hFindFile=0x8036598, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.830] GetCurrentThreadId () returned 0x6f8 [0234.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.830] FindNextFileW (in: hFindFile=0x8036598, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd314a0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf08b3aa0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0234.830] GetCurrentThreadId () returned 0x6f8 [0234.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.830] FindNextFileW (in: hFindFile=0x8036598, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0234.830] GetCurrentThreadId () returned 0x6f8 [0234.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.830] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe")) returned 0x20 [0234.831] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", dwFileAttributes=0x80) returned 0 [0234.831] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c0 [0234.831] GetFileSize (in: hFile=0x12c0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f428 [0234.836] ReadFile (in: hFile=0x12c0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6f428, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x6f428, lpOverlapped=0x0) returned 1 [0234.841] GetCurrentThreadId () returned 0x6f8 [0234.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x1095aa90, dwHighDateTime=0x1d6076d)) [0234.841] GetCurrentThreadId () returned 0x6f8 [0234.844] ExtractIconExW (in: lpszFile="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", nIconIndex=0, phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4, nIcons=0x1 | out: phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4) returned 0x2 [0234.851] DestroyCursor (hCursor=0x4c0143) returned 1 [0234.851] DestroyCursor (hCursor=0x36008b) returned 1 [0234.851] CloseHandle (hObject=0x12c0) returned 1 [0234.852] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", dwFileAttributes=0x20) returned 0 [0234.852] GetCurrentThreadId () returned 0x6f8 [0234.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x10980bf0, dwHighDateTime=0x1d6076d)) [0234.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x10980bf0, dwHighDateTime=0x1d6076d)) [0234.852] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", piIcon=0x4e4efc4) returned 0x37008b [0234.854] GetIconInfo (in: hIcon=0x37008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0234.854] CreateFileW (lpFileName="gyos.ico" (normalized: "c:\\windows\\system32\\gyos.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c0 [0234.855] GetObjectA (in: h=0xe705018d, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0234.855] GetObjectA (in: h=0xc3050776, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0234.855] CreateCompatibleDC (hdc=0x0) returned 0x1b0101fb [0234.855] GetDIBits (in: hdc=0x1b0101fb, hbm=0xe705018d, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0234.855] GetDIBits (in: hdc=0x1b0101fb, hbm=0xe705018d, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0234.855] GetDIBits (in: hdc=0x1b0101fb, hbm=0xe705018d, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0234.855] GetDIBits (in: hdc=0x1b0101fb, hbm=0xc3050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0234.855] WriteFile (in: hFile=0x12c0, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0234.856] WriteFile (in: hFile=0x12c0, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0234.856] WriteFile (in: hFile=0x12c0, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0234.856] WriteFile (in: hFile=0x12c0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0234.857] WriteFile (in: hFile=0x12c0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0234.857] DeleteDC (hdc=0x1b0101fb) returned 1 [0234.857] CloseHandle (hObject=0x12c0) returned 1 [0234.857] DeleteObject (ho=0xe705018d) returned 1 [0234.857] DeleteObject (ho=0xc3050776) returned 1 [0234.857] DestroyCursor (hCursor=0x37008b) returned 1 [0234.857] GetCurrentThreadId () returned 0x6f8 [0234.858] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c0 [0234.858] GetFileSize (in: hFile=0x12c0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f428 [0234.863] ReadFile (in: hFile=0x12c0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6f428, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x6f428, lpOverlapped=0x0) returned 1 [0234.867] CloseHandle (hObject=0x12c0) returned 1 [0234.867] GetCurrentThreadId () returned 0x6f8 [0234.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x109a6d50, dwHighDateTime=0x1d6076d)) [0234.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x109a6d50, dwHighDateTime=0x1d6076d)) [0234.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x109a6d50, dwHighDateTime=0x1d6076d)) [0234.964] GetCurrentThreadId () returned 0x6f8 [0234.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x10a8b590, dwHighDateTime=0x1d6076d)) [0234.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x10a8b590, dwHighDateTime=0x1d6076d)) [0234.964] GetCurrentThreadId () returned 0x6f8 [0234.964] CreateFileW (lpFileName="QUAW.exe" (normalized: "c:\\windows\\system32\\quaw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.965] CreateFileW (lpFileName="QUAW.exe" (normalized: "c:\\windows\\system32\\quaw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.965] GetCurrentThreadId () returned 0x6f8 [0234.965] GetCurrentThreadId () returned 0x6f8 [0234.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x10a8b590, dwHighDateTime=0x1d6076d)) [0234.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x10a8b590, dwHighDateTime=0x1d6076d)) [0234.965] CreateFileW (lpFileName="QUAW.exe" (normalized: "c:\\windows\\system32\\quaw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0234.965] GetCurrentThreadId () returned 0x6f8 [0234.966] BeginUpdateResourceW (pFileName="QUAW.exe" (normalized: "c:\\windows\\system32\\quaw.exe"), bDeleteExistingResources=0) returned 0x0 [0234.966] CreateFileW (lpFileName="gyos.ico" (normalized: "c:\\windows\\system32\\gyos.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c0 [0234.966] GetFileSize (in: hFile=0x12c0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0234.966] ReadFile (in: hFile=0x12c0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0234.966] CloseHandle (hObject=0x12c0) returned 1 [0234.966] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0234.967] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0234.967] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0234.967] CopyFileW (lpExistingFileName="QUAW.exe" (normalized: "c:\\windows\\system32\\quaw.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), bFailIfExists=0) returned 0 [0234.967] SetNamedSecurityInfoW () returned 0x5 [0234.967] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0xb0, lpOverlapped=0x0) returned 1 [0234.967] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0234.968] DeleteFileW (lpFileName="gyos.ico" (normalized: "c:\\windows\\system32\\gyos.ico")) returned 1 [0234.969] DeleteFileW (lpFileName="QUAW.exe" (normalized: "c:\\windows\\system32\\quaw.exe")) returned 0 [0234.969] GetCurrentThreadId () returned 0x6f8 [0234.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.969] GetCurrentThreadId () returned 0x6f8 [0234.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.969] FindNextFileW (in: hFindFile=0x8036598, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0234.969] GetCurrentThreadId () returned 0x6f8 [0234.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.969] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cAlternateFileName="{37B8F~1.610")) returned 1 [0234.969] GetCurrentThreadId () returned 0x6f8 [0234.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.970] GetCurrentThreadId () returned 0x6f8 [0234.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.970] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80365d8 [0234.970] GetCurrentThreadId () returned 0x6f8 [0234.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.970] FindNextFileW (in: hFindFile=0x80365d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.970] GetCurrentThreadId () returned 0x6f8 [0234.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.970] FindNextFileW (in: hFindFile=0x80365d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0234.970] GetCurrentThreadId () returned 0x6f8 [0234.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.970] GetCurrentThreadId () returned 0x6f8 [0234.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.970] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036618 [0234.971] GetCurrentThreadId () returned 0x6f8 [0234.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.971] FindNextFileW (in: hFindFile=0x8036618, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.971] GetCurrentThreadId () returned 0x6f8 [0234.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.971] FindNextFileW (in: hFindFile=0x8036618, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0234.971] GetCurrentThreadId () returned 0x6f8 [0234.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.971] GetCurrentThreadId () returned 0x6f8 [0234.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.971] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036658 [0234.971] GetCurrentThreadId () returned 0x6f8 [0234.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.971] FindNextFileW (in: hFindFile=0x8036658, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.971] GetCurrentThreadId () returned 0x6f8 [0234.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.971] FindNextFileW (in: hFindFile=0x8036658, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa87bcb00, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0xa87bcb00, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0xa87bcb00, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0x588124, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0234.971] GetCurrentThreadId () returned 0x6f8 [0234.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.971] FindNextFileW (in: hFindFile=0x8036658, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x4374a500, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0234.972] GetCurrentThreadId () returned 0x6f8 [0234.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.972] FindNextFileW (in: hFindFile=0x8036658, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x4374a500, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0234.972] GetCurrentThreadId () returned 0x6f8 [0234.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.972] FindNextFileW (in: hFindFile=0x8036618, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0234.972] GetCurrentThreadId () returned 0x6f8 [0234.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.972] FindNextFileW (in: hFindFile=0x80365d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0234.972] GetCurrentThreadId () returned 0x6f8 [0234.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.972] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cAlternateFileName="{3C3AA~1")) returned 1 [0234.972] GetCurrentThreadId () returned 0x6f8 [0234.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.972] GetCurrentThreadId () returned 0x6f8 [0234.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.972] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036698 [0234.972] GetCurrentThreadId () returned 0x6f8 [0234.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.973] FindNextFileW (in: hFindFile=0x8036698, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.973] GetCurrentThreadId () returned 0x6f8 [0234.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.973] FindNextFileW (in: hFindFile=0x8036698, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a127460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1c821ca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0234.973] GetCurrentThreadId () returned 0x6f8 [0234.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.973] FindNextFileW (in: hFindFile=0x8036698, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0234.973] GetCurrentThreadId () returned 0x6f8 [0234.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x10ab16f0, dwHighDateTime=0x1d6076d)) [0234.973] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe")) returned 0x20 [0234.973] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", dwFileAttributes=0x80) returned 0 [0234.973] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12d0 [0234.974] GetFileSize (in: hFile=0x12d0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x710a8 [0234.979] ReadFile (in: hFile=0x12d0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x710a8, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x710a8, lpOverlapped=0x0) returned 1 [0234.985] GetCurrentThreadId () returned 0x6f8 [0234.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x10ad7850, dwHighDateTime=0x1d6076d)) [0234.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x10ad7850, dwHighDateTime=0x1d6076d)) [0234.985] GetCurrentThreadId () returned 0x6f8 [0234.988] ExtractIconExW (in: lpszFile="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", nIconIndex=0, phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4, nIcons=0x1 | out: phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4) returned 0x2 [0234.995] DestroyCursor (hCursor=0x38008b) returned 1 [0234.995] DestroyCursor (hCursor=0x4d0143) returned 1 [0234.995] CloseHandle (hObject=0x12d0) returned 1 [0234.995] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", dwFileAttributes=0x20) returned 0 [0234.995] GetCurrentThreadId () returned 0x6f8 [0234.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x10ad7850, dwHighDateTime=0x1d6076d)) [0234.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x10ad7850, dwHighDateTime=0x1d6076d)) [0234.995] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", piIcon=0x4e4efc4) returned 0x4e0143 [0234.997] GetIconInfo (in: hIcon=0x4e0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0234.997] CreateFileW (lpFileName="YWEQ.ico" (normalized: "c:\\windows\\system32\\yweq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12d0 [0234.998] GetObjectA (in: h=0xc5050772, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0234.998] GetObjectA (in: h=0x220501fb, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0234.998] CreateCompatibleDC (hdc=0x0) returned 0x7c010770 [0234.998] GetDIBits (in: hdc=0x7c010770, hbm=0xc5050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0234.998] GetDIBits (in: hdc=0x7c010770, hbm=0xc5050772, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0234.998] GetDIBits (in: hdc=0x7c010770, hbm=0xc5050772, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0234.998] GetDIBits (in: hdc=0x7c010770, hbm=0x220501fb, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0234.998] WriteFile (in: hFile=0x12d0, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0235.000] WriteFile (in: hFile=0x12d0, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0235.000] WriteFile (in: hFile=0x12d0, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0235.000] WriteFile (in: hFile=0x12d0, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0235.000] WriteFile (in: hFile=0x12d0, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0235.000] DeleteDC (hdc=0x7c010770) returned 1 [0235.000] CloseHandle (hObject=0x12d0) returned 1 [0235.001] DeleteObject (ho=0xc5050772) returned 1 [0235.001] DeleteObject (ho=0x220501fb) returned 1 [0235.001] DestroyCursor (hCursor=0x4e0143) returned 1 [0235.001] GetCurrentThreadId () returned 0x6f8 [0235.001] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12d0 [0235.001] GetFileSize (in: hFile=0x12d0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x710a8 [0235.006] ReadFile (in: hFile=0x12d0, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x710a8, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x710a8, lpOverlapped=0x0) returned 1 [0235.010] CloseHandle (hObject=0x12d0) returned 1 [0235.010] GetCurrentThreadId () returned 0x6f8 [0235.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x10afd9b0, dwHighDateTime=0x1d6076d)) [0235.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x10afd9b0, dwHighDateTime=0x1d6076d)) [0235.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x10afd9b0, dwHighDateTime=0x1d6076d)) [0235.165] GetCurrentThreadId () returned 0x6f8 [0235.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x10c7a770, dwHighDateTime=0x1d6076d)) [0235.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x10c7a770, dwHighDateTime=0x1d6076d)) [0235.166] GetCurrentThreadId () returned 0x6f8 [0235.166] CreateFileW (lpFileName="Eksm.exe" (normalized: "c:\\windows\\system32\\eksm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.166] CreateFileW (lpFileName="Eksm.exe" (normalized: "c:\\windows\\system32\\eksm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.168] GetCurrentThreadId () returned 0x6f8 [0235.168] GetCurrentThreadId () returned 0x6f8 [0235.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x10c7a770, dwHighDateTime=0x1d6076d)) [0235.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x10c7a770, dwHighDateTime=0x1d6076d)) [0235.168] CreateFileW (lpFileName="Eksm.exe" (normalized: "c:\\windows\\system32\\eksm.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.168] GetCurrentThreadId () returned 0x6f8 [0235.168] BeginUpdateResourceW (pFileName="Eksm.exe" (normalized: "c:\\windows\\system32\\eksm.exe"), bDeleteExistingResources=0) returned 0x0 [0235.168] CreateFileW (lpFileName="YWEQ.ico" (normalized: "c:\\windows\\system32\\yweq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12d0 [0235.169] GetFileSize (in: hFile=0x12d0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0235.169] ReadFile (in: hFile=0x12d0, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0235.169] CloseHandle (hObject=0x12d0) returned 1 [0235.169] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0235.169] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0235.169] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0235.169] CopyFileW (lpExistingFileName="Eksm.exe" (normalized: "c:\\windows\\system32\\eksm.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), bFailIfExists=0) returned 0 [0235.170] SetNamedSecurityInfoW () returned 0x5 [0235.170] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0xb0, lpOverlapped=0x0) returned 1 [0235.170] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0235.170] DeleteFileW (lpFileName="YWEQ.ico" (normalized: "c:\\windows\\system32\\yweq.ico")) returned 1 [0235.172] DeleteFileW (lpFileName="Eksm.exe" (normalized: "c:\\windows\\system32\\eksm.exe")) returned 0 [0235.172] GetCurrentThreadId () returned 0x6f8 [0235.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.172] GetCurrentThreadId () returned 0x6f8 [0235.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.172] FindNextFileW (in: hFindFile=0x8036698, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0235.172] GetCurrentThreadId () returned 0x6f8 [0235.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.172] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cAlternateFileName="{582EA~1.250")) returned 1 [0235.172] GetCurrentThreadId () returned 0x6f8 [0235.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.172] GetCurrentThreadId () returned 0x6f8 [0235.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.173] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80366d8 [0235.173] GetCurrentThreadId () returned 0x6f8 [0235.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.173] FindNextFileW (in: hFindFile=0x80366d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.173] GetCurrentThreadId () returned 0x6f8 [0235.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.173] FindNextFileW (in: hFindFile=0x80366d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0235.173] GetCurrentThreadId () returned 0x6f8 [0235.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.173] GetCurrentThreadId () returned 0x6f8 [0235.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.173] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036718 [0235.173] GetCurrentThreadId () returned 0x6f8 [0235.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.174] FindNextFileW (in: hFindFile=0x8036718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.174] GetCurrentThreadId () returned 0x6f8 [0235.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.174] FindNextFileW (in: hFindFile=0x8036718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0235.174] GetCurrentThreadId () returned 0x6f8 [0235.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.174] GetCurrentThreadId () returned 0x6f8 [0235.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.174] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036758 [0235.174] GetCurrentThreadId () returned 0x6f8 [0235.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.174] FindNextFileW (in: hFindFile=0x8036758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.174] GetCurrentThreadId () returned 0x6f8 [0235.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.174] FindNextFileW (in: hFindFile=0x8036758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e8b00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd15e8b00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd15e8b00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x13babb, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0235.174] GetCurrentThreadId () returned 0x6f8 [0235.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.175] FindNextFileW (in: hFindFile=0x8036758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfb17b200, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0235.175] GetCurrentThreadId () returned 0x6f8 [0235.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.175] FindNextFileW (in: hFindFile=0x8036758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfb17b200, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0235.175] GetCurrentThreadId () returned 0x6f8 [0235.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.175] FindNextFileW (in: hFindFile=0x8036718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0235.175] GetCurrentThreadId () returned 0x6f8 [0235.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.175] FindNextFileW (in: hFindFile=0x80366d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0235.175] GetCurrentThreadId () returned 0x6f8 [0235.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.175] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cAlternateFileName="{68306~1.250")) returned 1 [0235.175] GetCurrentThreadId () returned 0x6f8 [0235.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.175] GetCurrentThreadId () returned 0x6f8 [0235.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.175] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036798 [0235.176] GetCurrentThreadId () returned 0x6f8 [0235.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.176] FindNextFileW (in: hFindFile=0x8036798, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.176] GetCurrentThreadId () returned 0x6f8 [0235.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.176] FindNextFileW (in: hFindFile=0x8036798, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0235.176] GetCurrentThreadId () returned 0x6f8 [0235.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.176] GetCurrentThreadId () returned 0x6f8 [0235.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.176] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80367d8 [0235.176] GetCurrentThreadId () returned 0x6f8 [0235.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.176] FindNextFileW (in: hFindFile=0x80367d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.176] GetCurrentThreadId () returned 0x6f8 [0235.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.176] FindNextFileW (in: hFindFile=0x80367d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0235.176] GetCurrentThreadId () returned 0x6f8 [0235.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.176] GetCurrentThreadId () returned 0x6f8 [0235.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.176] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036818 [0235.177] GetCurrentThreadId () returned 0x6f8 [0235.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.177] FindNextFileW (in: hFindFile=0x8036818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.177] GetCurrentThreadId () returned 0x6f8 [0235.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.177] FindNextFileW (in: hFindFile=0x8036818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c0e500, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd3c0e500, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd3c0e500, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x4f699e, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0235.177] GetCurrentThreadId () returned 0x6f8 [0235.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.177] FindNextFileW (in: hFindFile=0x8036818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfeab3900, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0235.177] GetCurrentThreadId () returned 0x6f8 [0235.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.177] FindNextFileW (in: hFindFile=0x8036818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfeab3900, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0235.177] GetCurrentThreadId () returned 0x6f8 [0235.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.177] FindNextFileW (in: hFindFile=0x80367d8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0235.177] GetCurrentThreadId () returned 0x6f8 [0235.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.177] FindNextFileW (in: hFindFile=0x8036798, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0235.177] GetCurrentThreadId () returned 0x6f8 [0235.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.177] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cAlternateFileName="{8D4F7~1.250")) returned 1 [0235.177] GetCurrentThreadId () returned 0x6f8 [0235.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.177] GetCurrentThreadId () returned 0x6f8 [0235.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.177] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036858 [0235.178] GetCurrentThreadId () returned 0x6f8 [0235.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.178] FindNextFileW (in: hFindFile=0x8036858, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.178] GetCurrentThreadId () returned 0x6f8 [0235.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.178] FindNextFileW (in: hFindFile=0x8036858, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0235.178] GetCurrentThreadId () returned 0x6f8 [0235.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.178] GetCurrentThreadId () returned 0x6f8 [0235.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.178] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036898 [0235.178] GetCurrentThreadId () returned 0x6f8 [0235.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.178] FindNextFileW (in: hFindFile=0x8036898, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.178] GetCurrentThreadId () returned 0x6f8 [0235.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.179] FindNextFileW (in: hFindFile=0x8036898, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0235.179] GetCurrentThreadId () returned 0x6f8 [0235.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.179] GetCurrentThreadId () returned 0x6f8 [0235.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.179] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80368d8 [0235.179] GetCurrentThreadId () returned 0x6f8 [0235.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.179] FindNextFileW (in: hFindFile=0x80368d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.179] GetCurrentThreadId () returned 0x6f8 [0235.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.179] FindNextFileW (in: hFindFile=0x80368d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c0e500, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd3c0e500, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd3c0e500, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x165257, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0235.179] GetCurrentThreadId () returned 0x6f8 [0235.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.179] FindNextFileW (in: hFindFile=0x80368d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfd7a0c00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0235.179] GetCurrentThreadId () returned 0x6f8 [0235.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.179] FindNextFileW (in: hFindFile=0x80368d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfd7a0c00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0235.180] GetCurrentThreadId () returned 0x6f8 [0235.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.180] FindNextFileW (in: hFindFile=0x8036898, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0235.180] GetCurrentThreadId () returned 0x6f8 [0235.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.180] FindNextFileW (in: hFindFile=0x8036858, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0235.180] GetCurrentThreadId () returned 0x6f8 [0235.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.180] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cAlternateFileName="{929FB~1.210")) returned 1 [0235.180] GetCurrentThreadId () returned 0x6f8 [0235.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.180] GetCurrentThreadId () returned 0x6f8 [0235.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.180] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036918 [0235.180] GetCurrentThreadId () returned 0x6f8 [0235.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.180] FindNextFileW (in: hFindFile=0x8036918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.180] GetCurrentThreadId () returned 0x6f8 [0235.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.180] FindNextFileW (in: hFindFile=0x8036918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0235.181] GetCurrentThreadId () returned 0x6f8 [0235.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.181] GetCurrentThreadId () returned 0x6f8 [0235.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.181] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036958 [0235.181] GetCurrentThreadId () returned 0x6f8 [0235.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.181] FindNextFileW (in: hFindFile=0x8036958, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.181] GetCurrentThreadId () returned 0x6f8 [0235.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.181] FindNextFileW (in: hFindFile=0x8036958, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0235.181] GetCurrentThreadId () returned 0x6f8 [0235.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.181] GetCurrentThreadId () returned 0x6f8 [0235.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.181] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036998 [0235.181] GetCurrentThreadId () returned 0x6f8 [0235.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.182] FindNextFileW (in: hFindFile=0x8036998, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.182] GetCurrentThreadId () returned 0x6f8 [0235.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.182] FindNextFileW (in: hFindFile=0x8036998, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c9b1b00, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7c9b1b00, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7c9b1b00, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x554520, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0235.182] GetCurrentThreadId () returned 0x6f8 [0235.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.182] FindNextFileW (in: hFindFile=0x8036998, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0235.182] GetCurrentThreadId () returned 0x6f8 [0235.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.182] FindNextFileW (in: hFindFile=0x8036998, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0235.182] GetCurrentThreadId () returned 0x6f8 [0235.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.182] FindNextFileW (in: hFindFile=0x8036958, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0235.182] GetCurrentThreadId () returned 0x6f8 [0235.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.182] FindNextFileW (in: hFindFile=0x8036918, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0235.182] GetCurrentThreadId () returned 0x6f8 [0235.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.182] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cAlternateFileName="{A749D~1.210")) returned 1 [0235.182] GetCurrentThreadId () returned 0x6f8 [0235.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.183] GetCurrentThreadId () returned 0x6f8 [0235.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.183] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80369d8 [0235.183] GetCurrentThreadId () returned 0x6f8 [0235.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.183] FindNextFileW (in: hFindFile=0x80369d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.183] GetCurrentThreadId () returned 0x6f8 [0235.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.183] FindNextFileW (in: hFindFile=0x80369d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0235.183] GetCurrentThreadId () returned 0x6f8 [0235.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.183] GetCurrentThreadId () returned 0x6f8 [0235.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.183] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036a18 [0235.183] GetCurrentThreadId () returned 0x6f8 [0235.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.183] FindNextFileW (in: hFindFile=0x8036a18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.184] GetCurrentThreadId () returned 0x6f8 [0235.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.184] FindNextFileW (in: hFindFile=0x8036a18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0235.184] GetCurrentThreadId () returned 0x6f8 [0235.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.184] GetCurrentThreadId () returned 0x6f8 [0235.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.184] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036a58 [0235.184] GetCurrentThreadId () returned 0x6f8 [0235.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.184] FindNextFileW (in: hFindFile=0x8036a58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.184] GetCurrentThreadId () returned 0x6f8 [0235.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.184] FindNextFileW (in: hFindFile=0x8036a58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b69ee00, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7b69ee00, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7b69ee00, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0xfc90a, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0235.184] GetCurrentThreadId () returned 0x6f8 [0235.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.184] FindNextFileW (in: hFindFile=0x8036a58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0235.184] GetCurrentThreadId () returned 0x6f8 [0235.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10ca08d0, dwHighDateTime=0x1d6076d)) [0235.186] FindNextFileW (in: hFindFile=0x8036a58, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0235.186] GetCurrentThreadId () returned 0x6f8 [0235.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.186] FindNextFileW (in: hFindFile=0x8036a18, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0235.186] GetCurrentThreadId () returned 0x6f8 [0235.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.186] FindNextFileW (in: hFindFile=0x80369d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0235.187] GetCurrentThreadId () returned 0x6f8 [0235.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.187] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cAlternateFileName="{B1755~1.610")) returned 1 [0235.187] GetCurrentThreadId () returned 0x6f8 [0235.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.187] GetCurrentThreadId () returned 0x6f8 [0235.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.187] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036a98 [0235.187] GetCurrentThreadId () returned 0x6f8 [0235.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.187] FindNextFileW (in: hFindFile=0x8036a98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.187] GetCurrentThreadId () returned 0x6f8 [0235.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.187] FindNextFileW (in: hFindFile=0x8036a98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0235.187] GetCurrentThreadId () returned 0x6f8 [0235.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.187] GetCurrentThreadId () returned 0x6f8 [0235.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.187] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036ad8 [0235.188] GetCurrentThreadId () returned 0x6f8 [0235.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.188] FindNextFileW (in: hFindFile=0x8036ad8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.188] GetCurrentThreadId () returned 0x6f8 [0235.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.188] FindNextFileW (in: hFindFile=0x8036ad8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0235.188] GetCurrentThreadId () returned 0x6f8 [0235.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.188] GetCurrentThreadId () returned 0x6f8 [0235.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.188] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036b18 [0235.188] GetCurrentThreadId () returned 0x6f8 [0235.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.188] FindNextFileW (in: hFindFile=0x8036b18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.188] GetCurrentThreadId () returned 0x6f8 [0235.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.189] FindNextFileW (in: hFindFile=0x8036b18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aae6600, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x8aae6600, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x8aae6600, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0x4ea418, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0235.189] GetCurrentThreadId () returned 0x6f8 [0235.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.189] FindNextFileW (in: hFindFile=0x8036b18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0235.189] GetCurrentThreadId () returned 0x6f8 [0235.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.189] FindNextFileW (in: hFindFile=0x8036b18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0235.189] GetCurrentThreadId () returned 0x6f8 [0235.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.189] FindNextFileW (in: hFindFile=0x8036ad8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0235.189] GetCurrentThreadId () returned 0x6f8 [0235.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.189] FindNextFileW (in: hFindFile=0x8036a98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0235.189] GetCurrentThreadId () returned 0x6f8 [0235.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.189] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cAlternateFileName="{BD95A~1.610")) returned 1 [0235.189] GetCurrentThreadId () returned 0x6f8 [0235.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.189] GetCurrentThreadId () returned 0x6f8 [0235.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.189] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036b58 [0235.190] GetCurrentThreadId () returned 0x6f8 [0235.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.190] FindNextFileW (in: hFindFile=0x8036b58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.190] GetCurrentThreadId () returned 0x6f8 [0235.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.190] FindNextFileW (in: hFindFile=0x8036b58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0235.190] GetCurrentThreadId () returned 0x6f8 [0235.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.190] GetCurrentThreadId () returned 0x6f8 [0235.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.190] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036b98 [0235.190] GetCurrentThreadId () returned 0x6f8 [0235.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.190] FindNextFileW (in: hFindFile=0x8036b98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.191] GetCurrentThreadId () returned 0x6f8 [0235.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.191] FindNextFileW (in: hFindFile=0x8036b98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0235.191] GetCurrentThreadId () returned 0x6f8 [0235.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.191] GetCurrentThreadId () returned 0x6f8 [0235.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.191] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036bd8 [0235.191] GetCurrentThreadId () returned 0x6f8 [0235.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.191] FindNextFileW (in: hFindFile=0x8036bd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.191] GetCurrentThreadId () returned 0x6f8 [0235.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.191] FindNextFileW (in: hFindFile=0x8036bd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x884c0c00, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x884c0c00, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x884c0c00, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0xc89b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0235.191] GetCurrentThreadId () returned 0x6f8 [0235.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.191] FindNextFileW (in: hFindFile=0x8036bd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0235.191] GetCurrentThreadId () returned 0x6f8 [0235.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.192] FindNextFileW (in: hFindFile=0x8036bd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0235.192] GetCurrentThreadId () returned 0x6f8 [0235.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.192] FindNextFileW (in: hFindFile=0x8036b98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0235.192] GetCurrentThreadId () returned 0x6f8 [0235.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.192] FindNextFileW (in: hFindFile=0x8036b58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0235.192] GetCurrentThreadId () returned 0x6f8 [0235.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.192] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cAlternateFileName="{CA675~1")) returned 1 [0235.192] GetCurrentThreadId () returned 0x6f8 [0235.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.192] GetCurrentThreadId () returned 0x6f8 [0235.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.192] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036c18 [0235.192] GetCurrentThreadId () returned 0x6f8 [0235.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.192] FindNextFileW (in: hFindFile=0x8036c18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.193] GetCurrentThreadId () returned 0x6f8 [0235.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.193] FindNextFileW (in: hFindFile=0x8036c18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfe3882c0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0235.193] GetCurrentThreadId () returned 0x6f8 [0235.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.193] FindNextFileW (in: hFindFile=0x8036c18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0235.193] GetCurrentThreadId () returned 0x6f8 [0235.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.193] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe")) returned 0x20 [0235.193] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", dwFileAttributes=0x80) returned 0 [0235.193] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1328 [0235.193] GetFileSize (in: hFile=0x1328, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f398 [0235.198] ReadFile (in: hFile=0x1328, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6f398, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x6f398, lpOverlapped=0x0) returned 1 [0235.203] GetCurrentThreadId () returned 0x6f8 [0235.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x10cecb90, dwHighDateTime=0x1d6076d)) [0235.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x10cecb90, dwHighDateTime=0x1d6076d)) [0235.203] GetCurrentThreadId () returned 0x6f8 [0235.206] ExtractIconExW (in: lpszFile="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", nIconIndex=0, phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4, nIcons=0x1 | out: phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4) returned 0x2 [0235.214] DestroyCursor (hCursor=0x4f0143) returned 1 [0235.214] DestroyCursor (hCursor=0x39008b) returned 1 [0235.214] CloseHandle (hObject=0x1328) returned 1 [0235.214] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", dwFileAttributes=0x20) returned 0 [0235.214] GetCurrentThreadId () returned 0x6f8 [0235.214] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x10cecb90, dwHighDateTime=0x1d6076d)) [0235.214] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x10cecb90, dwHighDateTime=0x1d6076d)) [0235.214] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", piIcon=0x4e4efc4) returned 0x3a008b [0235.216] GetIconInfo (in: hIcon=0x3a008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0235.216] CreateFileW (lpFileName="KkoE.ico" (normalized: "c:\\windows\\system32\\kkoe.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1328 [0235.217] GetObjectA (in: h=0xcf050776, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0235.217] GetObjectA (in: h=0x83050770, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0235.217] CreateCompatibleDC (hdc=0x0) returned 0xf201018d [0235.217] GetDIBits (in: hdc=0xf201018d, hbm=0xcf050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0235.217] GetDIBits (in: hdc=0xf201018d, hbm=0xcf050776, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0235.217] GetDIBits (in: hdc=0xf201018d, hbm=0xcf050776, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0235.217] GetDIBits (in: hdc=0xf201018d, hbm=0x83050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0235.217] WriteFile (in: hFile=0x1328, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0235.219] WriteFile (in: hFile=0x1328, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0235.219] WriteFile (in: hFile=0x1328, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0235.219] WriteFile (in: hFile=0x1328, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0235.220] WriteFile (in: hFile=0x1328, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0235.220] DeleteDC (hdc=0xf201018d) returned 1 [0235.220] CloseHandle (hObject=0x1328) returned 1 [0235.220] DeleteObject (ho=0xcf050776) returned 1 [0235.220] DeleteObject (ho=0x83050770) returned 1 [0235.220] DestroyCursor (hCursor=0x3a008b) returned 1 [0235.220] GetCurrentThreadId () returned 0x6f8 [0235.220] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1328 [0235.221] GetFileSize (in: hFile=0x1328, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f398 [0235.225] ReadFile (in: hFile=0x1328, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x6f398, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x6f398, lpOverlapped=0x0) returned 1 [0235.229] CloseHandle (hObject=0x1328) returned 1 [0235.229] GetCurrentThreadId () returned 0x6f8 [0235.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x10d12cf0, dwHighDateTime=0x1d6076d)) [0235.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x10d12cf0, dwHighDateTime=0x1d6076d)) [0235.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x10d12cf0, dwHighDateTime=0x1d6076d)) [0235.380] GetCurrentThreadId () returned 0x6f8 [0235.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.380] GetCurrentThreadId () returned 0x6f8 [0235.380] CreateFileW (lpFileName="csIO.exe" (normalized: "c:\\windows\\system32\\csio.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.381] CreateFileW (lpFileName="csIO.exe" (normalized: "c:\\windows\\system32\\csio.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.381] GetCurrentThreadId () returned 0x6f8 [0235.381] GetCurrentThreadId () returned 0x6f8 [0235.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.382] CreateFileW (lpFileName="csIO.exe" (normalized: "c:\\windows\\system32\\csio.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.382] GetCurrentThreadId () returned 0x6f8 [0235.382] BeginUpdateResourceW (pFileName="csIO.exe" (normalized: "c:\\windows\\system32\\csio.exe"), bDeleteExistingResources=0) returned 0x0 [0235.382] CreateFileW (lpFileName="KkoE.ico" (normalized: "c:\\windows\\system32\\kkoe.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1328 [0235.382] GetFileSize (in: hFile=0x1328, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0235.382] ReadFile (in: hFile=0x1328, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0235.382] CloseHandle (hObject=0x1328) returned 1 [0235.383] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0235.383] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0235.383] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0235.383] CopyFileW (lpExistingFileName="csIO.exe" (normalized: "c:\\windows\\system32\\csio.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), bFailIfExists=0) returned 0 [0235.383] SetNamedSecurityInfoW () returned 0x5 [0235.384] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0xb0, lpOverlapped=0x0) returned 1 [0235.384] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0235.384] DeleteFileW (lpFileName="KkoE.ico" (normalized: "c:\\windows\\system32\\kkoe.ico")) returned 1 [0235.385] DeleteFileW (lpFileName="csIO.exe" (normalized: "c:\\windows\\system32\\csio.exe")) returned 0 [0235.385] GetCurrentThreadId () returned 0x6f8 [0235.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.386] GetCurrentThreadId () returned 0x6f8 [0235.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.386] FindNextFileW (in: hFindFile=0x8036c18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0235.386] GetCurrentThreadId () returned 0x6f8 [0235.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.386] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cAlternateFileName="{CF2BE~1.610")) returned 1 [0235.386] GetCurrentThreadId () returned 0x6f8 [0235.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.386] GetCurrentThreadId () returned 0x6f8 [0235.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.386] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036c58 [0235.386] GetCurrentThreadId () returned 0x6f8 [0235.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.386] FindNextFileW (in: hFindFile=0x8036c58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.386] GetCurrentThreadId () returned 0x6f8 [0235.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.386] FindNextFileW (in: hFindFile=0x8036c58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0235.387] GetCurrentThreadId () returned 0x6f8 [0235.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.387] GetCurrentThreadId () returned 0x6f8 [0235.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.387] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036c98 [0235.387] GetCurrentThreadId () returned 0x6f8 [0235.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.387] FindNextFileW (in: hFindFile=0x8036c98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.387] GetCurrentThreadId () returned 0x6f8 [0235.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.387] FindNextFileW (in: hFindFile=0x8036c98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0235.387] GetCurrentThreadId () returned 0x6f8 [0235.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10e8fab0, dwHighDateTime=0x1d6076d)) [0235.389] GetCurrentThreadId () returned 0x6f8 [0235.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.389] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036cd8 [0235.389] GetCurrentThreadId () returned 0x6f8 [0235.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.389] FindNextFileW (in: hFindFile=0x8036cd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.389] GetCurrentThreadId () returned 0x6f8 [0235.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.389] FindNextFileW (in: hFindFile=0x8036cd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x969a2800, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x969a2800, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x969a2800, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0xc5b25, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0235.389] GetCurrentThreadId () returned 0x6f8 [0235.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.389] FindNextFileW (in: hFindFile=0x8036cd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x5a1afc00, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0235.389] GetCurrentThreadId () returned 0x6f8 [0235.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.389] FindNextFileW (in: hFindFile=0x8036cd8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x5a1afc00, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0235.389] GetCurrentThreadId () returned 0x6f8 [0235.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.390] FindNextFileW (in: hFindFile=0x8036c98, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0235.390] GetCurrentThreadId () returned 0x6f8 [0235.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.390] FindNextFileW (in: hFindFile=0x8036c58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0235.390] GetCurrentThreadId () returned 0x6f8 [0235.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.390] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cAlternateFileName="{E5127~1.250")) returned 1 [0235.390] GetCurrentThreadId () returned 0x6f8 [0235.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.390] GetCurrentThreadId () returned 0x6f8 [0235.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.390] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036d18 [0235.390] GetCurrentThreadId () returned 0x6f8 [0235.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.390] FindNextFileW (in: hFindFile=0x8036d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.390] GetCurrentThreadId () returned 0x6f8 [0235.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.390] FindNextFileW (in: hFindFile=0x8036d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0235.390] GetCurrentThreadId () returned 0x6f8 [0235.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.391] GetCurrentThreadId () returned 0x6f8 [0235.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.391] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036d58 [0235.391] GetCurrentThreadId () returned 0x6f8 [0235.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.391] FindNextFileW (in: hFindFile=0x8036d58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.391] GetCurrentThreadId () returned 0x6f8 [0235.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.391] FindNextFileW (in: hFindFile=0x8036d58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0235.391] GetCurrentThreadId () returned 0x6f8 [0235.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.391] GetCurrentThreadId () returned 0x6f8 [0235.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.391] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036d98 [0235.391] GetCurrentThreadId () returned 0x6f8 [0235.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.391] FindNextFileW (in: hFindFile=0x8036d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.392] GetCurrentThreadId () returned 0x6f8 [0235.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.392] FindNextFileW (in: hFindFile=0x8036d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdae7f300, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xdae7f300, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xdae7f300, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x59bde5, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0235.392] GetCurrentThreadId () returned 0x6f8 [0235.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.392] FindNextFileW (in: hFindFile=0x8036d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x36fed00, ftLastWriteTime.dwHighDateTime=0x1d28825, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0235.392] GetCurrentThreadId () returned 0x6f8 [0235.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.392] FindNextFileW (in: hFindFile=0x8036d98, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x36fed00, ftLastWriteTime.dwHighDateTime=0x1d28825, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0235.392] GetCurrentThreadId () returned 0x6f8 [0235.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.392] FindNextFileW (in: hFindFile=0x8036d58, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0235.392] GetCurrentThreadId () returned 0x6f8 [0235.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.392] FindNextFileW (in: hFindFile=0x8036d18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0235.392] GetCurrentThreadId () returned 0x6f8 [0235.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.392] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e52a6842-b0ac-476e-b48f-378a97a67346}", cAlternateFileName="{E52A6~1")) returned 1 [0235.392] GetCurrentThreadId () returned 0x6f8 [0235.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.392] GetCurrentThreadId () returned 0x6f8 [0235.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.393] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036dd8 [0235.393] GetCurrentThreadId () returned 0x6f8 [0235.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.393] FindNextFileW (in: hFindFile=0x8036dd8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.393] GetCurrentThreadId () returned 0x6f8 [0235.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.393] FindNextFileW (in: hFindFile=0x8036dd8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xe9f9cff0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0235.393] GetCurrentThreadId () returned 0x6f8 [0235.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.393] FindNextFileW (in: hFindFile=0x8036dd8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0235.393] GetCurrentThreadId () returned 0x6f8 [0235.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x10eb5c10, dwHighDateTime=0x1d6076d)) [0235.393] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe")) returned 0x20 [0235.393] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", dwFileAttributes=0x80) returned 0 [0235.394] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1344 [0235.394] GetFileSize (in: hFile=0x1344, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbee38 [0235.399] ReadFile (in: hFile=0x1344, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbee38, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xbee38, lpOverlapped=0x0) returned 1 [0235.407] GetCurrentThreadId () returned 0x6f8 [0235.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x10edbd70, dwHighDateTime=0x1d6076d)) [0235.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x10edbd70, dwHighDateTime=0x1d6076d)) [0235.407] GetCurrentThreadId () returned 0x6f8 [0235.411] ExtractIconExW (in: lpszFile="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", nIconIndex=0, phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4, nIcons=0x1 | out: phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4) returned 0x2 [0235.422] DestroyCursor (hCursor=0x3b008b) returned 1 [0235.422] DestroyCursor (hCursor=0x500143) returned 1 [0235.422] CloseHandle (hObject=0x1344) returned 1 [0235.422] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", dwFileAttributes=0x20) returned 0 [0235.423] GetCurrentThreadId () returned 0x6f8 [0235.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x10f01ed0, dwHighDateTime=0x1d6076d)) [0235.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x10f01ed0, dwHighDateTime=0x1d6076d)) [0235.423] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", piIcon=0x4e4efc4) returned 0x510143 [0235.424] GetIconInfo (in: hIcon=0x510143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0235.424] CreateFileW (lpFileName="WYco.ico" (normalized: "c:\\windows\\system32\\wyco.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1344 [0235.425] GetObjectA (in: h=0x2e0501fb, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0235.425] GetObjectA (in: h=0xf905018d, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0235.425] CreateCompatibleDC (hdc=0x0) returned 0xd0010772 [0235.425] GetDIBits (in: hdc=0xd0010772, hbm=0x2e0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0235.425] GetDIBits (in: hdc=0xd0010772, hbm=0x2e0501fb, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0235.425] GetDIBits (in: hdc=0xd0010772, hbm=0x2e0501fb, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0235.425] GetDIBits (in: hdc=0xd0010772, hbm=0xf905018d, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0235.426] WriteFile (in: hFile=0x1344, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0235.427] WriteFile (in: hFile=0x1344, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0235.427] WriteFile (in: hFile=0x1344, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0235.427] WriteFile (in: hFile=0x1344, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0235.427] WriteFile (in: hFile=0x1344, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0235.427] DeleteDC (hdc=0xd0010772) returned 1 [0235.427] CloseHandle (hObject=0x1344) returned 1 [0235.428] DeleteObject (ho=0x2e0501fb) returned 1 [0235.428] DeleteObject (ho=0xf905018d) returned 1 [0235.428] DestroyCursor (hCursor=0x510143) returned 1 [0235.428] GetCurrentThreadId () returned 0x6f8 [0235.428] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1344 [0235.428] GetFileSize (in: hFile=0x1344, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbee38 [0235.433] ReadFile (in: hFile=0x1344, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbee38, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xbee38, lpOverlapped=0x0) returned 1 [0235.439] CloseHandle (hObject=0x1344) returned 1 [0235.440] GetCurrentThreadId () returned 0x6f8 [0235.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x10f28030, dwHighDateTime=0x1d6076d)) [0235.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x10f28030, dwHighDateTime=0x1d6076d)) [0235.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x10f28030, dwHighDateTime=0x1d6076d)) [0235.636] GetCurrentThreadId () returned 0x6f8 [0235.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x110f10b0, dwHighDateTime=0x1d6076d)) [0235.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x110f10b0, dwHighDateTime=0x1d6076d)) [0235.636] GetCurrentThreadId () returned 0x6f8 [0235.636] CreateFileW (lpFileName="yEwg.exe" (normalized: "c:\\windows\\system32\\yewg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.637] CreateFileW (lpFileName="yEwg.exe" (normalized: "c:\\windows\\system32\\yewg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.638] GetCurrentThreadId () returned 0x6f8 [0235.638] GetCurrentThreadId () returned 0x6f8 [0235.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.638] CreateFileW (lpFileName="yEwg.exe" (normalized: "c:\\windows\\system32\\yewg.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.638] GetCurrentThreadId () returned 0x6f8 [0235.638] BeginUpdateResourceW (pFileName="yEwg.exe" (normalized: "c:\\windows\\system32\\yewg.exe"), bDeleteExistingResources=0) returned 0x0 [0235.638] CreateFileW (lpFileName="WYco.ico" (normalized: "c:\\windows\\system32\\wyco.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1344 [0235.638] GetFileSize (in: hFile=0x1344, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0235.639] ReadFile (in: hFile=0x1344, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0235.640] CloseHandle (hObject=0x1344) returned 1 [0235.640] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0235.640] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0235.640] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0235.640] CopyFileW (lpExistingFileName="yEwg.exe" (normalized: "c:\\windows\\system32\\yewg.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), bFailIfExists=0) returned 0 [0235.640] SetNamedSecurityInfoW () returned 0x5 [0235.641] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xb2, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0xb2, lpOverlapped=0x0) returned 1 [0235.641] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0235.641] DeleteFileW (lpFileName="WYco.ico" (normalized: "c:\\windows\\system32\\wyco.ico")) returned 1 [0235.642] DeleteFileW (lpFileName="yEwg.exe" (normalized: "c:\\windows\\system32\\yewg.exe")) returned 0 [0235.642] GetCurrentThreadId () returned 0x6f8 [0235.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.643] GetCurrentThreadId () returned 0x6f8 [0235.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.643] FindNextFileW (in: hFindFile=0x8036dd8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0235.643] GetCurrentThreadId () returned 0x6f8 [0235.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.643] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cAlternateFileName="{E6E75~1")) returned 1 [0235.643] GetCurrentThreadId () returned 0x6f8 [0235.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.643] GetCurrentThreadId () returned 0x6f8 [0235.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.643] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036e18 [0235.643] GetCurrentThreadId () returned 0x6f8 [0235.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.643] FindNextFileW (in: hFindFile=0x8036e18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.643] GetCurrentThreadId () returned 0x6f8 [0235.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.643] FindNextFileW (in: hFindFile=0x8036e18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcad7040, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x105e7220, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0235.644] GetCurrentThreadId () returned 0x6f8 [0235.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.644] FindNextFileW (in: hFindFile=0x8036e18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0235.644] GetCurrentThreadId () returned 0x6f8 [0235.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x11117210, dwHighDateTime=0x1d6076d)) [0235.644] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe")) returned 0x20 [0235.644] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", dwFileAttributes=0x80) returned 0 [0235.644] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1348 [0235.644] GetFileSize (in: hFile=0x1348, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x71080 [0235.649] ReadFile (in: hFile=0x1348, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x71080, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x71080, lpOverlapped=0x0) returned 1 [0235.660] GetCurrentThreadId () returned 0x6f8 [0235.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x1113d370, dwHighDateTime=0x1d6076d)) [0235.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x1113d370, dwHighDateTime=0x1d6076d)) [0235.660] GetCurrentThreadId () returned 0x6f8 [0235.664] ExtractIconExW (in: lpszFile="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", nIconIndex=0, phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4, nIcons=0x1 | out: phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4) returned 0x2 [0235.671] DestroyCursor (hCursor=0x520143) returned 1 [0235.671] DestroyCursor (hCursor=0x3c008b) returned 1 [0235.671] CloseHandle (hObject=0x1348) returned 1 [0235.671] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", dwFileAttributes=0x20) returned 0 [0235.672] GetCurrentThreadId () returned 0x6f8 [0235.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x111634d0, dwHighDateTime=0x1d6076d)) [0235.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x111634d0, dwHighDateTime=0x1d6076d)) [0235.672] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", piIcon=0x4e4efc4) returned 0x3d008b [0235.673] GetIconInfo (in: hIcon=0x3d008b, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0235.673] CreateFileW (lpFileName="iqgc.ico" (normalized: "c:\\windows\\system32\\iqgc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1348 [0235.674] GetObjectA (in: h=0x8f050770, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0235.674] GetObjectA (in: h=0xd7050772, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0235.674] CreateCompatibleDC (hdc=0x0) returned 0xda010776 [0235.674] GetDIBits (in: hdc=0xda010776, hbm=0x8f050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0235.674] GetDIBits (in: hdc=0xda010776, hbm=0x8f050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0235.675] GetDIBits (in: hdc=0xda010776, hbm=0x8f050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0235.675] GetDIBits (in: hdc=0xda010776, hbm=0xd7050772, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0235.675] WriteFile (in: hFile=0x1348, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0235.676] WriteFile (in: hFile=0x1348, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0235.676] WriteFile (in: hFile=0x1348, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0235.676] WriteFile (in: hFile=0x1348, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0235.676] WriteFile (in: hFile=0x1348, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0235.677] DeleteDC (hdc=0xda010776) returned 1 [0235.677] CloseHandle (hObject=0x1348) returned 1 [0235.677] DeleteObject (ho=0x8f050770) returned 1 [0235.677] DeleteObject (ho=0xd7050772) returned 1 [0235.677] DestroyCursor (hCursor=0x3d008b) returned 1 [0235.677] GetCurrentThreadId () returned 0x6f8 [0235.677] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1348 [0235.677] GetFileSize (in: hFile=0x1348, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x71080 [0235.682] ReadFile (in: hFile=0x1348, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x71080, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x71080, lpOverlapped=0x0) returned 1 [0235.687] CloseHandle (hObject=0x1348) returned 1 [0235.688] GetCurrentThreadId () returned 0x6f8 [0235.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x11189630, dwHighDateTime=0x1d6076d)) [0235.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x11189630, dwHighDateTime=0x1d6076d)) [0235.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x11189630, dwHighDateTime=0x1d6076d)) [0235.841] GetCurrentThreadId () returned 0x6f8 [0235.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.841] GetCurrentThreadId () returned 0x6f8 [0235.841] CreateFileW (lpFileName="UUcQ.exe" (normalized: "c:\\windows\\system32\\uucq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.842] CreateFileW (lpFileName="UUcQ.exe" (normalized: "c:\\windows\\system32\\uucq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.842] GetCurrentThreadId () returned 0x6f8 [0235.842] GetCurrentThreadId () returned 0x6f8 [0235.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.842] CreateFileW (lpFileName="UUcQ.exe" (normalized: "c:\\windows\\system32\\uucq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0235.842] GetCurrentThreadId () returned 0x6f8 [0235.842] BeginUpdateResourceW (pFileName="UUcQ.exe" (normalized: "c:\\windows\\system32\\uucq.exe"), bDeleteExistingResources=0) returned 0x0 [0235.843] CreateFileW (lpFileName="iqgc.ico" (normalized: "c:\\windows\\system32\\iqgc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1348 [0235.843] GetFileSize (in: hFile=0x1348, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0235.843] ReadFile (in: hFile=0x1348, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0235.843] CloseHandle (hObject=0x1348) returned 1 [0235.843] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0235.843] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0235.843] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0235.844] CopyFileW (lpExistingFileName="UUcQ.exe" (normalized: "c:\\windows\\system32\\uucq.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), bFailIfExists=0) returned 0 [0235.844] SetNamedSecurityInfoW () returned 0x5 [0235.845] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0xb0, lpOverlapped=0x0) returned 1 [0235.845] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0235.845] DeleteFileW (lpFileName="iqgc.ico" (normalized: "c:\\windows\\system32\\iqgc.ico")) returned 1 [0235.847] DeleteFileW (lpFileName="UUcQ.exe" (normalized: "c:\\windows\\system32\\uucq.exe")) returned 0 [0235.847] GetCurrentThreadId () returned 0x6f8 [0235.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.847] GetCurrentThreadId () returned 0x6f8 [0235.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.847] FindNextFileW (in: hFindFile=0x8036e18, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0235.847] GetCurrentThreadId () returned 0x6f8 [0235.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.847] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cAlternateFileName="{F325F~1")) returned 1 [0235.847] GetCurrentThreadId () returned 0x6f8 [0235.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.847] GetCurrentThreadId () returned 0x6f8 [0235.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.847] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036e58 [0235.848] GetCurrentThreadId () returned 0x6f8 [0235.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.848] FindNextFileW (in: hFindFile=0x8036e58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.848] GetCurrentThreadId () returned 0x6f8 [0235.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.848] FindNextFileW (in: hFindFile=0x8036e58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf93efac0, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0x6601040, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0235.848] GetCurrentThreadId () returned 0x6f8 [0235.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.848] FindNextFileW (in: hFindFile=0x8036e58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0235.848] GetCurrentThreadId () returned 0x6f8 [0235.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x113063f0, dwHighDateTime=0x1d6076d)) [0235.848] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe")) returned 0x80 [0235.848] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", dwFileAttributes=0x80) returned 0 [0235.849] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134c [0235.849] GetFileSize (in: hFile=0x134c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbee30 [0235.854] ReadFile (in: hFile=0x134c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbee30, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xbee30, lpOverlapped=0x0) returned 1 [0235.862] GetCurrentThreadId () returned 0x6f8 [0235.862] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x1132c550, dwHighDateTime=0x1d6076d)) [0235.862] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x1132c550, dwHighDateTime=0x1d6076d)) [0235.862] GetCurrentThreadId () returned 0x6f8 [0235.867] ExtractIconExW (in: lpszFile="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", nIconIndex=0, phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4, nIcons=0x1 | out: phiconLarge=0x4e4efa8, phiconSmall=0x4e4efa4) returned 0x2 [0235.877] DestroyCursor (hCursor=0x3e008b) returned 1 [0235.877] DestroyCursor (hCursor=0x530143) returned 1 [0235.877] CloseHandle (hObject=0x134c) returned 1 [0235.878] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", dwFileAttributes=0x80) returned 0 [0235.878] GetCurrentThreadId () returned 0x6f8 [0235.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x113526b0, dwHighDateTime=0x1d6076d)) [0235.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x113526b0, dwHighDateTime=0x1d6076d)) [0235.878] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", piIcon=0x4e4efc4) returned 0x540143 [0235.879] GetIconInfo (in: hIcon=0x540143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0235.880] CreateFileW (lpFileName="kYsQ.ico" (normalized: "c:\\windows\\system32\\kysq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134c [0235.880] GetObjectA (in: h=0x505018d, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0235.880] GetObjectA (in: h=0xe1050776, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0235.880] CreateCompatibleDC (hdc=0x0) returned 0x390101fb [0235.880] GetDIBits (in: hdc=0x390101fb, hbm=0x505018d, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0235.880] GetDIBits (in: hdc=0x390101fb, hbm=0x505018d, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0235.880] GetDIBits (in: hdc=0x390101fb, hbm=0x505018d, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0235.881] GetDIBits (in: hdc=0x390101fb, hbm=0xe1050776, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0235.881] WriteFile (in: hFile=0x134c, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0235.882] WriteFile (in: hFile=0x134c, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0235.882] WriteFile (in: hFile=0x134c, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0235.882] WriteFile (in: hFile=0x134c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0235.882] WriteFile (in: hFile=0x134c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0235.882] DeleteDC (hdc=0x390101fb) returned 1 [0235.882] CloseHandle (hObject=0x134c) returned 1 [0235.883] DeleteObject (ho=0x505018d) returned 1 [0235.883] DeleteObject (ho=0xe1050776) returned 1 [0235.883] DestroyCursor (hCursor=0x540143) returned 1 [0235.883] GetCurrentThreadId () returned 0x6f8 [0235.883] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134c [0235.883] GetFileSize (in: hFile=0x134c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbee30 [0235.888] ReadFile (in: hFile=0x134c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbee30, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xbee30, lpOverlapped=0x0) returned 1 [0235.894] CloseHandle (hObject=0x134c) returned 1 [0235.894] GetCurrentThreadId () returned 0x6f8 [0235.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x11378810, dwHighDateTime=0x1d6076d)) [0235.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x11378810, dwHighDateTime=0x1d6076d)) [0235.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x11378810, dwHighDateTime=0x1d6076d)) [0236.005] GetCurrentThreadId () returned 0x6f8 [0236.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.005] GetCurrentThreadId () returned 0x6f8 [0236.005] CreateFileW (lpFileName="mgAE.exe" (normalized: "c:\\windows\\system32\\mgae.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0236.006] CreateFileW (lpFileName="mgAE.exe" (normalized: "c:\\windows\\system32\\mgae.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0236.006] GetCurrentThreadId () returned 0x6f8 [0236.006] GetCurrentThreadId () returned 0x6f8 [0236.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.006] CreateFileW (lpFileName="mgAE.exe" (normalized: "c:\\windows\\system32\\mgae.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0236.007] GetCurrentThreadId () returned 0x6f8 [0236.007] BeginUpdateResourceW (pFileName="mgAE.exe" (normalized: "c:\\windows\\system32\\mgae.exe"), bDeleteExistingResources=0) returned 0x0 [0236.007] CreateFileW (lpFileName="kYsQ.ico" (normalized: "c:\\windows\\system32\\kysq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134c [0236.007] GetFileSize (in: hFile=0x134c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0236.007] ReadFile (in: hFile=0x134c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0236.007] CloseHandle (hObject=0x134c) returned 1 [0236.007] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0236.008] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0236.008] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0236.008] CopyFileW (lpExistingFileName="mgAE.exe" (normalized: "c:\\windows\\system32\\mgae.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), bFailIfExists=0) returned 0 [0236.008] SetNamedSecurityInfoW () returned 0x5 [0236.008] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0xb2, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0xb2, lpOverlapped=0x0) returned 1 [0236.009] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0236.009] DeleteFileW (lpFileName="kYsQ.ico" (normalized: "c:\\windows\\system32\\kysq.ico")) returned 1 [0236.010] DeleteFileW (lpFileName="mgAE.exe" (normalized: "c:\\windows\\system32\\mgae.exe")) returned 0 [0236.010] GetCurrentThreadId () returned 0x6f8 [0236.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.010] GetCurrentThreadId () returned 0x6f8 [0236.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.010] FindNextFileW (in: hFindFile=0x8036e58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0236.010] GetCurrentThreadId () returned 0x6f8 [0236.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.011] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 1 [0236.011] GetCurrentThreadId () returned 0x6f8 [0236.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.011] GetCurrentThreadId () returned 0x6f8 [0236.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.011] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036e98 [0236.011] GetCurrentThreadId () returned 0x6f8 [0236.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.011] FindNextFileW (in: hFindFile=0x8036e98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.011] GetCurrentThreadId () returned 0x6f8 [0236.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114831b0, dwHighDateTime=0x1d6076d)) [0236.011] FindNextFileW (in: hFindFile=0x8036e98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0236.011] GetCurrentThreadId () returned 0x6f8 [0236.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.011] GetCurrentThreadId () returned 0x6f8 [0236.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.012] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036ed8 [0236.012] GetCurrentThreadId () returned 0x6f8 [0236.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.012] FindNextFileW (in: hFindFile=0x8036ed8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.012] GetCurrentThreadId () returned 0x6f8 [0236.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.012] FindNextFileW (in: hFindFile=0x8036ed8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0236.012] GetCurrentThreadId () returned 0x6f8 [0236.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.012] GetCurrentThreadId () returned 0x6f8 [0236.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.012] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036f18 [0236.012] GetCurrentThreadId () returned 0x6f8 [0236.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.012] FindNextFileW (in: hFindFile=0x8036f18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.013] GetCurrentThreadId () returned 0x6f8 [0236.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.013] FindNextFileW (in: hFindFile=0x8036f18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532ebf00, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x532ebf00, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x532ebf00, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x4b4520, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0236.013] GetCurrentThreadId () returned 0x6f8 [0236.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.013] FindNextFileW (in: hFindFile=0x8036f18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x4f9b3800, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0236.013] GetCurrentThreadId () returned 0x6f8 [0236.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.013] FindNextFileW (in: hFindFile=0x8036f18, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x4f9b3800, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0236.013] GetCurrentThreadId () returned 0x6f8 [0236.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.013] FindNextFileW (in: hFindFile=0x8036ed8, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0236.013] GetCurrentThreadId () returned 0x6f8 [0236.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.013] FindNextFileW (in: hFindFile=0x8036e98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0236.013] GetCurrentThreadId () returned 0x6f8 [0236.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.013] FindNextFileW (in: hFindFile=0x8036298, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 0 [0236.013] GetCurrentThreadId () returned 0x6f8 [0236.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.013] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0236.013] GetCurrentThreadId () returned 0x6f8 [0236.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.014] GetCurrentThreadId () returned 0x6f8 [0236.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.014] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.014] GetCurrentThreadId () returned 0x6f8 [0236.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.014] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0236.014] GetCurrentThreadId () returned 0x6f8 [0236.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.014] GetCurrentThreadId () returned 0x6f8 [0236.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.014] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036f58 [0236.014] GetCurrentThreadId () returned 0x6f8 [0236.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.014] FindNextFileW (in: hFindFile=0x8036f58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.014] GetCurrentThreadId () returned 0x6f8 [0236.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.015] FindNextFileW (in: hFindFile=0x8036f58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0236.015] GetCurrentThreadId () returned 0x6f8 [0236.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.015] GetCurrentThreadId () returned 0x6f8 [0236.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.015] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8036f98 [0236.015] GetCurrentThreadId () returned 0x6f8 [0236.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.015] FindNextFileW (in: hFindFile=0x8036f98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.015] GetCurrentThreadId () returned 0x6f8 [0236.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.015] FindNextFileW (in: hFindFile=0x8036f98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 1 [0236.015] GetCurrentThreadId () returned 0x6f8 [0236.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.015] GetCurrentThreadId () returned 0x6f8 [0236.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.015] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037018 [0236.016] GetCurrentThreadId () returned 0x6f8 [0236.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.016] FindNextFileW (in: hFindFile=0x8037018, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.017] GetCurrentThreadId () returned 0x6f8 [0236.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.017] FindNextFileW (in: hFindFile=0x8037018, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0x0, dwReserved1=0x0, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 1 [0236.017] GetCurrentThreadId () returned 0x6f8 [0236.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.017] FindNextFileW (in: hFindFile=0x8037018, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0x0, dwReserved1=0x0, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 0 [0236.017] GetCurrentThreadId () returned 0x6f8 [0236.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.017] FindNextFileW (in: hFindFile=0x8036f98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 0 [0236.017] GetCurrentThreadId () returned 0x6f8 [0236.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.017] FindNextFileW (in: hFindFile=0x8036f58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 0 [0236.017] GetCurrentThreadId () returned 0x6f8 [0236.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.017] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0236.017] GetCurrentThreadId () returned 0x6f8 [0236.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.017] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa747c7d0, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0xa747c7d0, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa9ca7b10, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0xb0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vgYI.txt", cAlternateFileName="")) returned 1 [0236.017] GetCurrentThreadId () returned 0x6f8 [0236.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.017] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xa30330b0, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0xa36bed30, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa36bed30, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VWcUEoYI", cAlternateFileName="")) returned 1 [0236.017] GetCurrentThreadId () returned 0x6f8 [0236.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.018] GetCurrentThreadId () returned 0x6f8 [0236.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.018] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\VWcUEoYI\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.018] GetCurrentThreadId () returned 0x6f8 [0236.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.018] FindNextFileW (in: hFindFile=0x8034218, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xa30330b0, ftCreationTime.dwHighDateTime=0x1d6076c, ftLastAccessTime.dwLowDateTime=0xa36bed30, ftLastAccessTime.dwHighDateTime=0x1d6076c, ftLastWriteTime.dwLowDateTime=0xa36bed30, ftLastWriteTime.dwHighDateTime=0x1d6076c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VWcUEoYI", cAlternateFileName="")) returned 0 [0236.018] GetCurrentThreadId () returned 0x6f8 [0236.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.018] FindNextFileW (in: hFindFile=0x6a8a88, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0236.018] GetCurrentThreadId () returned 0x6f8 [0236.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.018] GetCurrentThreadId () returned 0x6f8 [0236.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.018] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037058 [0236.018] GetCurrentThreadId () returned 0x6f8 [0236.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.019] FindNextFileW (in: hFindFile=0x8037058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.019] GetCurrentThreadId () returned 0x6f8 [0236.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.019] FindNextFileW (in: hFindFile=0x8037058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0236.019] GetCurrentThreadId () returned 0x6f8 [0236.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.019] GetCurrentThreadId () returned 0x6f8 [0236.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.019] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037098 [0236.019] GetCurrentThreadId () returned 0x6f8 [0236.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.019] FindNextFileW (in: hFindFile=0x8037098, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.019] GetCurrentThreadId () returned 0x6f8 [0236.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.019] FindNextFileW (in: hFindFile=0x8037098, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0236.020] GetCurrentThreadId () returned 0x6f8 [0236.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.020] GetCurrentThreadId () returned 0x6f8 [0236.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.020] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80370d8 [0236.021] GetCurrentThreadId () returned 0x6f8 [0236.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.021] FindNextFileW (in: hFindFile=0x80370d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.021] GetCurrentThreadId () returned 0x6f8 [0236.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.021] FindNextFileW (in: hFindFile=0x80370d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0236.021] GetCurrentThreadId () returned 0x6f8 [0236.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.021] GetCurrentThreadId () returned 0x6f8 [0236.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.021] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Application Data\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.021] GetCurrentThreadId () returned 0x6f8 [0236.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.021] FindNextFileW (in: hFindFile=0x80370d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0236.021] GetCurrentThreadId () returned 0x6f8 [0236.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.022] GetCurrentThreadId () returned 0x6f8 [0236.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.022] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\History\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.022] GetCurrentThreadId () returned 0x6f8 [0236.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.022] FindNextFileW (in: hFindFile=0x80370d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x66b2700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xddd35f67, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xbd7f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0236.022] GetCurrentThreadId () returned 0x6f8 [0236.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.022] FindNextFileW (in: hFindFile=0x80370d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0236.022] GetCurrentThreadId () returned 0x6f8 [0236.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.022] GetCurrentThreadId () returned 0x6f8 [0236.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.022] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037118 [0236.024] GetCurrentThreadId () returned 0x6f8 [0236.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.024] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.024] GetCurrentThreadId () returned 0x6f8 [0236.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.024] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0236.024] GetCurrentThreadId () returned 0x6f8 [0236.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.024] GetCurrentThreadId () returned 0x6f8 [0236.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.024] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037158 [0236.025] GetCurrentThreadId () returned 0x6f8 [0236.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.025] FindNextFileW (in: hFindFile=0x8037158, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.025] GetCurrentThreadId () returned 0x6f8 [0236.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.026] FindNextFileW (in: hFindFile=0x8037158, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0236.026] GetCurrentThreadId () returned 0x6f8 [0236.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.026] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0236.026] GetCurrentThreadId () returned 0x6f8 [0236.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.026] GetCurrentThreadId () returned 0x6f8 [0236.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.026] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037198 [0236.028] GetCurrentThreadId () returned 0x6f8 [0236.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.028] FindNextFileW (in: hFindFile=0x8037198, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.028] GetCurrentThreadId () returned 0x6f8 [0236.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.028] FindNextFileW (in: hFindFile=0x8037198, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff107f92, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0236.028] GetCurrentThreadId () returned 0x6f8 [0236.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.028] FindNextFileW (in: hFindFile=0x8037198, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Feeds~", cAlternateFileName="MICROS~1")) returned 1 [0236.028] GetCurrentThreadId () returned 0x6f8 [0236.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.028] GetCurrentThreadId () returned 0x6f8 [0236.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.028] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80371d8 [0236.031] GetCurrentThreadId () returned 0x6f8 [0236.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.031] FindNextFileW (in: hFindFile=0x80371d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.031] GetCurrentThreadId () returned 0x6f8 [0236.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.031] FindNextFileW (in: hFindFile=0x80371d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeaa2466, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft at Home~.feed-ms", cAlternateFileName="MICROS~2.FEE")) returned 1 [0236.031] GetCurrentThreadId () returned 0x6f8 [0236.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.031] FindNextFileW (in: hFindFile=0x80371d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft at Work~.feed-ms", cAlternateFileName="MICROS~1.FEE")) returned 1 [0236.031] GetCurrentThreadId () returned 0x6f8 [0236.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.031] FindNextFileW (in: hFindFile=0x80371d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 1 [0236.031] GetCurrentThreadId () returned 0x6f8 [0236.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.031] FindNextFileW (in: hFindFile=0x80371d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 0 [0236.032] GetCurrentThreadId () returned 0x6f8 [0236.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.032] FindNextFileW (in: hFindFile=0x8037198, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0236.032] GetCurrentThreadId () returned 0x6f8 [0236.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.032] GetCurrentThreadId () returned 0x6f8 [0236.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.032] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037218 [0236.032] GetCurrentThreadId () returned 0x6f8 [0236.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.032] FindNextFileW (in: hFindFile=0x8037218, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.032] GetCurrentThreadId () returned 0x6f8 [0236.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.032] FindNextFileW (in: hFindFile=0x8037218, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 1 [0236.032] GetCurrentThreadId () returned 0x6f8 [0236.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.033] GetCurrentThreadId () returned 0x6f8 [0236.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.033] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037258 [0236.033] GetCurrentThreadId () returned 0x6f8 [0236.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.033] FindNextFileW (in: hFindFile=0x8037258, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.033] GetCurrentThreadId () returned 0x6f8 [0236.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.033] FindNextFileW (in: hFindFile=0x8037258, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 1 [0236.033] GetCurrentThreadId () returned 0x6f8 [0236.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.033] FindNextFileW (in: hFindFile=0x8037258, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 0 [0236.033] GetCurrentThreadId () returned 0x6f8 [0236.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.033] FindNextFileW (in: hFindFile=0x8037218, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 0 [0236.033] GetCurrentThreadId () returned 0x6f8 [0236.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.033] FindNextFileW (in: hFindFile=0x8037198, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0236.034] GetCurrentThreadId () returned 0x6f8 [0236.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.034] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0236.034] GetCurrentThreadId () returned 0x6f8 [0236.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.034] GetCurrentThreadId () returned 0x6f8 [0236.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.034] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037298 [0236.036] GetCurrentThreadId () returned 0x6f8 [0236.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.036] FindNextFileW (in: hFindFile=0x8037298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.036] GetCurrentThreadId () returned 0x6f8 [0236.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.036] FindNextFileW (in: hFindFile=0x8037298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1NBUR4HR", cAlternateFileName="")) returned 1 [0236.037] GetCurrentThreadId () returned 0x6f8 [0236.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.037] GetCurrentThreadId () returned 0x6f8 [0236.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.037] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80372d8 [0236.038] GetCurrentThreadId () returned 0x6f8 [0236.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.038] FindNextFileW (in: hFindFile=0x80372d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.038] GetCurrentThreadId () returned 0x6f8 [0236.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.038] FindNextFileW (in: hFindFile=0x80372d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.038] GetCurrentThreadId () returned 0x6f8 [0236.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.038] FindNextFileW (in: hFindFile=0x80372d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0236.038] GetCurrentThreadId () returned 0x6f8 [0236.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.038] FindNextFileW (in: hFindFile=0x80372d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0236.038] GetCurrentThreadId () returned 0x6f8 [0236.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.038] FindNextFileW (in: hFindFile=0x8037298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0236.038] GetCurrentThreadId () returned 0x6f8 [0236.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.038] GetCurrentThreadId () returned 0x6f8 [0236.038] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.038] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037318 [0236.039] GetCurrentThreadId () returned 0x6f8 [0236.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.039] FindNextFileW (in: hFindFile=0x8037318, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.039] GetCurrentThreadId () returned 0x6f8 [0236.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.039] FindNextFileW (in: hFindFile=0x8037318, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.039] GetCurrentThreadId () returned 0x6f8 [0236.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.039] FindNextFileW (in: hFindFile=0x8037318, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0236.039] GetCurrentThreadId () returned 0x6f8 [0236.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.039] FindNextFileW (in: hFindFile=0x8037318, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0236.039] GetCurrentThreadId () returned 0x6f8 [0236.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.039] FindNextFileW (in: hFindFile=0x8037298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0236.039] GetCurrentThreadId () returned 0x6f8 [0236.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.039] GetCurrentThreadId () returned 0x6f8 [0236.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.040] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037358 [0236.040] GetCurrentThreadId () returned 0x6f8 [0236.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.040] FindNextFileW (in: hFindFile=0x8037358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.040] GetCurrentThreadId () returned 0x6f8 [0236.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.040] FindNextFileW (in: hFindFile=0x8037358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.040] GetCurrentThreadId () returned 0x6f8 [0236.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.040] FindNextFileW (in: hFindFile=0x8037358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0236.040] GetCurrentThreadId () returned 0x6f8 [0236.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.040] FindNextFileW (in: hFindFile=0x8037358, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0236.040] GetCurrentThreadId () returned 0x6f8 [0236.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.040] FindNextFileW (in: hFindFile=0x8037298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.040] GetCurrentThreadId () returned 0x6f8 [0236.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.041] FindNextFileW (in: hFindFile=0x8037298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa9d0d0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0236.041] GetCurrentThreadId () returned 0x6f8 [0236.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.041] FindNextFileW (in: hFindFile=0x8037298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 1 [0236.041] GetCurrentThreadId () returned 0x6f8 [0236.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.041] GetCurrentThreadId () returned 0x6f8 [0236.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.041] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037398 [0236.041] GetCurrentThreadId () returned 0x6f8 [0236.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.041] FindNextFileW (in: hFindFile=0x8037398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.041] GetCurrentThreadId () returned 0x6f8 [0236.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.041] FindNextFileW (in: hFindFile=0x8037398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.041] GetCurrentThreadId () returned 0x6f8 [0236.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.041] FindNextFileW (in: hFindFile=0x8037398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0236.042] GetCurrentThreadId () returned 0x6f8 [0236.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.042] FindNextFileW (in: hFindFile=0x8037398, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0236.042] GetCurrentThreadId () returned 0x6f8 [0236.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.042] FindNextFileW (in: hFindFile=0x8037298, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0236.042] GetCurrentThreadId () returned 0x6f8 [0236.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.042] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96e13f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0236.042] GetCurrentThreadId () returned 0x6f8 [0236.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.042] GetCurrentThreadId () returned 0x6f8 [0236.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.042] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96e13f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80373d8 [0236.042] GetCurrentThreadId () returned 0x6f8 [0236.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114cf470, dwHighDateTime=0x1d6076d)) [0236.042] FindNextFileW (in: hFindFile=0x80373d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96e13f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.043] GetCurrentThreadId () returned 0x6f8 [0236.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.043] FindNextFileW (in: hFindFile=0x80373d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff12e0f2, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.bak", cAlternateFileName="")) returned 1 [0236.043] GetCurrentThreadId () returned 0x6f8 [0236.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.043] FindNextFileW (in: hFindFile=0x80373d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0236.043] GetCurrentThreadId () returned 0x6f8 [0236.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.043] FindNextFileW (in: hFindFile=0x80373d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.txt", cAlternateFileName="")) returned 0 [0236.043] GetCurrentThreadId () returned 0x6f8 [0236.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.043] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0236.043] GetCurrentThreadId () returned 0x6f8 [0236.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.043] GetCurrentThreadId () returned 0x6f8 [0236.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.043] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037418 [0236.048] GetCurrentThreadId () returned 0x6f8 [0236.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.048] FindNextFileW (in: hFindFile=0x8037418, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.051] GetCurrentThreadId () returned 0x6f8 [0236.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.051] FindNextFileW (in: hFindFile=0x8037418, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8679d27, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x105000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CurrentDatabase_372.wmdb", cAlternateFileName="CURREN~1.WMD")) returned 1 [0236.051] GetCurrentThreadId () returned 0x6f8 [0236.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.051] FindNextFileW (in: hFindFile=0x8037418, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1106c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalMLS_3.wmdb", cAlternateFileName="LOCALM~1.WMD")) returned 1 [0236.051] GetCurrentThreadId () returned 0x6f8 [0236.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.051] FindNextFileW (in: hFindFile=0x8037418, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0236.051] GetCurrentThreadId () returned 0x6f8 [0236.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.051] GetCurrentThreadId () returned 0x6f8 [0236.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.052] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037458 [0236.052] GetCurrentThreadId () returned 0x6f8 [0236.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.052] FindNextFileW (in: hFindFile=0x8037458, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.052] GetCurrentThreadId () returned 0x6f8 [0236.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.052] FindNextFileW (in: hFindFile=0x8037458, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0236.052] GetCurrentThreadId () returned 0x6f8 [0236.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.052] GetCurrentThreadId () returned 0x6f8 [0236.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.052] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037498 [0236.053] GetCurrentThreadId () returned 0x6f8 [0236.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.053] FindNextFileW (in: hFindFile=0x8037498, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.053] GetCurrentThreadId () returned 0x6f8 [0236.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.053] FindNextFileW (in: hFindFile=0x8037498, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="00010C6E", cAlternateFileName="")) returned 1 [0236.054] GetCurrentThreadId () returned 0x6f8 [0236.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.054] GetCurrentThreadId () returned 0x6f8 [0236.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.054] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80374d8 [0236.056] GetCurrentThreadId () returned 0x6f8 [0236.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.056] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.056] GetCurrentThreadId () returned 0x6f8 [0236.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.056] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0x0, dwReserved1=0x0, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0236.056] GetCurrentThreadId () returned 0x6f8 [0236.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.056] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0236.056] GetCurrentThreadId () returned 0x6f8 [0236.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.056] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="03_Music_rated_at_4_or_5_stars.wpl", cAlternateFileName="03_MUS~1.WPL")) returned 1 [0236.056] GetCurrentThreadId () returned 0x6f8 [0236.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.056] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x504, dwReserved0=0x0, dwReserved1=0x0, cFileName="04_Music_played_in_the_last_month.wpl", cAlternateFileName="04_MUS~1.WPL")) returned 1 [0236.056] GetCurrentThreadId () returned 0x6f8 [0236.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.057] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x31d, dwReserved0=0x0, dwReserved1=0x0, cFileName="05_Pictures_taken_in_the_last_month.wpl", cAlternateFileName="05_PIC~1.WPL")) returned 1 [0236.057] GetCurrentThreadId () returned 0x6f8 [0236.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.057] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0x0, dwReserved1=0x0, cFileName="06_Pictures_rated_4_or_5_stars.wpl", cAlternateFileName="06_PIC~1.WPL")) returned 1 [0236.057] GetCurrentThreadId () returned 0x6f8 [0236.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.057] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x0, dwReserved1=0x0, cFileName="07_TV_recorded_in_the_last_week.wpl", cAlternateFileName="07_TV_~1.WPL")) returned 1 [0236.057] GetCurrentThreadId () returned 0x6f8 [0236.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.057] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="08_Video_rated_at_4_or_5_stars.wpl", cAlternateFileName="08_VID~1.WPL")) returned 1 [0236.057] GetCurrentThreadId () returned 0x6f8 [0236.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.057] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x0, dwReserved1=0x0, cFileName="09_Music_played_the_most.wpl", cAlternateFileName="09_MUS~1.WPL")) returned 1 [0236.057] GetCurrentThreadId () returned 0x6f8 [0236.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.057] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x427, dwReserved0=0x0, dwReserved1=0x0, cFileName="10_All_Music.wpl", cAlternateFileName="10_ALL~1.WPL")) returned 1 [0236.057] GetCurrentThreadId () returned 0x6f8 [0236.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.057] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x0, cFileName="11_All_Pictures.wpl", cAlternateFileName="11_ALL~1.WPL")) returned 1 [0236.057] GetCurrentThreadId () returned 0x6f8 [0236.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.057] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x0, dwReserved1=0x0, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 1 [0236.058] GetCurrentThreadId () returned 0x6f8 [0236.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e684 | out: lpSystemTimeAsFileTime=0x4e4e684*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.058] FindNextFileW (in: hFindFile=0x80374d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x0, dwReserved1=0x0, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 0 [0236.058] GetCurrentThreadId () returned 0x6f8 [0236.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e8f8 | out: lpSystemTimeAsFileTime=0x4e4e8f8*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.058] FindNextFileW (in: hFindFile=0x8037498, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="00010C6E", cAlternateFileName="")) returned 0 [0236.058] GetCurrentThreadId () returned 0x6f8 [0236.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.058] FindNextFileW (in: hFindFile=0x8037458, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0236.058] GetCurrentThreadId () returned 0x6f8 [0236.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x114f55d0, dwHighDateTime=0x1d6076d)) [0236.058] FindNextFileW (in: hFindFile=0x8037418, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 0 [0236.058] GetCurrentThreadId () returned 0x6f8 [0236.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.058] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d8860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d1d5e4e, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0236.059] GetCurrentThreadId () returned 0x6f8 [0236.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.059] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd774d0cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0236.059] GetCurrentThreadId () returned 0x6f8 [0236.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.059] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0236.059] GetCurrentThreadId () returned 0x6f8 [0236.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.059] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0236.059] GetCurrentThreadId () returned 0x6f8 [0236.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.059] FindNextFileW (in: hFindFile=0x8037118, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0236.059] GetCurrentThreadId () returned 0x6f8 [0236.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.059] FindNextFileW (in: hFindFile=0x80370d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0236.059] GetCurrentThreadId () returned 0x6f8 [0236.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.059] FindNextFileW (in: hFindFile=0x80370d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0236.059] GetCurrentThreadId () returned 0x6f8 [0236.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.059] FindNextFileW (in: hFindFile=0x80370d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 0 [0236.059] GetCurrentThreadId () returned 0x6f8 [0236.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.060] FindNextFileW (in: hFindFile=0x8037098, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0236.060] GetCurrentThreadId () returned 0x6f8 [0236.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.060] GetCurrentThreadId () returned 0x6f8 [0236.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.060] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037518 [0236.061] GetCurrentThreadId () returned 0x6f8 [0236.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.061] FindNextFileW (in: hFindFile=0x8037518, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.061] GetCurrentThreadId () returned 0x6f8 [0236.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.061] FindNextFileW (in: hFindFile=0x8037518, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0236.061] GetCurrentThreadId () returned 0x6f8 [0236.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.061] GetCurrentThreadId () returned 0x6f8 [0236.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.061] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037558 [0236.062] GetCurrentThreadId () returned 0x6f8 [0236.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.062] FindNextFileW (in: hFindFile=0x8037558, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.062] GetCurrentThreadId () returned 0x6f8 [0236.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.062] FindNextFileW (in: hFindFile=0x8037558, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CryptnetUrlCache", cAlternateFileName="CRYPTN~1")) returned 1 [0236.062] GetCurrentThreadId () returned 0x6f8 [0236.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.062] GetCurrentThreadId () returned 0x6f8 [0236.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.062] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037598 [0236.062] GetCurrentThreadId () returned 0x6f8 [0236.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.062] FindNextFileW (in: hFindFile=0x8037598, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.063] GetCurrentThreadId () returned 0x6f8 [0236.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.063] FindNextFileW (in: hFindFile=0x8037598, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Content", cAlternateFileName="")) returned 1 [0236.063] GetCurrentThreadId () returned 0x6f8 [0236.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.063] GetCurrentThreadId () returned 0x6f8 [0236.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.063] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80375d8 [0236.064] GetCurrentThreadId () returned 0x6f8 [0236.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.064] FindNextFileW (in: hFindFile=0x80375d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.064] GetCurrentThreadId () returned 0x6f8 [0236.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.064] FindNextFileW (in: hFindFile=0x80375d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x228, dwReserved0=0x0, dwReserved1=0x0, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0236.064] GetCurrentThreadId () returned 0x6f8 [0236.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.064] FindNextFileW (in: hFindFile=0x80375d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0236.064] GetCurrentThreadId () returned 0x6f8 [0236.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.064] FindNextFileW (in: hFindFile=0x80375d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 0 [0236.064] GetCurrentThreadId () returned 0x6f8 [0236.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.064] FindNextFileW (in: hFindFile=0x8037598, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MetaData", cAlternateFileName="")) returned 1 [0236.064] GetCurrentThreadId () returned 0x6f8 [0236.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.065] GetCurrentThreadId () returned 0x6f8 [0236.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.065] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037618 [0236.065] GetCurrentThreadId () returned 0x6f8 [0236.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.065] FindNextFileW (in: hFindFile=0x8037618, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.065] GetCurrentThreadId () returned 0x6f8 [0236.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.065] FindNextFileW (in: hFindFile=0x8037618, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0236.065] GetCurrentThreadId () returned 0x6f8 [0236.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.065] FindNextFileW (in: hFindFile=0x8037618, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x0, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0236.065] GetCurrentThreadId () returned 0x6f8 [0236.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.065] FindNextFileW (in: hFindFile=0x8037618, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x0, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 0 [0236.065] GetCurrentThreadId () returned 0x6f8 [0236.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.066] FindNextFileW (in: hFindFile=0x8037598, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MetaData", cAlternateFileName="")) returned 0 [0236.066] GetCurrentThreadId () returned 0x6f8 [0236.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.066] FindNextFileW (in: hFindFile=0x8037558, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CryptnetUrlCache", cAlternateFileName="CRYPTN~1")) returned 0 [0236.066] GetCurrentThreadId () returned 0x6f8 [0236.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.066] FindNextFileW (in: hFindFile=0x8037518, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0236.066] GetCurrentThreadId () returned 0x6f8 [0236.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.066] FindNextFileW (in: hFindFile=0x8037098, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0236.066] GetCurrentThreadId () returned 0x6f8 [0236.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.066] GetCurrentThreadId () returned 0x6f8 [0236.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.066] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037658 [0236.067] GetCurrentThreadId () returned 0x6f8 [0236.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.067] FindNextFileW (in: hFindFile=0x8037658, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.067] GetCurrentThreadId () returned 0x6f8 [0236.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.067] FindNextFileW (in: hFindFile=0x8037658, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0236.067] GetCurrentThreadId () returned 0x6f8 [0236.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.068] GetCurrentThreadId () returned 0x6f8 [0236.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.068] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037698 [0236.068] GetCurrentThreadId () returned 0x6f8 [0236.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.069] FindNextFileW (in: hFindFile=0x8037698, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.069] GetCurrentThreadId () returned 0x6f8 [0236.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.069] FindNextFileW (in: hFindFile=0x8037698, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0236.069] GetCurrentThreadId () returned 0x6f8 [0236.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.069] GetCurrentThreadId () returned 0x6f8 [0236.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.069] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80376d8 [0236.069] GetCurrentThreadId () returned 0x6f8 [0236.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.069] FindNextFileW (in: hFindFile=0x80376d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.069] GetCurrentThreadId () returned 0x6f8 [0236.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.069] FindNextFileW (in: hFindFile=0x80376d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0236.069] GetCurrentThreadId () returned 0x6f8 [0236.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.069] FindNextFileW (in: hFindFile=0x8037698, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0236.070] GetCurrentThreadId () returned 0x6f8 [0236.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.070] FindNextFileW (in: hFindFile=0x8037658, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0236.070] GetCurrentThreadId () returned 0x6f8 [0236.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.070] GetCurrentThreadId () returned 0x6f8 [0236.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.070] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037718 [0236.072] GetCurrentThreadId () returned 0x6f8 [0236.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.072] FindNextFileW (in: hFindFile=0x8037718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.072] GetCurrentThreadId () returned 0x6f8 [0236.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.072] FindNextFileW (in: hFindFile=0x8037718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0236.072] GetCurrentThreadId () returned 0x6f8 [0236.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.073] GetCurrentThreadId () returned 0x6f8 [0236.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.073] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037758 [0236.073] GetCurrentThreadId () returned 0x6f8 [0236.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.073] FindNextFileW (in: hFindFile=0x8037758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.073] GetCurrentThreadId () returned 0x6f8 [0236.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.073] FindNextFileW (in: hFindFile=0x8037758, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0236.073] GetCurrentThreadId () returned 0x6f8 [0236.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.073] FindNextFileW (in: hFindFile=0x8037718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0236.073] GetCurrentThreadId () returned 0x6f8 [0236.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.073] GetCurrentThreadId () returned 0x6f8 [0236.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x1151b730, dwHighDateTime=0x1d6076d)) [0236.073] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037798 [0236.074] GetCurrentThreadId () returned 0x6f8 [0236.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.074] FindNextFileW (in: hFindFile=0x8037798, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.074] GetCurrentThreadId () returned 0x6f8 [0236.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.074] FindNextFileW (in: hFindFile=0x8037798, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0236.074] GetCurrentThreadId () returned 0x6f8 [0236.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.074] GetCurrentThreadId () returned 0x6f8 [0236.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.074] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80377d8 [0236.074] GetCurrentThreadId () returned 0x6f8 [0236.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.075] FindNextFileW (in: hFindFile=0x80377d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.075] GetCurrentThreadId () returned 0x6f8 [0236.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eb6c | out: lpSystemTimeAsFileTime=0x4e4eb6c*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.075] FindNextFileW (in: hFindFile=0x80377d8, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0236.075] GetCurrentThreadId () returned 0x6f8 [0236.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.075] FindNextFileW (in: hFindFile=0x8037798, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0236.075] GetCurrentThreadId () returned 0x6f8 [0236.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f054 | out: lpSystemTimeAsFileTime=0x4e4f054*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.075] FindNextFileW (in: hFindFile=0x8037718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0236.075] GetCurrentThreadId () returned 0x6f8 [0236.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.075] GetCurrentThreadId () returned 0x6f8 [0236.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.075] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037818 [0236.075] GetCurrentThreadId () returned 0x6f8 [0236.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.075] FindNextFileW (in: hFindFile=0x8037818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.076] GetCurrentThreadId () returned 0x6f8 [0236.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ede0 | out: lpSystemTimeAsFileTime=0x4e4ede0*(dwLowDateTime=0x11541890, dwHighDateTime=0x1d6076d)) [0236.076] FindNextFileW (in: hFindFile=0x8037818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0236.076] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037858 [0236.078] FindNextFileW (in: hFindFile=0x8037858, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.078] FindNextFileW (in: hFindFile=0x8037858, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7de4960a, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e1692f0, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x92, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.078] FindNextFileW (in: hFindFile=0x8037858, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de234aa, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0236.078] FindNextFileW (in: hFindFile=0x8037858, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0236.078] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037898 [0236.078] FindNextFileW (in: hFindFile=0x8037898, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.078] FindNextFileW (in: hFindFile=0x8037898, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0236.078] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80378d8 [0236.079] FindNextFileW (in: hFindFile=0x80378d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.079] FindNextFileW (in: hFindFile=0x80378d8, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0236.079] FindNextFileW (in: hFindFile=0x8037898, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0236.079] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037918 [0236.080] FindNextFileW (in: hFindFile=0x8037918, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.081] FindNextFileW (in: hFindFile=0x8037918, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xd3, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.081] FindNextFileW (in: hFindFile=0x8037918, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0236.081] FindNextFileW (in: hFindFile=0x8037918, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0236.081] FindNextFileW (in: hFindFile=0x8037918, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0236.081] FindNextFileW (in: hFindFile=0x8037918, lpFindFileData=0x4e4e6b8 | out: lpFindFileData=0x4e4e6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0236.081] FindNextFileW (in: hFindFile=0x8037898, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0236.081] FindNextFileW (in: hFindFile=0x8037858, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de6f76b, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0236.081] FindNextFileW (in: hFindFile=0x8037858, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de6f76b, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0236.081] FindNextFileW (in: hFindFile=0x8037818, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 0 [0236.081] FindNextFileW (in: hFindFile=0x8037718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0236.081] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037958 [0236.082] FindNextFileW (in: hFindFile=0x8037958, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.082] FindNextFileW (in: hFindFile=0x8037958, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0236.082] FindNextFileW (in: hFindFile=0x8037958, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0236.082] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037998 [0236.084] FindNextFileW (in: hFindFile=0x8037998, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.084] FindNextFileW (in: hFindFile=0x8037998, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0236.084] FindNextFileW (in: hFindFile=0x8037998, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0236.084] FindNextFileW (in: hFindFile=0x8037998, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0236.084] FindNextFileW (in: hFindFile=0x8037958, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 0 [0236.084] FindNextFileW (in: hFindFile=0x8037718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0236.084] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80379d8 [0236.085] FindNextFileW (in: hFindFile=0x80379d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.085] FindNextFileW (in: hFindFile=0x80379d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0236.085] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037a18 [0236.085] FindNextFileW (in: hFindFile=0x8037a18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.085] FindNextFileW (in: hFindFile=0x8037a18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0236.085] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037a58 [0236.086] FindNextFileW (in: hFindFile=0x8037a58, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.086] FindNextFileW (in: hFindFile=0x8037a58, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0236.086] FindNextFileW (in: hFindFile=0x8037a18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0236.086] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037a98 [0236.087] FindNextFileW (in: hFindFile=0x8037a98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.087] FindNextFileW (in: hFindFile=0x8037a98, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0236.087] FindNextFileW (in: hFindFile=0x8037a18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0236.087] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037ad8 [0236.088] FindNextFileW (in: hFindFile=0x8037ad8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.088] FindNextFileW (in: hFindFile=0x8037ad8, lpFindFileData=0x4e4e92c | out: lpFindFileData=0x4e4e92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0236.088] FindNextFileW (in: hFindFile=0x8037a18, lpFindFileData=0x4e4eba0 | out: lpFindFileData=0x4e4eba0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 0 [0236.088] FindNextFileW (in: hFindFile=0x80379d8, lpFindFileData=0x4e4ee14 | out: lpFindFileData=0x4e4ee14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0 [0236.088] FindNextFileW (in: hFindFile=0x8037718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0236.088] FindNextFileW (in: hFindFile=0x8037718, lpFindFileData=0x4e4f088 | out: lpFindFileData=0x4e4f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0236.088] FindNextFileW (in: hFindFile=0x8037658, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0236.088] FindNextFileW (in: hFindFile=0x8037098, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0 [0236.088] FindNextFileW (in: hFindFile=0x8037058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0236.088] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.089] FindNextFileW (in: hFindFile=0x8037058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0236.089] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037b18 [0236.090] FindNextFileW (in: hFindFile=0x8037b18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.090] FindNextFileW (in: hFindFile=0x8037b18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0236.090] FindNextFileW (in: hFindFile=0x8037b18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.090] FindNextFileW (in: hFindFile=0x8037b18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0236.090] FindNextFileW (in: hFindFile=0x8037058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0236.090] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.090] FindNextFileW (in: hFindFile=0x8037058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0236.090] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037b58 [0236.090] FindNextFileW (in: hFindFile=0x8037b58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.090] FindNextFileW (in: hFindFile=0x8037b58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.090] FindNextFileW (in: hFindFile=0x8037b58, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0236.091] FindNextFileW (in: hFindFile=0x8037058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0236.091] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037b98 [0236.091] FindNextFileW (in: hFindFile=0x8037b98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.091] FindNextFileW (in: hFindFile=0x8037b98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.092] FindNextFileW (in: hFindFile=0x8037b98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0236.092] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.092] FindNextFileW (in: hFindFile=0x8037b98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0236.092] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.092] FindNextFileW (in: hFindFile=0x8037b98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0236.092] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.092] FindNextFileW (in: hFindFile=0x8037b98, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0236.092] FindNextFileW (in: hFindFile=0x8037058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0236.092] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037bd8 [0236.092] FindNextFileW (in: hFindFile=0x8037bd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.093] FindNextFileW (in: hFindFile=0x8037bd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.093] FindNextFileW (in: hFindFile=0x8037bd8, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0236.093] FindNextFileW (in: hFindFile=0x8037058, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0236.093] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037c18 [0236.095] FindNextFileW (in: hFindFile=0x8037c18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.095] FindNextFileW (in: hFindFile=0x8037c18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.095] FindNextFileW (in: hFindFile=0x8037c18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0236.095] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037c58 [0236.096] FindNextFileW (in: hFindFile=0x8037c58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.096] FindNextFileW (in: hFindFile=0x8037c58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfefb1330, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0236.096] FindNextFileW (in: hFindFile=0x8037c58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0236.096] FindNextFileW (in: hFindFile=0x8037c58, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0236.096] FindNextFileW (in: hFindFile=0x8037c18, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0236.096] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037c98 [0236.101] FindNextFileW (in: hFindFile=0x8037c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.101] FindNextFileW (in: hFindFile=0x8037c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0236.101] FindNextFileW (in: hFindFile=0x8037c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0236.101] FindNextFileW (in: hFindFile=0x8037c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0236.101] FindNextFileW (in: hFindFile=0x8037c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0236.101] FindNextFileW (in: hFindFile=0x8037c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0236.102] FindNextFileW (in: hFindFile=0x8037c98, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0236.102] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037cd8 [0236.105] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037d18 [0236.107] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.108] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037d58 [0236.108] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.108] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\NetHood\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.108] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037d98 [0236.109] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.109] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Recent\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.109] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037dd8 [0236.109] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Searches\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037e18 [0236.111] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.112] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.112] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037e58 [0236.112] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.112] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037e98 [0236.113] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037ed8 [0236.113] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037f18 [0236.113] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.113] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.114] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0236.114] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037f58 [0236.114] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037f98 [0236.114] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8037fd8 [0236.115] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8038018 [0236.115] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8038058 [0236.119] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", dwFileAttributes=0x80) returned 1 [0236.120] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x146c [0236.120] GetFileSize (in: hFile=0x146c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8064f1 [0236.387] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", dwFileAttributes=0x20) returned 1 [0236.387] GetCurrentThreadId () returned 0x6f8 [0236.387] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", piIcon=0x4e4efc4) returned 0x550143 [0236.400] GetIconInfo (in: hIcon=0x550143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0236.400] CreateFileW (lpFileName="OsUo.ico" (normalized: "c:\\windows\\system32\\osuo.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0236.401] GetObjectA (in: h=0x705018d, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0236.401] GetObjectA (in: h=0x97050770, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0236.401] CreateCompatibleDC (hdc=0x0) returned 0xe3010776 [0236.401] GetDIBits (in: hdc=0xe3010776, hbm=0x705018d, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0236.401] GetDIBits (in: hdc=0xe3010776, hbm=0x705018d, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0236.401] GetDIBits (in: hdc=0xe3010776, hbm=0x705018d, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0236.401] GetDIBits (in: hdc=0xe3010776, hbm=0x97050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0236.401] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0236.404] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0236.404] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0236.404] WriteFile (in: hFile=0x1470, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0236.405] WriteFile (in: hFile=0x1470, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0236.405] DeleteDC (hdc=0xe3010776) returned 1 [0236.405] CloseHandle (hObject=0x1470) returned 1 [0236.405] DeleteObject (ho=0x705018d) returned 1 [0236.405] DeleteObject (ho=0x97050770) returned 1 [0236.405] DestroyCursor (hCursor=0x550143) returned 1 [0236.405] GetCurrentThreadId () returned 0x6f8 [0236.405] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0236.405] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8064f1 [0236.414] ReadFile (in: hFile=0x1470, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0236.421] ReadFile (in: hFile=0x1470, lpBuffer=0x57a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x57a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0236.428] ReadFile (in: hFile=0x1470, lpBuffer=0x58a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x58a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0236.459] ReadFile (in: hFile=0x1470, lpBuffer=0x59a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x59a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0236.466] ReadFile (in: hFile=0x1470, lpBuffer=0x5aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x5aa0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0236.474] ReadFile (in: hFile=0x1470, lpBuffer=0x5ba0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x5ba0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0236.482] ReadFile (in: hFile=0x1470, lpBuffer=0x5ca0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x5ca0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0236.490] ReadFile (in: hFile=0x1470, lpBuffer=0x5da0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x5da0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0236.526] ReadFile (in: hFile=0x1470, lpBuffer=0x5ea0000, nNumberOfBytesToRead=0x64f1, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x5ea0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x64f1, lpOverlapped=0x0) returned 1 [0236.527] CloseHandle (hObject=0x1470) returned 1 [0236.527] GetCurrentThreadId () returned 0x6f8 [0236.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x11992070, dwHighDateTime=0x1d6076d)) [0236.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x11992070, dwHighDateTime=0x1d6076d)) [0236.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x11992070, dwHighDateTime=0x1d6076d)) [0236.944] GetCurrentThreadId () returned 0x6f8 [0236.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x11d70430, dwHighDateTime=0x1d6076d)) [0236.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x11d70430, dwHighDateTime=0x1d6076d)) [0236.945] GetCurrentThreadId () returned 0x6f8 [0236.945] CreateFileW (lpFileName="IIES.exe" (normalized: "c:\\windows\\system32\\iies.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0236.945] CreateFileW (lpFileName="IIES.exe" (normalized: "c:\\windows\\system32\\iies.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0236.945] GetCurrentThreadId () returned 0x6f8 [0236.945] GetCurrentThreadId () returned 0x6f8 [0236.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x11d70430, dwHighDateTime=0x1d6076d)) [0236.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x11d70430, dwHighDateTime=0x1d6076d)) [0236.946] CreateFileW (lpFileName="IIES.exe" (normalized: "c:\\windows\\system32\\iies.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0236.946] GetCurrentThreadId () returned 0x6f8 [0236.946] BeginUpdateResourceW (pFileName="IIES.exe" (normalized: "c:\\windows\\system32\\iies.exe"), bDeleteExistingResources=0) returned 0x0 [0236.946] CreateFileW (lpFileName="OsUo.ico" (normalized: "c:\\windows\\system32\\osuo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0236.946] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0236.946] ReadFile (in: hFile=0x12c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0236.946] CloseHandle (hObject=0x12c) returned 1 [0236.947] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0236.947] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0236.947] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0236.947] CopyFileW (lpExistingFileName="IIES.exe" (normalized: "c:\\windows\\system32\\iies.exe"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.exe" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.exe"), bFailIfExists=0) returned 0 [0236.947] SetNamedSecurityInfoW () returned 0x2 [0236.947] DeleteFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3")) returned 1 [0237.036] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x5c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x5c, lpOverlapped=0x0) returned 1 [0237.037] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0237.037] DeleteFileW (lpFileName="OsUo.ico" (normalized: "c:\\windows\\system32\\osuo.ico")) returned 1 [0237.038] DeleteFileW (lpFileName="IIES.exe" (normalized: "c:\\windows\\system32\\iies.exe")) returned 0 [0237.039] GetCurrentThreadId () returned 0x6f8 [0237.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x11e54c70, dwHighDateTime=0x1d6076d)) [0237.039] GetCurrentThreadId () returned 0x6f8 [0237.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x11e54c70, dwHighDateTime=0x1d6076d)) [0237.039] FindNextFileW (in: hFindFile=0x8038058, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maid with the Flaxen Hair.mp3", cAlternateFileName="MAIDWI~1.MP3")) returned 1 [0237.039] GetCurrentThreadId () returned 0x6f8 [0237.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x11e54c70, dwHighDateTime=0x1d6076d)) [0237.039] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3")) returned 0x20 [0237.040] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", dwFileAttributes=0x80) returned 1 [0237.040] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0237.041] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3ec5d2 [0237.046] ReadFile (in: hFile=0x12c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x100000, lpOverlapped=0x0) returned 1 [0237.066] ReadFile (in: hFile=0x12c, lpBuffer=0x57a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x57a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x100000, lpOverlapped=0x0) returned 1 [0237.088] ReadFile (in: hFile=0x12c, lpBuffer=0x58a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x58a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x100000, lpOverlapped=0x0) returned 1 [0237.102] ReadFile (in: hFile=0x12c, lpBuffer=0x59a0000, nNumberOfBytesToRead=0xec5d2, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x59a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xec5d2, lpOverlapped=0x0) returned 1 [0237.123] GetCurrentThreadId () returned 0x6f8 [0237.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x11eed1f0, dwHighDateTime=0x1d6076d)) [0237.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x11eed1f0, dwHighDateTime=0x1d6076d)) [0237.123] GetCurrentThreadId () returned 0x6f8 [0237.148] CloseHandle (hObject=0x12c) returned 1 [0237.148] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", dwFileAttributes=0x20) returned 1 [0237.148] GetCurrentThreadId () returned 0x6f8 [0237.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x11f13350, dwHighDateTime=0x1d6076d)) [0237.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x11f13350, dwHighDateTime=0x1d6076d)) [0237.148] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", piIcon=0x4e4efc4) returned 0x560143 [0237.164] GetIconInfo (in: hIcon=0x560143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0237.164] CreateFileW (lpFileName="icIQ.ico" (normalized: "c:\\windows\\system32\\iciq.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x238 [0237.165] GetObjectA (in: h=0x980501fa, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0237.165] GetObjectA (in: h=0xf4050771, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0237.165] CreateCompatibleDC (hdc=0x0) returned 0x400101fb [0237.165] GetDIBits (in: hdc=0x400101fb, hbm=0x980501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0237.165] GetDIBits (in: hdc=0x400101fb, hbm=0x980501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0237.165] GetDIBits (in: hdc=0x400101fb, hbm=0x980501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0237.165] GetDIBits (in: hdc=0x400101fb, hbm=0xf4050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0237.165] WriteFile (in: hFile=0x238, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0237.167] WriteFile (in: hFile=0x238, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0237.167] WriteFile (in: hFile=0x238, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0237.167] WriteFile (in: hFile=0x238, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0237.168] WriteFile (in: hFile=0x238, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0237.168] DeleteDC (hdc=0x400101fb) returned 1 [0237.168] CloseHandle (hObject=0x238) returned 1 [0237.168] DeleteObject (ho=0x980501fa) returned 1 [0237.168] DeleteObject (ho=0xf4050771) returned 1 [0237.168] DestroyCursor (hCursor=0x560143) returned 1 [0237.168] GetCurrentThreadId () returned 0x6f8 [0237.168] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x238 [0237.168] GetFileSize (in: hFile=0x238, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3ec5d2 [0237.173] ReadFile (in: hFile=0x238, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0237.180] ReadFile (in: hFile=0x238, lpBuffer=0x57a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x57a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0237.188] ReadFile (in: hFile=0x238, lpBuffer=0x58a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x58a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0237.194] ReadFile (in: hFile=0x238, lpBuffer=0x59a0000, nNumberOfBytesToRead=0xec5d2, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x59a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xec5d2, lpOverlapped=0x0) returned 1 [0237.200] CloseHandle (hObject=0x238) returned 1 [0237.200] GetCurrentThreadId () returned 0x6f8 [0237.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x11fab8d0, dwHighDateTime=0x1d6076d)) [0237.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x11fab8d0, dwHighDateTime=0x1d6076d)) [0237.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x11fab8d0, dwHighDateTime=0x1d6076d)) [0237.359] GetCurrentThreadId () returned 0x6f8 [0237.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12128690, dwHighDateTime=0x1d6076d)) [0237.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12128690, dwHighDateTime=0x1d6076d)) [0237.359] GetCurrentThreadId () returned 0x6f8 [0237.359] CreateFileW (lpFileName="Scgq.exe" (normalized: "c:\\windows\\system32\\scgq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0237.360] CreateFileW (lpFileName="Scgq.exe" (normalized: "c:\\windows\\system32\\scgq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0237.360] GetCurrentThreadId () returned 0x6f8 [0237.360] GetCurrentThreadId () returned 0x6f8 [0237.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12128690, dwHighDateTime=0x1d6076d)) [0237.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12128690, dwHighDateTime=0x1d6076d)) [0237.360] CreateFileW (lpFileName="Scgq.exe" (normalized: "c:\\windows\\system32\\scgq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0237.360] GetCurrentThreadId () returned 0x6f8 [0237.360] BeginUpdateResourceW (pFileName="Scgq.exe" (normalized: "c:\\windows\\system32\\scgq.exe"), bDeleteExistingResources=0) returned 0x0 [0237.360] CreateFileW (lpFileName="icIQ.ico" (normalized: "c:\\windows\\system32\\iciq.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x238 [0237.360] GetFileSize (in: hFile=0x238, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0237.361] ReadFile (in: hFile=0x238, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0237.361] CloseHandle (hObject=0x238) returned 1 [0237.361] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0237.361] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0237.361] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0237.361] CopyFileW (lpExistingFileName="Scgq.exe" (normalized: "c:\\windows\\system32\\scgq.exe"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.exe" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.exe"), bFailIfExists=0) returned 0 [0237.361] SetNamedSecurityInfoW () returned 0x2 [0237.361] DeleteFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3")) returned 1 [0237.404] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x80, lpOverlapped=0x0) returned 1 [0237.404] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0237.405] DeleteFileW (lpFileName="icIQ.ico" (normalized: "c:\\windows\\system32\\iciq.ico")) returned 1 [0237.407] DeleteFileW (lpFileName="Scgq.exe" (normalized: "c:\\windows\\system32\\scgq.exe")) returned 0 [0237.407] GetCurrentThreadId () returned 0x6f8 [0237.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x1219aab0, dwHighDateTime=0x1d6076d)) [0237.407] GetCurrentThreadId () returned 0x6f8 [0237.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1219aab0, dwHighDateTime=0x1d6076d)) [0237.407] FindNextFileW (in: hFindFile=0x8038058, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 1 [0237.407] GetCurrentThreadId () returned 0x6f8 [0237.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x1219aab0, dwHighDateTime=0x1d6076d)) [0237.407] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3")) returned 0x20 [0237.407] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", dwFileAttributes=0x80) returned 1 [0237.410] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x238 [0237.410] GetFileSize (in: hFile=0x238, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x49e459 [0237.415] ReadFile (in: hFile=0x238, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x100000, lpOverlapped=0x0) returned 1 [0237.435] ReadFile (in: hFile=0x238, lpBuffer=0x57a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x57a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x100000, lpOverlapped=0x0) returned 1 [0237.459] ReadFile (in: hFile=0x238, lpBuffer=0x58a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x58a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x100000, lpOverlapped=0x0) returned 1 [0237.486] ReadFile (in: hFile=0x238, lpBuffer=0x59a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x59a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x100000, lpOverlapped=0x0) returned 1 [0237.498] ReadFile (in: hFile=0x238, lpBuffer=0x5aa0000, nNumberOfBytesToRead=0x9e459, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x5aa0000*, lpNumberOfBytesRead=0x4e4efb8*=0x9e459, lpOverlapped=0x0) returned 1 [0237.509] GetCurrentThreadId () returned 0x6f8 [0237.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x122a5450, dwHighDateTime=0x1d6076d)) [0237.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x122a5450, dwHighDateTime=0x1d6076d)) [0237.509] GetCurrentThreadId () returned 0x6f8 [0237.553] CloseHandle (hObject=0x238) returned 1 [0237.553] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", dwFileAttributes=0x20) returned 1 [0237.553] GetCurrentThreadId () returned 0x6f8 [0237.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x122f1710, dwHighDateTime=0x1d6076d)) [0237.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x122f1710, dwHighDateTime=0x1d6076d)) [0237.553] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", piIcon=0x4e4efc4) returned 0x570143 [0237.565] GetIconInfo (in: hIcon=0x570143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0237.565] CreateFileW (lpFileName="aeYI.ico" (normalized: "c:\\windows\\system32\\aeyi.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0237.566] GetObjectA (in: h=0x9a050770, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0237.566] GetObjectA (in: h=0xc05018d, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0237.566] CreateCompatibleDC (hdc=0x0) returned 0xe6010772 [0237.566] GetDIBits (in: hdc=0xe6010772, hbm=0x9a050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0237.566] GetDIBits (in: hdc=0xe6010772, hbm=0x9a050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0237.566] GetDIBits (in: hdc=0xe6010772, hbm=0x9a050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0237.566] GetDIBits (in: hdc=0xe6010772, hbm=0xc05018d, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0237.566] WriteFile (in: hFile=0x12c, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0237.567] WriteFile (in: hFile=0x12c, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0237.567] WriteFile (in: hFile=0x12c, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0237.567] WriteFile (in: hFile=0x12c, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0237.567] WriteFile (in: hFile=0x12c, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0237.567] DeleteDC (hdc=0xe6010772) returned 1 [0237.567] CloseHandle (hObject=0x12c) returned 1 [0237.568] DeleteObject (ho=0x9a050770) returned 1 [0237.568] DeleteObject (ho=0xc05018d) returned 1 [0237.568] DestroyCursor (hCursor=0x570143) returned 1 [0237.568] GetCurrentThreadId () returned 0x6f8 [0237.568] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0237.568] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x49e459 [0237.573] ReadFile (in: hFile=0x12c, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0237.578] ReadFile (in: hFile=0x12c, lpBuffer=0x57a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x57a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0237.586] ReadFile (in: hFile=0x12c, lpBuffer=0x58a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x58a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0237.607] ReadFile (in: hFile=0x12c, lpBuffer=0x59a0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x59a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x100000, lpOverlapped=0x0) returned 1 [0237.614] ReadFile (in: hFile=0x12c, lpBuffer=0x5aa0000, nNumberOfBytesToRead=0x9e459, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x5aa0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x9e459, lpOverlapped=0x0) returned 1 [0237.619] CloseHandle (hObject=0x12c) returned 1 [0237.619] GetCurrentThreadId () returned 0x6f8 [0237.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x12389c90, dwHighDateTime=0x1d6076d)) [0237.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x12389c90, dwHighDateTime=0x1d6076d)) [0237.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x12389c90, dwHighDateTime=0x1d6076d)) [0237.791] GetCurrentThreadId () returned 0x6f8 [0237.791] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12552d10, dwHighDateTime=0x1d6076d)) [0237.791] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12552d10, dwHighDateTime=0x1d6076d)) [0237.791] GetCurrentThreadId () returned 0x6f8 [0237.791] CreateFileW (lpFileName="iAck.exe" (normalized: "c:\\windows\\system32\\iack.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0237.792] CreateFileW (lpFileName="iAck.exe" (normalized: "c:\\windows\\system32\\iack.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0237.792] GetCurrentThreadId () returned 0x6f8 [0237.792] GetCurrentThreadId () returned 0x6f8 [0237.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12552d10, dwHighDateTime=0x1d6076d)) [0237.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12552d10, dwHighDateTime=0x1d6076d)) [0237.792] CreateFileW (lpFileName="iAck.exe" (normalized: "c:\\windows\\system32\\iack.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0237.792] GetCurrentThreadId () returned 0x6f8 [0237.792] BeginUpdateResourceW (pFileName="iAck.exe" (normalized: "c:\\windows\\system32\\iack.exe"), bDeleteExistingResources=0) returned 0x0 [0237.793] CreateFileW (lpFileName="aeYI.ico" (normalized: "c:\\windows\\system32\\aeyi.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0237.793] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0237.793] ReadFile (in: hFile=0x12c, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0237.793] CloseHandle (hObject=0x12c) returned 1 [0237.793] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0237.793] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0237.794] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0237.794] CopyFileW (lpExistingFileName="iAck.exe" (normalized: "c:\\windows\\system32\\iack.exe"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.exe" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.exe"), bFailIfExists=0) returned 0 [0237.794] SetNamedSecurityInfoW () returned 0x2 [0237.794] DeleteFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3")) returned 1 [0237.869] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x62, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x62, lpOverlapped=0x0) returned 1 [0237.869] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0237.869] DeleteFileW (lpFileName="aeYI.ico" (normalized: "c:\\windows\\system32\\aeyi.ico")) returned 1 [0237.870] DeleteFileW (lpFileName="iAck.exe" (normalized: "c:\\windows\\system32\\iack.exe")) returned 0 [0237.870] GetCurrentThreadId () returned 0x6f8 [0237.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.870] GetCurrentThreadId () returned 0x6f8 [0237.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.870] FindNextFileW (in: hFindFile=0x8038058, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 0 [0237.871] GetCurrentThreadId () returned 0x6f8 [0237.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.871] FindNextFileW (in: hFindFile=0x8038018, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0237.871] GetCurrentThreadId () returned 0x6f8 [0237.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.871] FindNextFileW (in: hFindFile=0x8037e98, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0237.871] GetCurrentThreadId () returned 0x6f8 [0237.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.871] GetCurrentThreadId () returned 0x6f8 [0237.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.871] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8038098 [0237.871] GetCurrentThreadId () returned 0x6f8 [0237.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.871] FindNextFileW (in: hFindFile=0x8038098, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0237.871] GetCurrentThreadId () returned 0x6f8 [0237.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.871] FindNextFileW (in: hFindFile=0x8038098, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0237.871] GetCurrentThreadId () returned 0x6f8 [0237.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.871] FindNextFileW (in: hFindFile=0x8038098, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0237.872] GetCurrentThreadId () returned 0x6f8 [0237.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.872] GetCurrentThreadId () returned 0x6f8 [0237.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.872] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80380d8 [0237.874] GetCurrentThreadId () returned 0x6f8 [0237.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.874] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0237.874] GetCurrentThreadId () returned 0x6f8 [0237.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.874] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0237.874] GetCurrentThreadId () returned 0x6f8 [0237.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x125eb290, dwHighDateTime=0x1d6076d)) [0237.874] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg")) returned 0x20 [0237.875] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", dwFileAttributes=0x80) returned 1 [0237.875] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0237.876] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd6b22 [0237.881] ReadFile (in: hFile=0x1470, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xd6b22, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xd6b22, lpOverlapped=0x0) returned 1 [0237.893] GetCurrentThreadId () returned 0x6f8 [0237.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x126113f0, dwHighDateTime=0x1d6076d)) [0237.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x126113f0, dwHighDateTime=0x1d6076d)) [0237.893] GetCurrentThreadId () returned 0x6f8 [0237.898] CloseHandle (hObject=0x1470) returned 1 [0237.898] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", dwFileAttributes=0x20) returned 1 [0237.898] GetCurrentThreadId () returned 0x6f8 [0237.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x126113f0, dwHighDateTime=0x1d6076d)) [0237.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x126113f0, dwHighDateTime=0x1d6076d)) [0237.898] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", piIcon=0x4e4efc4) returned 0x580143 [0237.919] GetIconInfo (in: hIcon=0x580143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0237.920] CreateFileW (lpFileName="gaMU.ico" (normalized: "c:\\windows\\system32\\gamu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0237.920] GetObjectA (in: h=0xf7050771, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0237.920] GetObjectA (in: h=0x9d0501fa, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0237.920] CreateCompatibleDC (hdc=0x0) returned 0x3e010763 [0237.920] GetDIBits (in: hdc=0x3e010763, hbm=0xf7050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0237.921] GetDIBits (in: hdc=0x3e010763, hbm=0xf7050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0237.921] GetDIBits (in: hdc=0x3e010763, hbm=0xf7050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0237.921] GetDIBits (in: hdc=0x3e010763, hbm=0x9d0501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0237.921] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0237.922] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0237.922] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0237.923] WriteFile (in: hFile=0x1474, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0237.923] WriteFile (in: hFile=0x1474, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0237.923] DeleteDC (hdc=0x3e010763) returned 1 [0237.923] CloseHandle (hObject=0x1474) returned 1 [0237.923] DeleteObject (ho=0xf7050771) returned 1 [0237.924] DeleteObject (ho=0x9d0501fa) returned 1 [0237.924] DestroyCursor (hCursor=0x580143) returned 1 [0237.924] GetCurrentThreadId () returned 0x6f8 [0237.924] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0237.924] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd6b22 [0237.930] ReadFile (in: hFile=0x1474, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xd6b22, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xd6b22, lpOverlapped=0x0) returned 1 [0237.939] CloseHandle (hObject=0x1474) returned 1 [0237.939] GetCurrentThreadId () returned 0x6f8 [0237.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x12683810, dwHighDateTime=0x1d6076d)) [0237.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x12683810, dwHighDateTime=0x1d6076d)) [0237.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x12683810, dwHighDateTime=0x1d6076d)) [0238.030] GetCurrentThreadId () returned 0x6f8 [0238.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12768050, dwHighDateTime=0x1d6076d)) [0238.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12768050, dwHighDateTime=0x1d6076d)) [0238.031] GetCurrentThreadId () returned 0x6f8 [0238.031] CreateFileW (lpFileName="mkwA.exe" (normalized: "c:\\windows\\system32\\mkwa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.031] CreateFileW (lpFileName="mkwA.exe" (normalized: "c:\\windows\\system32\\mkwa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.031] GetCurrentThreadId () returned 0x6f8 [0238.032] GetCurrentThreadId () returned 0x6f8 [0238.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12768050, dwHighDateTime=0x1d6076d)) [0238.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12768050, dwHighDateTime=0x1d6076d)) [0238.032] CreateFileW (lpFileName="mkwA.exe" (normalized: "c:\\windows\\system32\\mkwa.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.032] GetCurrentThreadId () returned 0x6f8 [0238.032] BeginUpdateResourceW (pFileName="mkwA.exe" (normalized: "c:\\windows\\system32\\mkwa.exe"), bDeleteExistingResources=0) returned 0x0 [0238.032] CreateFileW (lpFileName="gaMU.ico" (normalized: "c:\\windows\\system32\\gamu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1474 [0238.032] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0238.032] ReadFile (in: hFile=0x1474, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0238.032] CloseHandle (hObject=0x1474) returned 1 [0238.032] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0238.033] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0238.033] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0238.033] CopyFileW (lpExistingFileName="mkwA.exe" (normalized: "c:\\windows\\system32\\mkwa.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.exe" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.exe"), bFailIfExists=0) returned 0 [0238.033] SetNamedSecurityInfoW () returned 0x2 [0238.033] DeleteFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg")) returned 1 [0238.041] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x74, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x74, lpOverlapped=0x0) returned 1 [0238.041] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0238.041] DeleteFileW (lpFileName="gaMU.ico" (normalized: "c:\\windows\\system32\\gamu.ico")) returned 1 [0238.043] DeleteFileW (lpFileName="mkwA.exe" (normalized: "c:\\windows\\system32\\mkwa.exe")) returned 0 [0238.043] GetCurrentThreadId () returned 0x6f8 [0238.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x1278e1b0, dwHighDateTime=0x1d6076d)) [0238.043] GetCurrentThreadId () returned 0x6f8 [0238.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x1278e1b0, dwHighDateTime=0x1d6076d)) [0238.043] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0238.043] GetCurrentThreadId () returned 0x6f8 [0238.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x1278e1b0, dwHighDateTime=0x1d6076d)) [0238.043] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg")) returned 0x20 [0238.044] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", dwFileAttributes=0x80) returned 1 [0238.044] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0238.044] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce875 [0238.049] ReadFile (in: hFile=0x1474, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xce875, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xce875, lpOverlapped=0x0) returned 1 [0238.058] GetCurrentThreadId () returned 0x6f8 [0238.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x127b4310, dwHighDateTime=0x1d6076d)) [0238.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x127b4310, dwHighDateTime=0x1d6076d)) [0238.058] GetCurrentThreadId () returned 0x6f8 [0238.061] CloseHandle (hObject=0x1474) returned 1 [0238.061] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", dwFileAttributes=0x20) returned 1 [0238.061] GetCurrentThreadId () returned 0x6f8 [0238.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x127b4310, dwHighDateTime=0x1d6076d)) [0238.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x127b4310, dwHighDateTime=0x1d6076d)) [0238.062] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", piIcon=0x4e4efc4) returned 0x590143 [0238.074] GetIconInfo (in: hIcon=0x590143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0238.074] CreateFileW (lpFileName="qUEA.ico" (normalized: "c:\\windows\\system32\\quea.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0238.075] GetObjectA (in: h=0xf05018d, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0238.075] GetObjectA (in: h=0x9f050770, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0238.075] CreateCompatibleDC (hdc=0x0) returned 0xbd01016f [0238.075] GetDIBits (in: hdc=0xbd01016f, hbm=0xf05018d, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0238.075] GetDIBits (in: hdc=0xbd01016f, hbm=0xf05018d, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0238.075] GetDIBits (in: hdc=0xbd01016f, hbm=0xf05018d, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0238.075] GetDIBits (in: hdc=0xbd01016f, hbm=0x9f050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0238.075] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0238.076] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0238.076] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0238.076] WriteFile (in: hFile=0x1470, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0238.076] WriteFile (in: hFile=0x1470, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0238.077] DeleteDC (hdc=0xbd01016f) returned 1 [0238.077] CloseHandle (hObject=0x1470) returned 1 [0238.077] DeleteObject (ho=0xf05018d) returned 1 [0238.077] DeleteObject (ho=0x9f050770) returned 1 [0238.077] DestroyCursor (hCursor=0x590143) returned 1 [0238.077] GetCurrentThreadId () returned 0x6f8 [0238.077] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0238.077] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce875 [0238.082] ReadFile (in: hFile=0x1470, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xce875, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xce875, lpOverlapped=0x0) returned 1 [0238.087] CloseHandle (hObject=0x1470) returned 1 [0238.087] GetCurrentThreadId () returned 0x6f8 [0238.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x128005d0, dwHighDateTime=0x1d6076d)) [0238.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x128005d0, dwHighDateTime=0x1d6076d)) [0238.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x128005d0, dwHighDateTime=0x1d6076d)) [0238.172] GetCurrentThreadId () returned 0x6f8 [0238.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x128becb0, dwHighDateTime=0x1d6076d)) [0238.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x128becb0, dwHighDateTime=0x1d6076d)) [0238.172] GetCurrentThreadId () returned 0x6f8 [0238.172] CreateFileW (lpFileName="UYgy.exe" (normalized: "c:\\windows\\system32\\uygy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.173] CreateFileW (lpFileName="UYgy.exe" (normalized: "c:\\windows\\system32\\uygy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.173] GetCurrentThreadId () returned 0x6f8 [0238.173] GetCurrentThreadId () returned 0x6f8 [0238.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x128becb0, dwHighDateTime=0x1d6076d)) [0238.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x128becb0, dwHighDateTime=0x1d6076d)) [0238.174] CreateFileW (lpFileName="UYgy.exe" (normalized: "c:\\windows\\system32\\uygy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.174] GetCurrentThreadId () returned 0x6f8 [0238.174] BeginUpdateResourceW (pFileName="UYgy.exe" (normalized: "c:\\windows\\system32\\uygy.exe"), bDeleteExistingResources=0) returned 0x0 [0238.174] CreateFileW (lpFileName="qUEA.ico" (normalized: "c:\\windows\\system32\\quea.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1470 [0238.174] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0238.174] ReadFile (in: hFile=0x1470, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0238.174] CloseHandle (hObject=0x1470) returned 1 [0238.175] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0238.175] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0238.175] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0238.175] CopyFileW (lpExistingFileName="UYgy.exe" (normalized: "c:\\windows\\system32\\uygy.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.exe" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.exe"), bFailIfExists=0) returned 0 [0238.175] SetNamedSecurityInfoW () returned 0x2 [0238.175] DeleteFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg")) returned 1 [0238.184] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x66, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x66, lpOverlapped=0x0) returned 1 [0238.185] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0238.185] DeleteFileW (lpFileName="qUEA.ico" (normalized: "c:\\windows\\system32\\quea.ico")) returned 1 [0238.186] DeleteFileW (lpFileName="UYgy.exe" (normalized: "c:\\windows\\system32\\uygy.exe")) returned 0 [0238.186] GetCurrentThreadId () returned 0x6f8 [0238.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x128e4e10, dwHighDateTime=0x1d6076d)) [0238.186] GetCurrentThreadId () returned 0x6f8 [0238.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x128e4e10, dwHighDateTime=0x1d6076d)) [0238.186] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0238.187] GetCurrentThreadId () returned 0x6f8 [0238.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x128e4e10, dwHighDateTime=0x1d6076d)) [0238.187] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hydrangeas.jpg", cAlternateFileName="HYDRAN~1.JPG")) returned 1 [0238.187] GetCurrentThreadId () returned 0x6f8 [0238.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x128e4e10, dwHighDateTime=0x1d6076d)) [0238.187] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg")) returned 0x20 [0238.187] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", dwFileAttributes=0x80) returned 1 [0238.187] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0238.187] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x91554 [0238.192] ReadFile (in: hFile=0x1470, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x91554, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x91554, lpOverlapped=0x0) returned 1 [0238.199] GetCurrentThreadId () returned 0x6f8 [0238.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x1290af70, dwHighDateTime=0x1d6076d)) [0238.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x1290af70, dwHighDateTime=0x1d6076d)) [0238.199] GetCurrentThreadId () returned 0x6f8 [0238.201] CloseHandle (hObject=0x1470) returned 1 [0238.201] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", dwFileAttributes=0x20) returned 1 [0238.202] GetCurrentThreadId () returned 0x6f8 [0238.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x1290af70, dwHighDateTime=0x1d6076d)) [0238.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x1290af70, dwHighDateTime=0x1d6076d)) [0238.202] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", piIcon=0x4e4efc4) returned 0x5a0143 [0238.213] GetIconInfo (in: hIcon=0x5a0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0238.213] CreateFileW (lpFileName="wEMU.ico" (normalized: "c:\\windows\\system32\\wemu.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0238.213] GetObjectA (in: h=0xa00501fa, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0238.213] GetObjectA (in: h=0xfc050771, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0238.213] CreateCompatibleDC (hdc=0x0) returned 0xf0010776 [0238.213] GetDIBits (in: hdc=0xf0010776, hbm=0xa00501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0238.214] GetDIBits (in: hdc=0xf0010776, hbm=0xa00501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0238.214] GetDIBits (in: hdc=0xf0010776, hbm=0xa00501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0238.214] GetDIBits (in: hdc=0xf0010776, hbm=0xfc050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0238.214] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0238.215] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0238.215] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0238.215] WriteFile (in: hFile=0x1474, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0238.215] WriteFile (in: hFile=0x1474, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0238.215] DeleteDC (hdc=0xf0010776) returned 1 [0238.215] CloseHandle (hObject=0x1474) returned 1 [0238.216] DeleteObject (ho=0xa00501fa) returned 1 [0238.216] DeleteObject (ho=0xfc050771) returned 1 [0238.216] DestroyCursor (hCursor=0x5a0143) returned 1 [0238.216] GetCurrentThreadId () returned 0x6f8 [0238.216] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0238.216] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x91554 [0238.221] ReadFile (in: hFile=0x1474, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x91554, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x91554, lpOverlapped=0x0) returned 1 [0238.225] CloseHandle (hObject=0x1474) returned 1 [0238.225] GetCurrentThreadId () returned 0x6f8 [0238.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x129310d0, dwHighDateTime=0x1d6076d)) [0238.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x129310d0, dwHighDateTime=0x1d6076d)) [0238.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x129310d0, dwHighDateTime=0x1d6076d)) [0238.328] GetCurrentThreadId () returned 0x6f8 [0238.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12a3ba70, dwHighDateTime=0x1d6076d)) [0238.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12a3ba70, dwHighDateTime=0x1d6076d)) [0238.328] GetCurrentThreadId () returned 0x6f8 [0238.328] CreateFileW (lpFileName="WYkA.exe" (normalized: "c:\\windows\\system32\\wyka.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.329] CreateFileW (lpFileName="WYkA.exe" (normalized: "c:\\windows\\system32\\wyka.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.329] GetCurrentThreadId () returned 0x6f8 [0238.329] GetCurrentThreadId () returned 0x6f8 [0238.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12a3ba70, dwHighDateTime=0x1d6076d)) [0238.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12a3ba70, dwHighDateTime=0x1d6076d)) [0238.329] CreateFileW (lpFileName="WYkA.exe" (normalized: "c:\\windows\\system32\\wyka.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.330] GetCurrentThreadId () returned 0x6f8 [0238.330] BeginUpdateResourceW (pFileName="WYkA.exe" (normalized: "c:\\windows\\system32\\wyka.exe"), bDeleteExistingResources=0) returned 0x0 [0238.330] CreateFileW (lpFileName="wEMU.ico" (normalized: "c:\\windows\\system32\\wemu.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1474 [0238.330] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0238.330] ReadFile (in: hFile=0x1474, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0238.330] CloseHandle (hObject=0x1474) returned 1 [0238.330] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0238.331] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0238.331] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0238.331] CopyFileW (lpExistingFileName="WYkA.exe" (normalized: "c:\\windows\\system32\\wyka.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.exe" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.exe"), bFailIfExists=0) returned 0 [0238.331] SetNamedSecurityInfoW () returned 0x2 [0238.331] DeleteFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg")) returned 1 [0238.345] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x6e, lpOverlapped=0x0) returned 1 [0238.345] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0238.345] DeleteFileW (lpFileName="wEMU.ico" (normalized: "c:\\windows\\system32\\wemu.ico")) returned 1 [0238.347] DeleteFileW (lpFileName="WYkA.exe" (normalized: "c:\\windows\\system32\\wyka.exe")) returned 0 [0238.347] GetCurrentThreadId () returned 0x6f8 [0238.347] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x12a61bd0, dwHighDateTime=0x1d6076d)) [0238.347] GetCurrentThreadId () returned 0x6f8 [0238.347] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x12a61bd0, dwHighDateTime=0x1d6076d)) [0238.347] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jellyfish.jpg", cAlternateFileName="JELLYF~1.JPG")) returned 1 [0238.347] GetCurrentThreadId () returned 0x6f8 [0238.347] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x12a61bd0, dwHighDateTime=0x1d6076d)) [0238.347] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg")) returned 0x20 [0238.349] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", dwFileAttributes=0x80) returned 1 [0238.349] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0238.349] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbd616 [0238.354] ReadFile (in: hFile=0x1474, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbd616, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xbd616, lpOverlapped=0x0) returned 1 [0238.369] GetCurrentThreadId () returned 0x6f8 [0238.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x12aade90, dwHighDateTime=0x1d6076d)) [0238.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x12aade90, dwHighDateTime=0x1d6076d)) [0238.369] GetCurrentThreadId () returned 0x6f8 [0238.374] CloseHandle (hObject=0x1474) returned 1 [0238.374] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", dwFileAttributes=0x20) returned 1 [0238.374] GetCurrentThreadId () returned 0x6f8 [0238.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x12aade90, dwHighDateTime=0x1d6076d)) [0238.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x12aade90, dwHighDateTime=0x1d6076d)) [0238.374] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", piIcon=0x4e4efc4) returned 0x5b0143 [0238.388] GetIconInfo (in: hIcon=0x5b0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0238.388] CreateFileW (lpFileName="cIYc.ico" (normalized: "c:\\windows\\system32\\ciyc.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0238.395] GetObjectA (in: h=0xa2050770, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0238.395] GetObjectA (in: h=0x1405018d, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0238.395] CreateCompatibleDC (hdc=0x0) returned 0x4d0101fb [0238.395] GetDIBits (in: hdc=0x4d0101fb, hbm=0xa2050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0238.395] GetDIBits (in: hdc=0x4d0101fb, hbm=0xa2050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0238.395] GetDIBits (in: hdc=0x4d0101fb, hbm=0xa2050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0238.395] GetDIBits (in: hdc=0x4d0101fb, hbm=0x1405018d, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0238.395] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0238.397] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0238.397] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0238.397] WriteFile (in: hFile=0x1470, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0238.397] WriteFile (in: hFile=0x1470, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0238.397] DeleteDC (hdc=0x4d0101fb) returned 1 [0238.397] CloseHandle (hObject=0x1470) returned 1 [0238.398] DeleteObject (ho=0xa2050770) returned 1 [0238.398] DeleteObject (ho=0x1405018d) returned 1 [0238.398] DestroyCursor (hCursor=0x5b0143) returned 1 [0238.398] GetCurrentThreadId () returned 0x6f8 [0238.398] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0238.398] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbd616 [0238.403] ReadFile (in: hFile=0x1470, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbd616, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xbd616, lpOverlapped=0x0) returned 1 [0238.407] CloseHandle (hObject=0x1470) returned 1 [0238.407] GetCurrentThreadId () returned 0x6f8 [0238.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x12afa150, dwHighDateTime=0x1d6076d)) [0238.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x12afa150, dwHighDateTime=0x1d6076d)) [0238.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x12afa150, dwHighDateTime=0x1d6076d)) [0238.522] GetCurrentThreadId () returned 0x6f8 [0238.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12c04af0, dwHighDateTime=0x1d6076d)) [0238.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12c04af0, dwHighDateTime=0x1d6076d)) [0238.523] GetCurrentThreadId () returned 0x6f8 [0238.523] CreateFileW (lpFileName="iMoQ.exe" (normalized: "c:\\windows\\system32\\imoq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.523] CreateFileW (lpFileName="iMoQ.exe" (normalized: "c:\\windows\\system32\\imoq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.524] GetCurrentThreadId () returned 0x6f8 [0238.524] GetCurrentThreadId () returned 0x6f8 [0238.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12c04af0, dwHighDateTime=0x1d6076d)) [0238.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12c04af0, dwHighDateTime=0x1d6076d)) [0238.524] CreateFileW (lpFileName="iMoQ.exe" (normalized: "c:\\windows\\system32\\imoq.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.524] GetCurrentThreadId () returned 0x6f8 [0238.524] BeginUpdateResourceW (pFileName="iMoQ.exe" (normalized: "c:\\windows\\system32\\imoq.exe"), bDeleteExistingResources=0) returned 0x0 [0238.524] CreateFileW (lpFileName="cIYc.ico" (normalized: "c:\\windows\\system32\\ciyc.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1470 [0238.524] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0238.525] ReadFile (in: hFile=0x1470, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0238.525] CloseHandle (hObject=0x1470) returned 1 [0238.525] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0238.525] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0238.525] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0238.525] CopyFileW (lpExistingFileName="iMoQ.exe" (normalized: "c:\\windows\\system32\\imoq.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.exe" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.exe"), bFailIfExists=0) returned 0 [0238.526] SetNamedSecurityInfoW () returned 0x2 [0238.526] DeleteFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg")) returned 1 [0238.534] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x6c, lpOverlapped=0x0) returned 1 [0238.534] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0238.535] DeleteFileW (lpFileName="cIYc.ico" (normalized: "c:\\windows\\system32\\ciyc.ico")) returned 1 [0238.536] DeleteFileW (lpFileName="iMoQ.exe" (normalized: "c:\\windows\\system32\\imoq.exe")) returned 0 [0238.536] GetCurrentThreadId () returned 0x6f8 [0238.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x12c2ac50, dwHighDateTime=0x1d6076d)) [0238.536] GetCurrentThreadId () returned 0x6f8 [0238.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x12c2ac50, dwHighDateTime=0x1d6076d)) [0238.536] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Koala.jpg", cAlternateFileName="")) returned 1 [0238.536] GetCurrentThreadId () returned 0x6f8 [0238.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x12c2ac50, dwHighDateTime=0x1d6076d)) [0238.537] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg")) returned 0x20 [0238.537] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", dwFileAttributes=0x80) returned 1 [0238.537] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0238.537] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbea1f [0238.542] ReadFile (in: hFile=0x1470, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbea1f, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xbea1f, lpOverlapped=0x0) returned 1 [0238.553] GetCurrentThreadId () returned 0x6f8 [0238.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x12c50db0, dwHighDateTime=0x1d6076d)) [0238.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x12c50db0, dwHighDateTime=0x1d6076d)) [0238.554] GetCurrentThreadId () returned 0x6f8 [0238.559] CloseHandle (hObject=0x1470) returned 1 [0238.559] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", dwFileAttributes=0x20) returned 1 [0238.560] GetCurrentThreadId () returned 0x6f8 [0238.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x12c76f10, dwHighDateTime=0x1d6076d)) [0238.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x12c76f10, dwHighDateTime=0x1d6076d)) [0238.560] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", piIcon=0x4e4efc4) returned 0x5c0143 [0238.581] GetIconInfo (in: hIcon=0x5c0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0238.581] CreateFileW (lpFileName="iaUw.ico" (normalized: "c:\\windows\\system32\\iauw.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0238.582] GetObjectA (in: h=0xff050771, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0238.582] GetObjectA (in: h=0xa50501fa, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0238.582] CreateCompatibleDC (hdc=0x0) returned 0xf3010772 [0238.582] GetDIBits (in: hdc=0xf3010772, hbm=0xff050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0238.582] GetDIBits (in: hdc=0xf3010772, hbm=0xff050771, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0238.582] GetDIBits (in: hdc=0xf3010772, hbm=0xff050771, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0238.582] GetDIBits (in: hdc=0xf3010772, hbm=0xa50501fa, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0238.582] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0238.583] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0238.583] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0238.583] WriteFile (in: hFile=0x1474, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0238.584] WriteFile (in: hFile=0x1474, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0238.584] DeleteDC (hdc=0xf3010772) returned 1 [0238.584] CloseHandle (hObject=0x1474) returned 1 [0238.584] DeleteObject (ho=0xff050771) returned 1 [0238.584] DeleteObject (ho=0xa50501fa) returned 1 [0238.584] DestroyCursor (hCursor=0x5c0143) returned 1 [0238.584] GetCurrentThreadId () returned 0x6f8 [0238.584] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0238.584] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbea1f [0238.589] ReadFile (in: hFile=0x1474, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbea1f, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xbea1f, lpOverlapped=0x0) returned 1 [0238.594] CloseHandle (hObject=0x1474) returned 1 [0238.594] GetCurrentThreadId () returned 0x6f8 [0238.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x12cc31d0, dwHighDateTime=0x1d6076d)) [0238.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x12cc31d0, dwHighDateTime=0x1d6076d)) [0238.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x12cc31d0, dwHighDateTime=0x1d6076d)) [0238.687] GetCurrentThreadId () returned 0x6f8 [0238.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12da7a10, dwHighDateTime=0x1d6076d)) [0238.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12da7a10, dwHighDateTime=0x1d6076d)) [0238.687] GetCurrentThreadId () returned 0x6f8 [0238.687] CreateFileW (lpFileName="oYEa.exe" (normalized: "c:\\windows\\system32\\oyea.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.688] CreateFileW (lpFileName="oYEa.exe" (normalized: "c:\\windows\\system32\\oyea.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.688] GetCurrentThreadId () returned 0x6f8 [0238.688] GetCurrentThreadId () returned 0x6f8 [0238.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12da7a10, dwHighDateTime=0x1d6076d)) [0238.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12da7a10, dwHighDateTime=0x1d6076d)) [0238.688] CreateFileW (lpFileName="oYEa.exe" (normalized: "c:\\windows\\system32\\oyea.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.688] GetCurrentThreadId () returned 0x6f8 [0238.688] BeginUpdateResourceW (pFileName="oYEa.exe" (normalized: "c:\\windows\\system32\\oyea.exe"), bDeleteExistingResources=0) returned 0x0 [0238.689] CreateFileW (lpFileName="iaUw.ico" (normalized: "c:\\windows\\system32\\iauw.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1474 [0238.689] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0238.689] ReadFile (in: hFile=0x1474, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0238.689] CloseHandle (hObject=0x1474) returned 1 [0238.689] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0238.689] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0238.689] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0238.689] CopyFileW (lpExistingFileName="oYEa.exe" (normalized: "c:\\windows\\system32\\oyea.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.exe" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.exe"), bFailIfExists=0) returned 0 [0238.690] SetNamedSecurityInfoW () returned 0x2 [0238.690] DeleteFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg")) returned 1 [0238.697] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x64, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x64, lpOverlapped=0x0) returned 1 [0238.697] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0238.697] DeleteFileW (lpFileName="iaUw.ico" (normalized: "c:\\windows\\system32\\iauw.ico")) returned 1 [0238.698] DeleteFileW (lpFileName="oYEa.exe" (normalized: "c:\\windows\\system32\\oyea.exe")) returned 0 [0238.698] GetCurrentThreadId () returned 0x6f8 [0238.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x12dcdb70, dwHighDateTime=0x1d6076d)) [0238.698] GetCurrentThreadId () returned 0x6f8 [0238.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x12dcdb70, dwHighDateTime=0x1d6076d)) [0238.698] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lighthouse.jpg", cAlternateFileName="LIGHTH~1.JPG")) returned 1 [0238.698] GetCurrentThreadId () returned 0x6f8 [0238.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x12dcdb70, dwHighDateTime=0x1d6076d)) [0238.699] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg")) returned 0x20 [0238.700] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", dwFileAttributes=0x80) returned 1 [0238.700] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0238.700] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8907c [0238.705] ReadFile (in: hFile=0x1474, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x8907c, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x8907c, lpOverlapped=0x0) returned 1 [0238.713] GetCurrentThreadId () returned 0x6f8 [0238.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x12df3cd0, dwHighDateTime=0x1d6076d)) [0238.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x12df3cd0, dwHighDateTime=0x1d6076d)) [0238.713] GetCurrentThreadId () returned 0x6f8 [0238.716] CloseHandle (hObject=0x1474) returned 1 [0238.716] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", dwFileAttributes=0x20) returned 1 [0238.716] GetCurrentThreadId () returned 0x6f8 [0238.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x12df3cd0, dwHighDateTime=0x1d6076d)) [0238.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x12df3cd0, dwHighDateTime=0x1d6076d)) [0238.716] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", piIcon=0x4e4efc4) returned 0x5d0143 [0238.726] GetIconInfo (in: hIcon=0x5d0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0238.727] CreateFileW (lpFileName="kmkg.ico" (normalized: "c:\\windows\\system32\\kmkg.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0238.727] GetObjectA (in: h=0x1705018d, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0238.727] GetObjectA (in: h=0xa7050770, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0238.727] CreateCompatibleDC (hdc=0x0) returned 0x4b010763 [0238.727] GetDIBits (in: hdc=0x4b010763, hbm=0x1705018d, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0238.728] GetDIBits (in: hdc=0x4b010763, hbm=0x1705018d, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0238.728] GetDIBits (in: hdc=0x4b010763, hbm=0x1705018d, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0238.728] GetDIBits (in: hdc=0x4b010763, hbm=0xa7050770, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0238.728] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0238.729] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0238.729] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0238.729] WriteFile (in: hFile=0x1470, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0238.729] WriteFile (in: hFile=0x1470, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0238.729] DeleteDC (hdc=0x4b010763) returned 1 [0238.730] CloseHandle (hObject=0x1470) returned 1 [0238.730] DeleteObject (ho=0x1705018d) returned 1 [0238.730] DeleteObject (ho=0xa7050770) returned 1 [0238.730] DestroyCursor (hCursor=0x5d0143) returned 1 [0238.730] GetCurrentThreadId () returned 0x6f8 [0238.730] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0238.730] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8907c [0238.735] ReadFile (in: hFile=0x1470, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x8907c, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x8907c, lpOverlapped=0x0) returned 1 [0238.739] CloseHandle (hObject=0x1470) returned 1 [0238.739] GetCurrentThreadId () returned 0x6f8 [0238.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x12e19e30, dwHighDateTime=0x1d6076d)) [0238.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x12e19e30, dwHighDateTime=0x1d6076d)) [0238.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x12e19e30, dwHighDateTime=0x1d6076d)) [0238.914] GetCurrentThreadId () returned 0x6f8 [0238.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12fe2eb0, dwHighDateTime=0x1d6076d)) [0238.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x12fe2eb0, dwHighDateTime=0x1d6076d)) [0238.915] GetCurrentThreadId () returned 0x6f8 [0238.915] CreateFileW (lpFileName="CUYE.exe" (normalized: "c:\\windows\\system32\\cuye.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.916] CreateFileW (lpFileName="CUYE.exe" (normalized: "c:\\windows\\system32\\cuye.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.916] GetCurrentThreadId () returned 0x6f8 [0238.916] GetCurrentThreadId () returned 0x6f8 [0238.916] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12fe2eb0, dwHighDateTime=0x1d6076d)) [0238.916] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x12fe2eb0, dwHighDateTime=0x1d6076d)) [0238.916] CreateFileW (lpFileName="CUYE.exe" (normalized: "c:\\windows\\system32\\cuye.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0238.917] GetCurrentThreadId () returned 0x6f8 [0238.917] BeginUpdateResourceW (pFileName="CUYE.exe" (normalized: "c:\\windows\\system32\\cuye.exe"), bDeleteExistingResources=0) returned 0x0 [0238.917] CreateFileW (lpFileName="kmkg.ico" (normalized: "c:\\windows\\system32\\kmkg.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1470 [0238.917] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0238.917] ReadFile (in: hFile=0x1470, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0238.917] CloseHandle (hObject=0x1470) returned 1 [0238.917] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0238.918] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0238.918] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0238.918] CopyFileW (lpExistingFileName="CUYE.exe" (normalized: "c:\\windows\\system32\\cuye.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.exe" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.exe"), bFailIfExists=0) returned 0 [0238.918] SetNamedSecurityInfoW () returned 0x2 [0238.918] DeleteFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg")) returned 1 [0238.925] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x6e, lpOverlapped=0x0) returned 1 [0238.925] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0238.925] DeleteFileW (lpFileName="kmkg.ico" (normalized: "c:\\windows\\system32\\kmkg.ico")) returned 1 [0238.927] DeleteFileW (lpFileName="CUYE.exe" (normalized: "c:\\windows\\system32\\cuye.exe")) returned 0 [0238.927] GetCurrentThreadId () returned 0x6f8 [0238.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x12fe2eb0, dwHighDateTime=0x1d6076d)) [0238.927] GetCurrentThreadId () returned 0x6f8 [0238.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x12fe2eb0, dwHighDateTime=0x1d6076d)) [0238.927] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Penguins.jpg", cAlternateFileName="")) returned 1 [0238.927] GetCurrentThreadId () returned 0x6f8 [0238.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x12fe2eb0, dwHighDateTime=0x1d6076d)) [0238.927] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg")) returned 0x20 [0238.927] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", dwFileAttributes=0x80) returned 1 [0238.928] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0238.928] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbde6b [0238.935] ReadFile (in: hFile=0x1470, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbde6b, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0xbde6b, lpOverlapped=0x0) returned 1 [0238.945] GetCurrentThreadId () returned 0x6f8 [0238.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x1302f170, dwHighDateTime=0x1d6076d)) [0238.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x1302f170, dwHighDateTime=0x1d6076d)) [0238.945] GetCurrentThreadId () returned 0x6f8 [0238.950] CloseHandle (hObject=0x1470) returned 1 [0238.951] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", dwFileAttributes=0x20) returned 1 [0238.951] GetCurrentThreadId () returned 0x6f8 [0238.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x1302f170, dwHighDateTime=0x1d6076d)) [0238.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x1302f170, dwHighDateTime=0x1d6076d)) [0238.951] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", piIcon=0x4e4efc4) returned 0x5e0143 [0238.967] GetIconInfo (in: hIcon=0x5e0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0238.968] CreateFileW (lpFileName="SEwM.ico" (normalized: "c:\\windows\\system32\\sewm.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0238.969] GetObjectA (in: h=0xa80501fa, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0238.969] GetObjectA (in: h=0x4050771, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0238.969] CreateCompatibleDC (hdc=0x0) returned 0xca01016f [0238.969] GetDIBits (in: hdc=0xca01016f, hbm=0xa80501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0238.969] GetDIBits (in: hdc=0xca01016f, hbm=0xa80501fa, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0238.969] GetDIBits (in: hdc=0xca01016f, hbm=0xa80501fa, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0238.969] GetDIBits (in: hdc=0xca01016f, hbm=0x4050771, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0238.969] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0238.970] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0238.971] WriteFile (in: hFile=0x1474, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0238.971] WriteFile (in: hFile=0x1474, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0238.971] WriteFile (in: hFile=0x1474, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0238.971] DeleteDC (hdc=0xca01016f) returned 1 [0238.971] CloseHandle (hObject=0x1474) returned 1 [0238.972] DeleteObject (ho=0xa80501fa) returned 1 [0238.972] DeleteObject (ho=0x4050771) returned 1 [0238.972] DestroyCursor (hCursor=0x5e0143) returned 1 [0238.972] GetCurrentThreadId () returned 0x6f8 [0238.972] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0238.972] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbde6b [0238.978] ReadFile (in: hFile=0x1474, lpBuffer=0x56a0000, nNumberOfBytesToRead=0xbde6b, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0xbde6b, lpOverlapped=0x0) returned 1 [0238.983] CloseHandle (hObject=0x1474) returned 1 [0238.983] GetCurrentThreadId () returned 0x6f8 [0238.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x1307b430, dwHighDateTime=0x1d6076d)) [0238.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x1307b430, dwHighDateTime=0x1d6076d)) [0238.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x1307b430, dwHighDateTime=0x1d6076d)) [0239.093] GetCurrentThreadId () returned 0x6f8 [0239.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x13185dd0, dwHighDateTime=0x1d6076d)) [0239.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x13185dd0, dwHighDateTime=0x1d6076d)) [0239.093] GetCurrentThreadId () returned 0x6f8 [0239.093] CreateFileW (lpFileName="YYwU.exe" (normalized: "c:\\windows\\system32\\yywu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0239.094] CreateFileW (lpFileName="YYwU.exe" (normalized: "c:\\windows\\system32\\yywu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0239.094] GetCurrentThreadId () returned 0x6f8 [0239.094] GetCurrentThreadId () returned 0x6f8 [0239.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x13185dd0, dwHighDateTime=0x1d6076d)) [0239.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x13185dd0, dwHighDateTime=0x1d6076d)) [0239.094] CreateFileW (lpFileName="YYwU.exe" (normalized: "c:\\windows\\system32\\yywu.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0239.094] GetCurrentThreadId () returned 0x6f8 [0239.094] BeginUpdateResourceW (pFileName="YYwU.exe" (normalized: "c:\\windows\\system32\\yywu.exe"), bDeleteExistingResources=0) returned 0x0 [0239.094] CreateFileW (lpFileName="SEwM.ico" (normalized: "c:\\windows\\system32\\sewm.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1474 [0239.094] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0239.095] ReadFile (in: hFile=0x1474, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0239.095] CloseHandle (hObject=0x1474) returned 1 [0239.095] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0239.095] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0239.095] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0239.095] CopyFileW (lpExistingFileName="YYwU.exe" (normalized: "c:\\windows\\system32\\yywu.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.exe" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.exe"), bFailIfExists=0) returned 0 [0239.095] SetNamedSecurityInfoW () returned 0x2 [0239.095] DeleteFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg")) returned 1 [0239.103] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x6a, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x6a, lpOverlapped=0x0) returned 1 [0239.103] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0239.103] DeleteFileW (lpFileName="SEwM.ico" (normalized: "c:\\windows\\system32\\sewm.ico")) returned 1 [0239.104] DeleteFileW (lpFileName="YYwU.exe" (normalized: "c:\\windows\\system32\\yywu.exe")) returned 0 [0239.104] GetCurrentThreadId () returned 0x6f8 [0239.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x131abf30, dwHighDateTime=0x1d6076d)) [0239.104] GetCurrentThreadId () returned 0x6f8 [0239.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x131abf30, dwHighDateTime=0x1d6076d)) [0239.104] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 1 [0239.105] GetCurrentThreadId () returned 0x6f8 [0239.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efe0 | out: lpSystemTimeAsFileTime=0x4e4efe0*(dwLowDateTime=0x131abf30, dwHighDateTime=0x1d6076d)) [0239.105] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg")) returned 0x20 [0239.106] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", dwFileAttributes=0x80) returned 1 [0239.106] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1474 [0239.106] GetFileSize (in: hFile=0x1474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x97958 [0239.111] ReadFile (in: hFile=0x1474, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x97958, lpNumberOfBytesRead=0x4e4efb8, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4efb8*=0x97958, lpOverlapped=0x0) returned 1 [0239.118] GetCurrentThreadId () returned 0x6f8 [0239.118] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x131d2090, dwHighDateTime=0x1d6076d)) [0239.118] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef40 | out: lpSystemTimeAsFileTime=0x4e4ef40*(dwLowDateTime=0x131d2090, dwHighDateTime=0x1d6076d)) [0239.118] GetCurrentThreadId () returned 0x6f8 [0239.121] CloseHandle (hObject=0x1474) returned 1 [0239.121] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", dwFileAttributes=0x20) returned 1 [0239.122] GetCurrentThreadId () returned 0x6f8 [0239.122] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x131d2090, dwHighDateTime=0x1d6076d)) [0239.122] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4e698 | out: lpSystemTimeAsFileTime=0x4e4e698*(dwLowDateTime=0x131d2090, dwHighDateTime=0x1d6076d)) [0239.122] ExtractAssociatedIconW (in: hInst=0x0, pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", piIcon=0x4e4efc4 | out: pszIconPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", piIcon=0x4e4efc4) returned 0x5f0143 [0239.134] GetIconInfo (in: hIcon=0x5f0143, piconinfo=0x4e4efb0 | out: piconinfo=0x4e4efb0) returned 1 [0239.134] CreateFileW (lpFileName="oeIE.ico" (normalized: "c:\\windows\\system32\\oeie.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0239.134] GetObjectA (in: h=0xaa050770, c=24, pv=0x4e4ef74 | out: pv=0x4e4ef74) returned 24 [0239.135] GetObjectA (in: h=0x1c05018d, c=24, pv=0x4e4ef8c | out: pv=0x4e4ef8c) returned 24 [0239.135] CreateCompatibleDC (hdc=0x0) returned 0xfd010776 [0239.135] GetDIBits (in: hdc=0xfd010776, hbm=0xaa050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4eb24) returned 1 [0239.135] GetDIBits (in: hdc=0xfd010776, hbm=0xaa050770, start=0x0, cLines=0x20, lpvBits=0x5220000, lpbmi=0x4e4eb24, usage=0x0 | out: lpvBits=0x5220000, lpbmi=0x4e4eb24) returned 32 [0239.135] GetDIBits (in: hdc=0xfd010776, hbm=0xaa050770, start=0x0, cLines=0x20, lpvBits=0x0, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x0, lpbmi=0x4e4e6fc) returned 1 [0239.135] GetDIBits (in: hdc=0xfd010776, hbm=0x1c05018d, start=0x0, cLines=0x20, lpvBits=0x5360000, lpbmi=0x4e4e6fc, usage=0x0 | out: lpvBits=0x5360000, lpbmi=0x4e4e6fc) returned 32 [0239.135] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4e6dc*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6dc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x6, lpOverlapped=0x0) returned 1 [0239.136] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4e6cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4e6cc*, lpNumberOfBytesWritten=0x4e4e6c4*=0x10, lpOverlapped=0x0) returned 1 [0239.136] WriteFile (in: hFile=0x1470, lpBuffer=0x4e4ef4c*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x4e4ef4c*, lpNumberOfBytesWritten=0x4e4e6c4*=0x28, lpOverlapped=0x0) returned 1 [0239.136] WriteFile (in: hFile=0x1470, lpBuffer=0x5220000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5220000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x1000, lpOverlapped=0x0) returned 1 [0239.137] WriteFile (in: hFile=0x1470, lpBuffer=0x5360000*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4e4e6c4, lpOverlapped=0x0 | out: lpBuffer=0x5360000*, lpNumberOfBytesWritten=0x4e4e6c4*=0x80, lpOverlapped=0x0) returned 1 [0239.137] DeleteDC (hdc=0xfd010776) returned 1 [0239.137] CloseHandle (hObject=0x1470) returned 1 [0239.137] DeleteObject (ho=0xaa050770) returned 1 [0239.137] DeleteObject (ho=0x1c05018d) returned 1 [0239.137] DestroyCursor (hCursor=0x5f0143) returned 1 [0239.137] GetCurrentThreadId () returned 0x6f8 [0239.137] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1470 [0239.137] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x97958 [0239.142] ReadFile (in: hFile=0x1470, lpBuffer=0x56a0000, nNumberOfBytesToRead=0x97958, lpNumberOfBytesRead=0x4e4f2b0, lpOverlapped=0x0 | out: lpBuffer=0x56a0000*, lpNumberOfBytesRead=0x4e4f2b0*=0x97958, lpOverlapped=0x0) returned 1 [0239.146] CloseHandle (hObject=0x1470) returned 1 [0239.147] GetCurrentThreadId () returned 0x6f8 [0239.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x131f81f0, dwHighDateTime=0x1d6076d)) [0239.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef10 | out: lpSystemTimeAsFileTime=0x4e4ef10*(dwLowDateTime=0x131f81f0, dwHighDateTime=0x1d6076d)) [0239.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ef2c | out: lpSystemTimeAsFileTime=0x4e4ef2c*(dwLowDateTime=0x131f81f0, dwHighDateTime=0x1d6076d)) [0239.248] GetCurrentThreadId () returned 0x6f8 [0239.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x13302b90, dwHighDateTime=0x1d6076d)) [0239.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4eee0 | out: lpSystemTimeAsFileTime=0x4e4eee0*(dwLowDateTime=0x13302b90, dwHighDateTime=0x1d6076d)) [0239.248] GetCurrentThreadId () returned 0x6f8 [0239.248] CreateFileW (lpFileName="mQES.exe" (normalized: "c:\\windows\\system32\\mqes.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x458a18, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0239.249] CreateFileW (lpFileName="mQES.exe" (normalized: "c:\\windows\\system32\\mqes.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0239.252] GetCurrentThreadId () returned 0x6f8 [0239.252] GetCurrentThreadId () returned 0x6f8 [0239.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x13302b90, dwHighDateTime=0x1d6076d)) [0239.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efa0 | out: lpSystemTimeAsFileTime=0x4e4efa0*(dwLowDateTime=0x13302b90, dwHighDateTime=0x1d6076d)) [0239.252] CreateFileW (lpFileName="mQES.exe" (normalized: "c:\\windows\\system32\\mqes.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0239.252] GetCurrentThreadId () returned 0x6f8 [0239.252] BeginUpdateResourceW (pFileName="mQES.exe" (normalized: "c:\\windows\\system32\\mqes.exe"), bDeleteExistingResources=0) returned 0x0 [0239.252] CreateFileW (lpFileName="oeIE.ico" (normalized: "c:\\windows\\system32\\oeie.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1470 [0239.252] GetFileSize (in: hFile=0x1470, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10be [0239.253] ReadFile (in: hFile=0x1470, lpBuffer=0x480000, nNumberOfBytesToRead=0x10be, lpNumberOfBytesRead=0x4e4efc4, lpOverlapped=0x0 | out: lpBuffer=0x480000*, lpNumberOfBytesRead=0x4e4efc4*=0x10be, lpOverlapped=0x0) returned 1 [0239.253] CloseHandle (hObject=0x1470) returned 1 [0239.253] UpdateResourceA (hUpdate=0x0, lpType=0x3, lpName=0x1, wLanguage=0x409, lpData=0x480016, cb=0x10a8) returned 0 [0239.253] UpdateResourceA (hUpdate=0x0, lpType=0xe, lpName=0x1, wLanguage=0x409, lpData=0x4e4efb0, cb=0x14) returned 0 [0239.253] EndUpdateResourceA (hUpdate=0x0, fDiscard=0) returned 0 [0239.253] CopyFileW (lpExistingFileName="mQES.exe" (normalized: "c:\\windows\\system32\\mqes.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.exe" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.exe"), bFailIfExists=0) returned 0 [0239.254] SetNamedSecurityInfoW () returned 0x2 [0239.254] DeleteFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg")) returned 1 [0239.261] WriteFile (in: hFile=0x23c, lpBuffer=0x5240000*, nNumberOfBytesToWrite=0x66, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x5240000*, lpNumberOfBytesWritten=0x4e4f008*=0x66, lpOverlapped=0x0) returned 1 [0239.261] WriteFile (in: hFile=0x23c, lpBuffer=0x45710e*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x4e4f008, lpOverlapped=0x0 | out: lpBuffer=0x45710e*, lpNumberOfBytesWritten=0x4e4f008*=0x4, lpOverlapped=0x0) returned 1 [0239.261] DeleteFileW (lpFileName="oeIE.ico" (normalized: "c:\\windows\\system32\\oeie.ico")) returned 1 [0239.263] DeleteFileW (lpFileName="mQES.exe" (normalized: "c:\\windows\\system32\\mqes.exe")) returned 0 [0239.263] GetCurrentThreadId () returned 0x6f8 [0239.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4efb8 | out: lpSystemTimeAsFileTime=0x4e4efb8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.263] GetCurrentThreadId () returned 0x6f8 [0239.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.263] FindNextFileW (in: hFindFile=0x80380d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 0 [0239.263] GetCurrentThreadId () returned 0x6f8 [0239.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.263] FindNextFileW (in: hFindFile=0x8038098, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0239.263] GetCurrentThreadId () returned 0x6f8 [0239.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.263] FindNextFileW (in: hFindFile=0x8037e98, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0239.264] GetCurrentThreadId () returned 0x6f8 [0239.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.264] GetCurrentThreadId () returned 0x6f8 [0239.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.264] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8038118 [0239.264] GetCurrentThreadId () returned 0x6f8 [0239.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.264] FindNextFileW (in: hFindFile=0x8038118, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0239.264] GetCurrentThreadId () returned 0x6f8 [0239.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.264] FindNextFileW (in: hFindFile=0x8038118, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0239.265] GetCurrentThreadId () returned 0x6f8 [0239.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.265] FindNextFileW (in: hFindFile=0x8038118, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0239.265] GetCurrentThreadId () returned 0x6f8 [0239.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.265] GetCurrentThreadId () returned 0x6f8 [0239.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.265] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8038158 [0239.265] GetCurrentThreadId () returned 0x6f8 [0239.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.265] FindNextFileW (in: hFindFile=0x8038158, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0239.265] GetCurrentThreadId () returned 0x6f8 [0239.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.265] FindNextFileW (in: hFindFile=0x8038158, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0239.265] GetCurrentThreadId () returned 0x6f8 [0239.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.266] FindNextFileW (in: hFindFile=0x8038158, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0239.266] GetCurrentThreadId () returned 0x6f8 [0239.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.266] FindNextFileW (in: hFindFile=0x8038158, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 0 [0239.266] GetCurrentThreadId () returned 0x6f8 [0239.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.266] FindNextFileW (in: hFindFile=0x8038118, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 0 [0239.266] GetCurrentThreadId () returned 0x6f8 [0239.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.266] FindNextFileW (in: hFindFile=0x8037e98, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0239.266] GetCurrentThreadId () returned 0x6f8 [0239.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.266] GetCurrentThreadId () returned 0x6f8 [0239.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.266] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*", lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8038198 [0239.267] GetCurrentThreadId () returned 0x6f8 [0239.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.267] FindNextFileW (in: hFindFile=0x8038198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0239.267] GetCurrentThreadId () returned 0x6f8 [0239.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.267] FindNextFileW (in: hFindFile=0x8038198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0239.267] GetCurrentThreadId () returned 0x6f8 [0239.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.267] FindNextFileW (in: hFindFile=0x8038198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0239.267] GetCurrentThreadId () returned 0x6f8 [0239.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.267] GetCurrentThreadId () returned 0x6f8 [0239.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.268] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x80381d8 [0239.268] GetCurrentThreadId () returned 0x6f8 [0239.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.268] FindNextFileW (in: hFindFile=0x80381d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0239.268] GetCurrentThreadId () returned 0x6f8 [0239.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.268] FindNextFileW (in: hFindFile=0x80381d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0239.268] GetCurrentThreadId () returned 0x6f8 [0239.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.268] FindNextFileW (in: hFindFile=0x80381d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 1 [0239.268] GetCurrentThreadId () returned 0x6f8 [0239.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f2c8 | out: lpSystemTimeAsFileTime=0x4e4f2c8*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.268] FindNextFileW (in: hFindFile=0x80381d8, lpFindFileData=0x4e4f2fc | out: lpFindFileData=0x4e4f2fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 0 [0239.268] GetCurrentThreadId () returned 0x6f8 [0239.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f53c | out: lpSystemTimeAsFileTime=0x4e4f53c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.268] FindNextFileW (in: hFindFile=0x8038198, lpFindFileData=0x4e4f570 | out: lpFindFileData=0x4e4f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0239.269] GetCurrentThreadId () returned 0x6f8 [0239.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4f7b0 | out: lpSystemTimeAsFileTime=0x4e4f7b0*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.269] FindNextFileW (in: hFindFile=0x8037e98, lpFindFileData=0x4e4f7e4 | out: lpFindFileData=0x4e4f7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0239.269] GetCurrentThreadId () returned 0x6f8 [0239.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fa24 | out: lpSystemTimeAsFileTime=0x4e4fa24*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.269] FindNextFileW (in: hFindFile=0x6a8a88, lpFindFileData=0x4e4fa58 | out: lpFindFileData=0x4e4fa58*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0 [0239.269] GetCurrentThreadId () returned 0x6f8 [0239.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.269] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0239.269] GetCurrentThreadId () returned 0x6f8 [0239.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fc98 | out: lpSystemTimeAsFileTime=0x4e4fc98*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.269] FindNextFileW (in: hFindFile=0x5f5448, lpFindFileData=0x4e4fccc | out: lpFindFileData=0x4e4fccc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0239.269] GetCurrentThreadId () returned 0x6f8 [0239.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff3c | out: lpSystemTimeAsFileTime=0x4e4ff3c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.270] GetCurrentThreadId () returned 0x6f8 [0239.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff3c | out: lpSystemTimeAsFileTime=0x4e4ff3c*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.270] GetCurrentThreadId () returned 0x6f8 [0239.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff10 | out: lpSystemTimeAsFileTime=0x4e4ff10*(dwLowDateTime=0x13328cf0, dwHighDateTime=0x1d6076d)) [0239.270] VirtualAlloc (lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0239.270] GetCurrentThreadId () returned 0x6f8 [0239.270] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0239.271] GetCurrentThreadId () returned 0x6f8 [0239.271] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x454c4e, lphEnum=0x4e4ff48 | out: lphEnum=0x4e4ff48*=0x8038258) returned 0x0 [0242.468] WNetEnumResourceW (in: hEnum=0x8038258, lpcCount=0x4e4ff50, lpBuffer=0x4e60000, lpBufferSize=0x4e4ff4c | out: lpcCount=0x4e4ff50, lpBuffer=0x4e60000, lpBufferSize=0x4e4ff4c) returned 0x0 [0242.469] GetCurrentThreadId () returned 0x6f8 [0242.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fea4 | out: lpSystemTimeAsFileTime=0x4e4fea4*(dwLowDateTime=0x13837bb0, dwHighDateTime=0x1d6076d)) [0242.469] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x40) returned 0x4e70000 [0242.469] GetCurrentThreadId () returned 0x6f8 [0242.469] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x4e60000, lphEnum=0x4e4fedc | out: lphEnum=0x4e4fedc*=0x6b72f0) returned 0x0 [0242.473] WNetEnumResourceW (in: hEnum=0x6b72f0, lpcCount=0x4e4fee4, lpBuffer=0x4e70000, lpBufferSize=0x4e4fee0 | out: lpcCount=0x4e4fee4, lpBuffer=0x4e70000, lpBufferSize=0x4e4fee0) returned 0x103 [0242.473] VirtualFree (lpAddress=0x4e70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.473] GetCurrentThreadId () returned 0x6f8 [0242.473] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fea4 | out: lpSystemTimeAsFileTime=0x4e4fea4*(dwLowDateTime=0x1385dd10, dwHighDateTime=0x1d6076d)) [0242.473] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x40) returned 0x4e70000 [0242.474] GetCurrentThreadId () returned 0x6f8 [0242.474] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x4e60020, lphEnum=0x4e4fedc | out: lphEnum=0x4e4fedc*=0x6b72f0) returned 0x4b8 [0256.238] VirtualFree (lpAddress=0x4e70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.238] GetCurrentThreadId () returned 0x6f8 [0256.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4fea4 | out: lpSystemTimeAsFileTime=0x4e4fea4*(dwLowDateTime=0x1b8c1fb0, dwHighDateTime=0x1d6076d)) [0256.238] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x40) returned 0x4e70000 [0256.239] GetCurrentThreadId () returned 0x6f8 [0256.239] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x4e60040, lphEnum=0x4e4fedc | out: lphEnum=0x4e4fedc*=0x6b72f0) returned 0x4c6 [0256.243] VirtualFree (lpAddress=0x4e70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.245] VirtualFree (lpAddress=0x4e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.246] GetCurrentThreadId () returned 0x6f8 [0256.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff3c | out: lpSystemTimeAsFileTime=0x4e4ff3c*(dwLowDateTime=0x1b8e8110, dwHighDateTime=0x1d6076d)) [0256.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff50 | out: lpSystemTimeAsFileTime=0x4e4ff50*(dwLowDateTime=0x1b8e8110, dwHighDateTime=0x1d6076d)) [0256.246] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0256.246] ReleaseMutex (hMutex=0x158) returned 1 [0256.246] CloseHandle (hObject=0x23c) returned 1 [0256.252] GetCurrentThreadId () returned 0x6f8 [0256.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff3c | out: lpSystemTimeAsFileTime=0x4e4ff3c*(dwLowDateTime=0x1b8e8110, dwHighDateTime=0x1d6076d)) [0256.252] Sleep (dwMilliseconds=0x15f90) [0267.914] ReleaseMutex (hMutex=0x15c) returned 1 [0267.914] GetCurrentThreadId () returned 0x6f8 [0267.914] GetCurrentThreadId () returned 0x6f8 [0267.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff64 | out: lpSystemTimeAsFileTime=0x4e4ff64*(dwLowDateTime=0x2186b3d0, dwHighDateTime=0x1d6076d)) [0267.914] Sleep (dwMilliseconds=0x18ba) [0274.268] GetCurrentThreadId () returned 0x6f8 [0274.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e4ff64 | out: lpSystemTimeAsFileTime=0x4e4ff64*(dwLowDateTime=0x254d2210, dwHighDateTime=0x1d6076d)) [0274.268] Sleep (dwMilliseconds=0x2454) Thread: id = 388 os_tid = 0x6fc [0173.424] GetCurrentThreadId () returned 0x6fc [0173.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f8ff28 | out: lpSystemTimeAsFileTime=0x4f8ff28*(dwLowDateTime=0xedf6fed0, dwHighDateTime=0x1d6076c)) [0173.425] GetCurrentThreadId () returned 0x6fc [0173.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f8ff58 | out: lpSystemTimeAsFileTime=0x4f8ff58*(dwLowDateTime=0xedf725e0, dwHighDateTime=0x1d6076c)) [0173.429] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f8ff6c | out: lpSystemTimeAsFileTime=0x4f8ff6c*(dwLowDateTime=0xedf77400, dwHighDateTime=0x1d6076c)) [0173.429] GetCurrentThreadId () returned 0x6fc [0173.429] gethostbyname (name="google.com") returned 0x1f14850*(h_name="google.com", h_aliases=0x1f14860*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x1f14864*=([0]="172.217.23.142")) [0194.778] socket (af=2, type=1, protocol=0) returned 0x3dc [0194.849] htons (hostshort=0x50) returned 0x5000 [0194.849] connect (s=0x3dc, name=0x4f8ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned -1 [0215.953] shutdown (s=0x3dc, how=2) returned -1 [0215.953] closesocket (s=0x3dc) returned 0 [0215.970] GetCurrentThreadId () returned 0x6fc [0215.970] GetCurrentThreadId () returned 0x6fc [0215.971] GetCurrentThreadId () returned 0x6fc [0215.971] GetCurrentThreadId () returned 0x6fc [0215.973] GetCurrentThreadId () returned 0x6fc [0215.973] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f8ff58 | out: lpSystemTimeAsFileTime=0x4f8ff58*(dwLowDateTime=0x563b310, dwHighDateTime=0x1d6076d)) [0215.974] Sleep (dwMilliseconds=0x15e15) [0226.016] GetCurrentThreadId () returned 0x6fc [0226.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f8ff58 | out: lpSystemTimeAsFileTime=0x4f8ff58*(dwLowDateTime=0xb60a890, dwHighDateTime=0x1d6076d)) [0226.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f8ff6c | out: lpSystemTimeAsFileTime=0x4f8ff6c*(dwLowDateTime=0xb60a890, dwHighDateTime=0x1d6076d)) [0226.016] GetCurrentThreadId () returned 0x6fc [0226.016] gethostbyname (name="google.com") Thread: id = 389 os_tid = 0x700 [0175.372] GetCurrentThreadId () returned 0x700 [0175.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe78 | out: lpSystemTimeAsFileTime=0x50cfe78*(dwLowDateTime=0xef0e0c50, dwHighDateTime=0x1d6076c)) [0175.372] GetCurrentThreadId () returned 0x700 [0175.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0xef0e0c50, dwHighDateTime=0x1d6076c)) [0175.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0xef0e0c50, dwHighDateTime=0x1d6076c)) [0175.376] GetCurrentThreadId () returned 0x700 [0175.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0xef106db0, dwHighDateTime=0x1d6076c)) [0175.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0xef106db0, dwHighDateTime=0x1d6076c)) [0175.376] GetCurrentThreadId () returned 0x700 [0175.376] GetCurrentThreadId () returned 0x700 [0175.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0xef106db0, dwHighDateTime=0x1d6076c)) [0175.376] Sleep (dwMilliseconds=0x84e68) [0187.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0xf50fc490, dwHighDateTime=0x1d6076c)) [0187.252] GetCurrentThreadId () returned 0x700 [0187.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0xf50fc490, dwHighDateTime=0x1d6076c)) [0187.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0xf50fc490, dwHighDateTime=0x1d6076c)) [0187.252] GetCurrentThreadId () returned 0x700 [0187.252] GetCurrentThreadId () returned 0x700 [0187.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0xf50fc490, dwHighDateTime=0x1d6076c)) [0187.252] Sleep (dwMilliseconds=0x6b9c8) [0197.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0xfb0a58b0, dwHighDateTime=0x1d6076c)) [0197.382] GetCurrentThreadId () returned 0x700 [0197.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0xfb0a58b0, dwHighDateTime=0x1d6076c)) [0197.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0xfb0a58b0, dwHighDateTime=0x1d6076c)) [0197.383] GetCurrentThreadId () returned 0x700 [0197.383] GetCurrentThreadId () returned 0x700 [0197.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0xfb0a58b0, dwHighDateTime=0x1d6076c)) [0197.383] Sleep (dwMilliseconds=0x9f650) [0208.431] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0x1028b70, dwHighDateTime=0x1d6076d)) [0208.431] GetCurrentThreadId () returned 0x700 [0208.431] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x1028b70, dwHighDateTime=0x1d6076d)) [0208.431] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x1028b70, dwHighDateTime=0x1d6076d)) [0208.431] GetCurrentThreadId () returned 0x700 [0208.431] GetCurrentThreadId () returned 0x700 [0208.431] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0x1028b70, dwHighDateTime=0x1d6076d)) [0208.431] Sleep (dwMilliseconds=0xa915c) [0218.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0x6ff80f0, dwHighDateTime=0x1d6076d)) [0218.666] GetCurrentThreadId () returned 0x700 [0218.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x6ff80f0, dwHighDateTime=0x1d6076d)) [0218.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x6ff80f0, dwHighDateTime=0x1d6076d)) [0218.666] GetCurrentThreadId () returned 0x700 [0218.666] GetCurrentThreadId () returned 0x700 [0218.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0x6ff80f0, dwHighDateTime=0x1d6076d)) [0218.666] Sleep (dwMilliseconds=0xa0949) [0228.759] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0xcfc7670, dwHighDateTime=0x1d6076d)) [0228.759] GetCurrentThreadId () returned 0x700 [0228.759] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0xcfc7670, dwHighDateTime=0x1d6076d)) [0228.759] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0xcfc7670, dwHighDateTime=0x1d6076d)) [0228.759] GetCurrentThreadId () returned 0x700 [0228.759] GetCurrentThreadId () returned 0x700 [0228.759] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0xcfc7670, dwHighDateTime=0x1d6076d)) [0228.759] Sleep (dwMilliseconds=0xba92d) [0238.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0x12f4a930, dwHighDateTime=0x1d6076d)) [0238.852] GetCurrentThreadId () returned 0x700 [0238.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x12f4a930, dwHighDateTime=0x1d6076d)) [0238.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x12f4a930, dwHighDateTime=0x1d6076d)) [0238.852] GetCurrentThreadId () returned 0x700 [0238.852] GetCurrentThreadId () returned 0x700 [0238.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0x12f4a930, dwHighDateTime=0x1d6076d)) [0238.852] Sleep (dwMilliseconds=0x891bd) [0251.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0x18ecdbf0, dwHighDateTime=0x1d6076d)) [0251.830] GetCurrentThreadId () returned 0x700 [0251.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x18ecdbf0, dwHighDateTime=0x1d6076d)) [0251.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x18ecdbf0, dwHighDateTime=0x1d6076d)) [0251.830] GetCurrentThreadId () returned 0x700 [0251.830] GetCurrentThreadId () returned 0x700 [0251.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0x18ecdbf0, dwHighDateTime=0x1d6076d)) [0251.830] Sleep (dwMilliseconds=0x93fd9) [0263.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0x1ee50eb0, dwHighDateTime=0x1d6076d)) [0263.499] GetCurrentThreadId () returned 0x700 [0263.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x1ee50eb0, dwHighDateTime=0x1d6076d)) [0263.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x1ee50eb0, dwHighDateTime=0x1d6076d)) [0263.499] GetCurrentThreadId () returned 0x700 [0263.499] GetCurrentThreadId () returned 0x700 [0263.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0x1ee50eb0, dwHighDateTime=0x1d6076d)) [0263.499] Sleep (dwMilliseconds=0xbe040) [0273.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfebc | out: lpSystemTimeAsFileTime=0x50cfebc*(dwLowDateTime=0x24dd4170, dwHighDateTime=0x1d6076d)) [0273.530] GetCurrentThreadId () returned 0x700 [0273.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x24dd4170, dwHighDateTime=0x1d6076d)) [0273.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfe98 | out: lpSystemTimeAsFileTime=0x50cfe98*(dwLowDateTime=0x24dd4170, dwHighDateTime=0x1d6076d)) [0273.530] GetCurrentThreadId () returned 0x700 [0273.530] GetCurrentThreadId () returned 0x700 [0273.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cfea8 | out: lpSystemTimeAsFileTime=0x50cfea8*(dwLowDateTime=0x24dd4170, dwHighDateTime=0x1d6076d)) [0273.530] Sleep (dwMilliseconds=0x70fde) Thread: id = 390 os_tid = 0x704 [0175.402] GetCurrentThreadId () returned 0x704 [0175.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fea8 | out: lpSystemTimeAsFileTime=0x520fea8*(dwLowDateTime=0xef12cf10, dwHighDateTime=0x1d6076c)) [0175.403] GetCurrentThreadId () returned 0x704 [0175.403] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xef12cf10, dwHighDateTime=0x1d6076c)) [0175.403] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0175.403] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xef12cf10, dwHighDateTime=0x1d6076c)) [0175.403] ReleaseMutex (hMutex=0x158) returned 1 [0175.403] Sleep (dwMilliseconds=0x66c) [0177.139] GetCurrentThreadId () returned 0x704 [0177.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf01d6910, dwHighDateTime=0x1d6076c)) [0177.139] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0177.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf01d6910, dwHighDateTime=0x1d6076c)) [0177.139] ReleaseMutex (hMutex=0x158) returned 1 [0177.139] Sleep (dwMilliseconds=0x75f) [0179.133] GetCurrentThreadId () returned 0x704 [0179.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf14bb7b0, dwHighDateTime=0x1d6076c)) [0179.133] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0179.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf14bb7b0, dwHighDateTime=0x1d6076c)) [0179.133] ReleaseMutex (hMutex=0x158) returned 1 [0179.133] Sleep (dwMilliseconds=0x441) [0180.367] GetCurrentThreadId () returned 0x704 [0180.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf1fe3ed0, dwHighDateTime=0x1d6076c)) [0180.367] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0180.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf1fe3ed0, dwHighDateTime=0x1d6076c)) [0180.367] ReleaseMutex (hMutex=0x158) returned 1 [0180.367] Sleep (dwMilliseconds=0x509) [0181.801] GetCurrentThreadId () returned 0x704 [0181.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf2d6dbf0, dwHighDateTime=0x1d6076c)) [0181.801] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0181.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf2d6dbf0, dwHighDateTime=0x1d6076c)) [0181.801] ReleaseMutex (hMutex=0x158) returned 1 [0181.803] Sleep (dwMilliseconds=0x516) [0183.388] GetCurrentThreadId () returned 0x704 [0183.388] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf3c022b0, dwHighDateTime=0x1d6076c)) [0183.388] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0183.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf3c28410, dwHighDateTime=0x1d6076c)) [0183.403] ReleaseMutex (hMutex=0x158) returned 1 [0183.403] Sleep (dwMilliseconds=0x407) [0184.491] GetCurrentThreadId () returned 0x704 [0184.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf466c2f0, dwHighDateTime=0x1d6076c)) [0184.491] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0184.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf466c2f0, dwHighDateTime=0x1d6076c)) [0184.491] ReleaseMutex (hMutex=0x158) returned 1 [0184.491] Sleep (dwMilliseconds=0x61a) [0187.717] GetCurrentThreadId () returned 0x704 [0187.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf5572dd0, dwHighDateTime=0x1d6076c)) [0187.717] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0187.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf5572dd0, dwHighDateTime=0x1d6076c)) [0187.717] ReleaseMutex (hMutex=0x158) returned 1 [0187.717] Sleep (dwMilliseconds=0x63c) [0189.604] GetCurrentThreadId () returned 0x704 [0189.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf6773430, dwHighDateTime=0x1d6076c)) [0189.604] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0189.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf6773430, dwHighDateTime=0x1d6076c)) [0189.604] ReleaseMutex (hMutex=0x158) returned 1 [0189.604] Sleep (dwMilliseconds=0x735) [0191.631] GetCurrentThreadId () returned 0x704 [0191.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.631] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0191.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.631] ReleaseMutex (hMutex=0x158) returned 1 [0191.631] Sleep (dwMilliseconds=0x66a) [0193.283] GetCurrentThreadId () returned 0x704 [0193.283] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf8a8f8b0, dwHighDateTime=0x1d6076c)) [0193.283] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0193.283] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf8a8f8b0, dwHighDateTime=0x1d6076c)) [0193.283] ReleaseMutex (hMutex=0x158) returned 1 [0193.284] Sleep (dwMilliseconds=0x4e1) [0194.547] GetCurrentThreadId () returned 0x704 [0194.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf969c810, dwHighDateTime=0x1d6076c)) [0194.547] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0194.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf969c810, dwHighDateTime=0x1d6076c)) [0194.547] ReleaseMutex (hMutex=0x158) returned 1 [0194.548] Sleep (dwMilliseconds=0x458) [0195.812] GetCurrentThreadId () returned 0x704 [0195.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.812] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0195.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xfa1c4f30, dwHighDateTime=0x1d6076c)) [0195.812] ReleaseMutex (hMutex=0x158) returned 1 [0195.812] Sleep (dwMilliseconds=0x6d7) [0197.581] GetCurrentThreadId () returned 0x704 [0197.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xfb294a90, dwHighDateTime=0x1d6076c)) [0197.581] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0197.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xfb294a90, dwHighDateTime=0x1d6076c)) [0197.581] ReleaseMutex (hMutex=0x158) returned 1 [0197.581] Sleep (dwMilliseconds=0x762) [0199.477] GetCurrentThreadId () returned 0x704 [0199.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xfc4bb250, dwHighDateTime=0x1d6076c)) [0199.477] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0199.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xfc4bb250, dwHighDateTime=0x1d6076c)) [0199.477] ReleaseMutex (hMutex=0x158) returned 1 [0199.477] Sleep (dwMilliseconds=0x3e9) [0200.490] GetCurrentThreadId () returned 0x704 [0200.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xfce66bb0, dwHighDateTime=0x1d6076c)) [0200.491] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0200.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xfce66bb0, dwHighDateTime=0x1d6076c)) [0200.491] ReleaseMutex (hMutex=0x158) returned 1 [0200.491] Sleep (dwMilliseconds=0x6ea) [0202.284] GetCurrentThreadId () returned 0x704 [0202.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xfdf5c870, dwHighDateTime=0x1d6076c)) [0202.284] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0202.285] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xfdf5c870, dwHighDateTime=0x1d6076c)) [0202.285] ReleaseMutex (hMutex=0x158) returned 1 [0202.285] Sleep (dwMilliseconds=0x527) [0203.610] GetCurrentThreadId () returned 0x704 [0203.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xfec01d50, dwHighDateTime=0x1d6076c)) [0203.610] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0203.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xfec01d50, dwHighDateTime=0x1d6076c)) [0203.610] ReleaseMutex (hMutex=0x158) returned 1 [0203.611] Sleep (dwMilliseconds=0x517) [0205.951] GetCurrentThreadId () returned 0x704 [0205.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xff8810d0, dwHighDateTime=0x1d6076c)) [0205.951] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0205.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xff8810d0, dwHighDateTime=0x1d6076c)) [0205.951] ReleaseMutex (hMutex=0x158) returned 1 [0205.951] Sleep (dwMilliseconds=0x737) [0207.838] GetCurrentThreadId () returned 0x704 [0207.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xa81730, dwHighDateTime=0x1d6076d)) [0207.838] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0207.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xa81730, dwHighDateTime=0x1d6076d)) [0207.838] ReleaseMutex (hMutex=0x158) returned 1 [0207.838] Sleep (dwMilliseconds=0x516) [0209.273] GetCurrentThreadId () returned 0x704 [0209.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x174cd70, dwHighDateTime=0x1d6076d)) [0209.273] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0209.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x174cd70, dwHighDateTime=0x1d6076d)) [0209.273] ReleaseMutex (hMutex=0x158) returned 1 [0209.273] Sleep (dwMilliseconds=0x593) [0210.724] GetCurrentThreadId () returned 0x704 [0210.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x2522d50, dwHighDateTime=0x1d6076d)) [0210.724] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0210.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x2522d50, dwHighDateTime=0x1d6076d)) [0210.724] ReleaseMutex (hMutex=0x158) returned 1 [0210.724] Sleep (dwMilliseconds=0x566) [0212.222] GetCurrentThreadId () returned 0x704 [0212.222] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x32aca70, dwHighDateTime=0x1d6076d)) [0212.222] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0212.222] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x32aca70, dwHighDateTime=0x1d6076d)) [0212.222] ReleaseMutex (hMutex=0x158) returned 1 [0212.222] Sleep (dwMilliseconds=0x599) [0213.691] GetCurrentThreadId () returned 0x704 [0213.691] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x4082a50, dwHighDateTime=0x1d6076d)) [0213.691] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0213.692] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x4082a50, dwHighDateTime=0x1d6076d)) [0213.692] ReleaseMutex (hMutex=0x158) returned 1 [0213.692] Sleep (dwMilliseconds=0x736) [0215.779] GetCurrentThreadId () returned 0x704 [0215.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x5472290, dwHighDateTime=0x1d6076d)) [0215.779] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0215.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x5472290, dwHighDateTime=0x1d6076d)) [0215.780] ReleaseMutex (hMutex=0x158) returned 1 [0215.780] Sleep (dwMilliseconds=0x60d) [0217.372] GetCurrentThreadId () returned 0x704 [0217.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x639eed0, dwHighDateTime=0x1d6076d)) [0217.373] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0217.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x639eed0, dwHighDateTime=0x1d6076d)) [0217.373] ReleaseMutex (hMutex=0x158) returned 1 [0217.373] Sleep (dwMilliseconds=0x3f6) [0218.384] GetCurrentThreadId () returned 0x704 [0218.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x6d4a830, dwHighDateTime=0x1d6076d)) [0218.384] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0218.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x6d4a830, dwHighDateTime=0x1d6076d)) [0218.384] ReleaseMutex (hMutex=0x158) returned 1 [0218.384] Sleep (dwMilliseconds=0x61a) [0220.053] GetCurrentThreadId () returned 0x704 [0220.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x7d35b50, dwHighDateTime=0x1d6076d)) [0220.053] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0220.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x7d35b50, dwHighDateTime=0x1d6076d)) [0220.053] ReleaseMutex (hMutex=0x158) returned 1 [0220.053] Sleep (dwMilliseconds=0x485) [0221.238] GetCurrentThreadId () returned 0x704 [0221.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x88843d0, dwHighDateTime=0x1d6076d)) [0221.238] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0221.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x88843d0, dwHighDateTime=0x1d6076d)) [0221.239] ReleaseMutex (hMutex=0x158) returned 1 [0221.239] Sleep (dwMilliseconds=0x484) [0222.428] GetCurrentThreadId () returned 0x704 [0222.428] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x93d2c50, dwHighDateTime=0x1d6076d)) [0222.428] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0222.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x93f8db0, dwHighDateTime=0x1d6076d)) [0222.448] ReleaseMutex (hMutex=0x158) returned 1 [0222.448] Sleep (dwMilliseconds=0x66d) [0224.125] GetCurrentThreadId () returned 0x704 [0224.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xa40a230, dwHighDateTime=0x1d6076d)) [0224.125] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0224.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xa40a230, dwHighDateTime=0x1d6076d)) [0224.125] ReleaseMutex (hMutex=0x158) returned 1 [0224.125] Sleep (dwMilliseconds=0x43e) [0225.247] GetCurrentThreadId () returned 0x704 [0225.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xaec0530, dwHighDateTime=0x1d6076d)) [0225.247] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0225.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xaec0530, dwHighDateTime=0x1d6076d)) [0225.248] ReleaseMutex (hMutex=0x158) returned 1 [0225.248] Sleep (dwMilliseconds=0x7cd) [0227.339] GetCurrentThreadId () returned 0x704 [0227.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xc23d950, dwHighDateTime=0x1d6076d)) [0227.339] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0227.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xc23d950, dwHighDateTime=0x1d6076d)) [0227.340] ReleaseMutex (hMutex=0x158) returned 1 [0227.340] Sleep (dwMilliseconds=0x71e) [0229.185] GetCurrentThreadId () returned 0x704 [0229.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xd3cbb90, dwHighDateTime=0x1d6076d)) [0229.185] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0229.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xd3cbb90, dwHighDateTime=0x1d6076d)) [0229.186] ReleaseMutex (hMutex=0x158) returned 1 [0229.186] Sleep (dwMilliseconds=0x661) [0230.833] GetCurrentThreadId () returned 0x704 [0230.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xe36abf0, dwHighDateTime=0x1d6076d)) [0230.833] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0230.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xe36abf0, dwHighDateTime=0x1d6076d)) [0230.833] ReleaseMutex (hMutex=0x158) returned 1 [0230.833] Sleep (dwMilliseconds=0x430) [0231.941] GetCurrentThreadId () returned 0x704 [0231.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xedfad90, dwHighDateTime=0x1d6076d)) [0231.941] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0231.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xedfad90, dwHighDateTime=0x1d6076d)) [0231.941] ReleaseMutex (hMutex=0x158) returned 1 [0231.942] Sleep (dwMilliseconds=0x41d) [0233.001] GetCurrentThreadId () returned 0x704 [0233.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0xf818b10, dwHighDateTime=0x1d6076d)) [0233.001] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0233.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0xf818b10, dwHighDateTime=0x1d6076d)) [0233.001] ReleaseMutex (hMutex=0x158) returned 1 [0233.001] Sleep (dwMilliseconds=0x7b9) [0235.032] GetCurrentThreadId () returned 0x704 [0235.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x10b49c70, dwHighDateTime=0x1d6076d)) [0235.032] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0235.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x10b6fdd0, dwHighDateTime=0x1d6076d)) [0235.049] ReleaseMutex (hMutex=0x158) returned 1 [0235.049] Sleep (dwMilliseconds=0x510) [0236.386] GetCurrentThreadId () returned 0x704 [0236.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x1183b410, dwHighDateTime=0x1d6076d)) [0236.386] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0236.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x1183b410, dwHighDateTime=0x1d6076d)) [0236.386] ReleaseMutex (hMutex=0x158) returned 1 [0236.386] Sleep (dwMilliseconds=0x7a9) [0238.432] GetCurrentThreadId () returned 0x704 [0238.432] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x12b46410, dwHighDateTime=0x1d6076d)) [0238.432] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0238.433] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x12b46410, dwHighDateTime=0x1d6076d)) [0238.433] ReleaseMutex (hMutex=0x158) returned 1 [0238.433] Sleep (dwMilliseconds=0x692) [0242.844] GetCurrentThreadId () returned 0x704 [0242.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x13b57890, dwHighDateTime=0x1d6076d)) [0242.844] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0242.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x13b57890, dwHighDateTime=0x1d6076d)) [0242.844] ReleaseMutex (hMutex=0x158) returned 1 [0242.845] Sleep (dwMilliseconds=0x3f5) [0244.077] GetCurrentThreadId () returned 0x704 [0244.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x145031f0, dwHighDateTime=0x1d6076d)) [0244.077] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0244.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x145031f0, dwHighDateTime=0x1d6076d)) [0244.077] ReleaseMutex (hMutex=0x158) returned 1 [0244.077] Sleep (dwMilliseconds=0x79e) [0246.027] GetCurrentThreadId () returned 0x704 [0246.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x1579bdd0, dwHighDateTime=0x1d6076d)) [0246.027] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0246.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x1579bdd0, dwHighDateTime=0x1d6076d)) [0246.027] ReleaseMutex (hMutex=0x158) returned 1 [0246.027] Sleep (dwMilliseconds=0x645) [0247.634] GetCurrentThreadId () returned 0x704 [0247.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x166eeb70, dwHighDateTime=0x1d6076d)) [0247.634] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0247.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x166eeb70, dwHighDateTime=0x1d6076d)) [0247.634] ReleaseMutex (hMutex=0x158) returned 1 [0247.634] Sleep (dwMilliseconds=0x540) [0248.996] GetCurrentThreadId () returned 0x704 [0248.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x173e0310, dwHighDateTime=0x1d6076d)) [0248.996] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0248.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x173e0310, dwHighDateTime=0x1d6076d)) [0248.996] ReleaseMutex (hMutex=0x158) returned 1 [0248.996] Sleep (dwMilliseconds=0x69f) [0250.698] GetCurrentThreadId () returned 0x704 [0250.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x184178f0, dwHighDateTime=0x1d6076d)) [0250.698] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0250.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x184178f0, dwHighDateTime=0x1d6076d)) [0250.698] ReleaseMutex (hMutex=0x158) returned 1 [0250.698] Sleep (dwMilliseconds=0x40e) [0251.752] GetCurrentThreadId () returned 0x704 [0251.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x18e0f510, dwHighDateTime=0x1d6076d)) [0251.752] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0251.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x18e0f510, dwHighDateTime=0x1d6076d)) [0251.752] ReleaseMutex (hMutex=0x158) returned 1 [0251.752] Sleep (dwMilliseconds=0x78b) [0253.686] GetCurrentThreadId () returned 0x704 [0253.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x1a081f90, dwHighDateTime=0x1d6076d)) [0253.686] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0253.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x1a081f90, dwHighDateTime=0x1d6076d)) [0253.687] ReleaseMutex (hMutex=0x158) returned 1 [0253.687] Sleep (dwMilliseconds=0x400) [0254.716] GetCurrentThreadId () returned 0x704 [0254.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x1aa53a50, dwHighDateTime=0x1d6076d)) [0254.716] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0254.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x1aa53a50, dwHighDateTime=0x1d6076d)) [0254.716] ReleaseMutex (hMutex=0x158) returned 1 [0254.716] Sleep (dwMilliseconds=0x56a) [0256.104] GetCurrentThreadId () returned 0x704 [0256.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x1b7914b0, dwHighDateTime=0x1d6076d)) [0256.104] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0256.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x1b7914b0, dwHighDateTime=0x1d6076d)) [0256.105] ReleaseMutex (hMutex=0x158) returned 1 [0256.105] Sleep (dwMilliseconds=0x417) [0257.165] GetCurrentThreadId () returned 0x704 [0257.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fed8 | out: lpSystemTimeAsFileTime=0x520fed8*(dwLowDateTime=0x1c1af230, dwHighDateTime=0x1d6076d)) [0257.165] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0257.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fedc | out: lpSystemTimeAsFileTime=0x520fedc*(dwLowDateTime=0x1c1af230, dwHighDateTime=0x1d6076d)) [0257.165] ReleaseMutex (hMutex=0x158) returned 1 [0257.165] WaitForSingleObject (hHandle=0x160, dwMilliseconds=0xbb8) returned 0x0 [0257.165] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x4e60000 [0257.166] VirtualAlloc (lpAddress=0x0, dwSize=0x8000, flAllocationType=0x3000, flProtect=0x40) returned 0x4e70000 [0257.167] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x0 [0257.171] GetCurrentThreadId () returned 0x704 [0257.171] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0257.171] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb4 | out: lpSystemTimeAsFileTime=0x520feb4*(dwLowDateTime=0x1c1af230, dwHighDateTime=0x1d6076d)) [0257.171] ReleaseMutex (hMutex=0x158) returned 1 [0257.171] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0257.171] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0257.172] GetUserGeoID (GeoClass=0x10) returned 0xf4 [0257.172] ReleaseMutex (hMutex=0x158) returned 1 [0257.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fec4 | out: lpSystemTimeAsFileTime=0x520fec4*(dwLowDateTime=0x1c1af230, dwHighDateTime=0x1d6076d)) [0257.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fe64 | out: lpSystemTimeAsFileTime=0x520fe64*(dwLowDateTime=0x1c1af230, dwHighDateTime=0x1d6076d)) [0257.172] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0257.172] GetUserGeoID (GeoClass=0x10) returned 0xf4 [0257.173] ReleaseMutex (hMutex=0x158) returned 1 [0257.173] GetSystemMetrics (nIndex=0) returned 1440 [0257.173] GetSystemMetrics (nIndex=1) returned 900 [0257.173] SetTimer (hWnd=0x0, nIDEvent=0x22b8, uElapse=0x1e, lpTimerFunc=0x449c9b) returned 0x7fe4 [0257.173] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x4f80000 [0257.174] GetEnvironmentVariableA (in: lpName="USERPROFILE", lpBuffer=0x4f8000d, nSize=0x400 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0257.174] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x5600000 [0257.174] GetEnvironmentVariableA (in: lpName="USERPROFILE", lpBuffer=0x5600000, nSize=0x400 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0257.174] CreateSolidBrush (color=0x333333) returned 0x3c1007b4 [0257.174] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0257.174] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0257.175] RegisterClassExA (param_1=0x520ff58) returned 0xf6c11e [0257.175] CreateWindowExA (dwExStyle=0x0, lpClassName="coEAkwAA", lpWindowName="dIgkcsQg", dwStyle=0x80000000, X=0, Y=0, nWidth=1440, nHeight=900, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x400fa [0257.193] GetCurrentThreadId () returned 0x704 [0257.193] GetCurrentThreadId () returned 0x704 [0257.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f794 | out: lpSystemTimeAsFileTime=0x520f794*(dwLowDateTime=0x1c1d5390, dwHighDateTime=0x1d6076d)) [0257.193] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x81, wParam=0x0, lParam=0x520fac4) returned 0x1 [0257.195] GetCurrentThreadId () returned 0x704 [0257.195] GetCurrentThreadId () returned 0x704 [0257.195] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f79c | out: lpSystemTimeAsFileTime=0x520f79c*(dwLowDateTime=0x1c1d5390, dwHighDateTime=0x1d6076d)) [0257.195] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x83, wParam=0x0, lParam=0x520fab0) returned 0x0 [0257.195] GetCurrentThreadId () returned 0x704 [0257.195] GetCurrentThreadId () returned 0x704 [0257.195] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f794 | out: lpSystemTimeAsFileTime=0x520f794*(dwLowDateTime=0x1c1d5390, dwHighDateTime=0x1d6076d)) [0257.195] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x1, wParam=0x0, lParam=0x520fac4) returned 0x0 [0257.195] GetCurrentThreadId () returned 0x704 [0257.196] GetCurrentThreadId () returned 0x704 [0257.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f7e0 | out: lpSystemTimeAsFileTime=0x520f7e0*(dwLowDateTime=0x1c1d5390, dwHighDateTime=0x1d6076d)) [0257.196] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x5, wParam=0x0, lParam=0x38405a0) returned 0x0 [0257.196] GetCurrentThreadId () returned 0x704 [0257.196] GetCurrentThreadId () returned 0x704 [0257.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f7e0 | out: lpSystemTimeAsFileTime=0x520f7e0*(dwLowDateTime=0x1c1d5390, dwHighDateTime=0x1d6076d)) [0257.196] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0257.196] CreateCompatibleDC (hdc=0x0) returned 0x140100d1 [0257.196] LocalAlloc (uFlags=0x0, uBytes=0x3475) returned 0x8045db0 [0257.198] CreateStreamOnHGlobal (in: hGlobal=0x8045db0, fDeleteOnRelease=1, ppstm=0x520fe6c | out: ppstm=0x520fe6c*=0x8039e28) returned 0x0 [0257.199] OleLoadPicture () returned 0x0 [0258.764] CreateCompatibleDC (hdc=0x0) returned 0x97010771 [0258.764] CreateCompatibleDC (hdc=0x0) returned 0x8b010772 [0258.765] SelectObject (hdc=0x8b010772, h=0xac0501fa) returned 0x185000f [0258.765] GetObjectA (in: h=0xac0501fa, c=24, pv=0x520fe00 | out: pv=0x520fe00) returned 24 [0258.765] CreateCompatibleBitmap (hdc=0x8b010772, cx=276, cy=145) returned 0x50050763 [0258.765] SelectObject (hdc=0x97010771, h=0x50050763) returned 0x185000f [0258.765] BitBlt (hdc=0x97010771, x=0, y=0, cx=276, cy=145, hdcSrc=0x8b010772, x1=0, y1=0, rop=0xcc0020) returned 1 [0258.766] DeleteDC (hdc=0x8b010772) returned 1 [0258.766] DeleteDC (hdc=0x97010771) returned 1 [0258.767] IUnknown:Release (This=0x8039e28) returned 0x0 [0258.767] LocalFree (hMem=0x8045db0) returned 0x8045db0 [0258.767] SelectObject (hdc=0x140100d1, h=0x50050763) returned 0x185000f [0258.767] CreateCompatibleDC (hdc=0x0) returned 0x40101c1 [0258.767] LocalAlloc (uFlags=0x0, uBytes=0x4b84) returned 0x8049a30 [0258.767] CreateStreamOnHGlobal (in: hGlobal=0x8049a30, fDeleteOnRelease=1, ppstm=0x520fe8c | out: ppstm=0x520fe8c*=0x8039e28) returned 0x0 [0258.768] OleLoadPicture () returned 0x0 [0258.779] CreateCompatibleDC (hdc=0x0) returned 0x36010772 [0258.779] CreateCompatibleDC (hdc=0x0) returned 0x55010770 [0258.779] SelectObject (hdc=0x55010770, h=0x98050771) returned 0x185000f [0258.779] GetObjectA (in: h=0x98050771, c=24, pv=0x520fe20 | out: pv=0x520fe20) returned 24 [0258.779] CreateCompatibleBitmap (hdc=0x55010770, cx=169, cy=170) returned 0xd70501fc [0258.779] SelectObject (hdc=0x36010772, h=0xd70501fc) returned 0x185000f [0258.779] BitBlt (hdc=0x36010772, x=0, y=0, cx=169, cy=170, hdcSrc=0x55010770, x1=0, y1=0, rop=0xcc0020) returned 1 [0258.780] DeleteDC (hdc=0x55010770) returned 1 [0258.780] DeleteDC (hdc=0x36010772) returned 1 [0258.780] IUnknown:Release (This=0x8039e28) returned 0x0 [0258.780] LocalFree (hMem=0x8049a30) returned 0x8049a30 [0258.780] SelectObject (hdc=0x40101c1, h=0xd70501fc) returned 0x185000f [0258.780] CreateCompatibleDC (hdc=0x0) returned 0xae0101fa [0258.780] LocalAlloc (uFlags=0x0, uBytes=0x4892) returned 0x8049a30 [0258.780] CreateStreamOnHGlobal (in: hGlobal=0x8049a30, fDeleteOnRelease=1, ppstm=0x520fe8c | out: ppstm=0x520fe8c*=0x8039e28) returned 0x0 [0258.780] OleLoadPicture () returned 0x0 [0258.790] CreateCompatibleDC (hdc=0x0) returned 0x10770 [0258.790] CreateCompatibleDC (hdc=0x0) returned 0x60010775 [0258.790] SelectObject (hdc=0x60010775, h=0x37050772) returned 0x185000f [0258.790] GetObjectA (in: h=0x37050772, c=24, pv=0x520fe20 | out: pv=0x520fe20) returned 24 [0258.790] CreateCompatibleBitmap (hdc=0x60010775, cx=171, cy=170) returned 0xa50501b3 [0258.790] SelectObject (hdc=0x10770, h=0xa50501b3) returned 0x185000f [0258.790] BitBlt (hdc=0x10770, x=0, y=0, cx=171, cy=170, hdcSrc=0x60010775, x1=0, y1=0, rop=0xcc0020) returned 1 [0258.791] DeleteDC (hdc=0x60010775) returned 1 [0258.791] DeleteDC (hdc=0x10770) returned 1 [0258.792] IUnknown:Release (This=0x8039e28) returned 0x0 [0258.792] LocalFree (hMem=0x8049a30) returned 0x8049a30 [0258.792] SelectObject (hdc=0xae0101fa, h=0xa50501b3) returned 0x185000f [0258.792] CreateCompatibleDC (hdc=0x0) returned 0x9a010771 [0258.792] LocalAlloc (uFlags=0x0, uBytes=0x31d0) returned 0x8045db0 [0258.792] CreateStreamOnHGlobal (in: hGlobal=0x8045db0, fDeleteOnRelease=1, ppstm=0x520fe8c | out: ppstm=0x520fe8c*=0x8039e28) returned 0x0 [0258.792] OleLoadPicture () returned 0x0 [0258.801] CreateCompatibleDC (hdc=0x0) returned 0xb010775 [0258.801] CreateCompatibleDC (hdc=0x0) returned 0x240101a0 [0258.801] SelectObject (hdc=0x240101a0, h=0x1050770) returned 0x185000f [0258.801] GetObjectA (in: h=0x1050770, c=24, pv=0x520fe20 | out: pv=0x520fe20) returned 24 [0258.801] CreateCompatibleBitmap (hdc=0x240101a0, cx=119, cy=170) returned 0x880501a2 [0258.801] SelectObject (hdc=0xb010775, h=0x880501a2) returned 0x185000f [0258.801] BitBlt (hdc=0xb010775, x=0, y=0, cx=119, cy=170, hdcSrc=0x240101a0, x1=0, y1=0, rop=0xcc0020) returned 1 [0258.802] DeleteDC (hdc=0x240101a0) returned 1 [0258.802] DeleteDC (hdc=0xb010775) returned 1 [0258.802] IUnknown:Release (This=0x8039e28) returned 0x0 [0258.802] LocalFree (hMem=0x8045db0) returned 0x8045db0 [0258.802] SelectObject (hdc=0x9a010771, h=0x880501a2) returned 0x185000f [0258.802] CreateCompatibleDC (hdc=0x0) returned 0x39010772 [0258.802] LocalAlloc (uFlags=0x0, uBytes=0x26c2) returned 0x8045db0 [0258.802] CreateStreamOnHGlobal (in: hGlobal=0x8045db0, fDeleteOnRelease=1, ppstm=0x520fe8c | out: ppstm=0x520fe8c*=0x8039e28) returned 0x0 [0258.803] OleLoadPicture () returned 0x0 [0258.807] CreateCompatibleDC (hdc=0x0) returned 0x6a0101a0 [0258.807] CreateCompatibleDC (hdc=0x0) returned 0x8801008e [0258.807] SelectObject (hdc=0x8801008e, h=0xc050775) returned 0x185000f [0258.807] GetObjectA (in: h=0xc050775, c=24, pv=0x520fe20 | out: pv=0x520fe20) returned 24 [0258.807] CreateCompatibleBitmap (hdc=0x8801008e, cx=331, cy=69) returned 0x420501a4 [0258.808] SelectObject (hdc=0x6a0101a0, h=0x420501a4) returned 0x185000f [0258.808] BitBlt (hdc=0x6a0101a0, x=0, y=0, cx=331, cy=69, hdcSrc=0x8801008e, x1=0, y1=0, rop=0xcc0020) returned 1 [0258.808] DeleteDC (hdc=0x8801008e) returned 1 [0258.808] DeleteDC (hdc=0x6a0101a0) returned 1 [0258.809] IUnknown:Release (This=0x8039e28) returned 0x0 [0258.809] LocalFree (hMem=0x8045db0) returned 0x8045db0 [0258.809] SelectObject (hdc=0x39010772, h=0x420501a4) returned 0x185000f [0258.809] CreateCompatibleDC (hdc=0x0) returned 0x3010770 [0258.809] LocalAlloc (uFlags=0x0, uBytes=0xe65) returned 0x8045db0 [0258.809] CreateStreamOnHGlobal (in: hGlobal=0x8045db0, fDeleteOnRelease=1, ppstm=0x520fe8c | out: ppstm=0x520fe8c*=0x8039e28) returned 0x0 [0258.809] OleLoadPicture () returned 0x0 [0258.812] CreateCompatibleDC (hdc=0x0) returned 0xa701008e [0258.812] CreateCompatibleDC (hdc=0x0) returned 0x71010736 [0258.812] SelectObject (hdc=0x71010736, h=0x6b0501a0) returned 0x185000f [0258.812] GetObjectA (in: h=0x6b0501a0, c=24, pv=0x520fe20 | out: pv=0x520fe20) returned 24 [0258.812] CreateCompatibleBitmap (hdc=0x71010736, cx=600, cy=30) returned 0x3d050731 [0258.812] SelectObject (hdc=0xa701008e, h=0x3d050731) returned 0x185000f [0258.812] BitBlt (hdc=0xa701008e, x=0, y=0, cx=600, cy=30, hdcSrc=0x71010736, x1=0, y1=0, rop=0xcc0020) returned 1 [0258.812] DeleteDC (hdc=0x71010736) returned 1 [0258.812] DeleteDC (hdc=0xa701008e) returned 1 [0258.813] IUnknown:Release (This=0x8039e28) returned 0x0 [0258.813] LocalFree (hMem=0x8045db0) returned 0x8045db0 [0258.813] SelectObject (hdc=0x3010770, h=0x3d050731) returned 0x185000f [0258.813] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4486ab, lpParameter=0x400fa, dwCreationFlags=0x0, lpThreadId=0x40f731 | out: lpThreadId=0x40f731*=0x334) returned 0x1514 [0258.814] ShowWindow (hWnd=0x400fa, nCmdShow=1) returned 0 [0258.814] GetCurrentThreadId () returned 0x704 [0258.814] GetCurrentThreadId () returned 0x704 [0258.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fba4 | out: lpSystemTimeAsFileTime=0x520fba4*(dwLowDateTime=0x1c541330, dwHighDateTime=0x1d6076d)) [0258.814] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0258.814] GetCurrentThreadId () returned 0x704 [0258.814] GetCurrentThreadId () returned 0x704 [0258.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb90 | out: lpSystemTimeAsFileTime=0x520fb90*(dwLowDateTime=0x1c541330, dwHighDateTime=0x1d6076d)) [0258.814] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x46, wParam=0x0, lParam=0x520fe9c) returned 0x0 [0258.821] GetCurrentThreadId () returned 0x704 [0258.821] GetCurrentThreadId () returned 0x704 [0258.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb90 | out: lpSystemTimeAsFileTime=0x520fb90*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.821] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x46, wParam=0x0, lParam=0x520fe9c) returned 0x0 [0258.821] GetCurrentThreadId () returned 0x704 [0258.821] GetCurrentThreadId () returned 0x704 [0258.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fba4 | out: lpSystemTimeAsFileTime=0x520fba4*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.821] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0258.821] GetCurrentThreadId () returned 0x704 [0258.821] GetCurrentThreadId () returned 0x704 [0258.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fba4 | out: lpSystemTimeAsFileTime=0x520fba4*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.821] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0258.821] GetCurrentThreadId () returned 0x704 [0258.821] GetCurrentThreadId () returned 0x704 [0258.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fba4 | out: lpSystemTimeAsFileTime=0x520fba4*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.821] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x6, wParam=0x1, lParam=0x0) returned 0x0 [0258.854] GetCurrentThreadId () returned 0x704 [0258.854] GetCurrentThreadId () returned 0x704 [0258.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f3a8 | out: lpSystemTimeAsFileTime=0x520f3a8*(dwLowDateTime=0x1c5b3750, dwHighDateTime=0x1d6076d)) [0258.854] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0258.855] GetCurrentThreadId () returned 0x704 [0258.855] GetCurrentThreadId () returned 0x704 [0258.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520ee78 | out: lpSystemTimeAsFileTime=0x520ee78*(dwLowDateTime=0x1c5b3750, dwHighDateTime=0x1d6076d)) [0258.855] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0258.855] GetCurrentThreadId () returned 0x704 [0258.855] GetCurrentThreadId () returned 0x704 [0258.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f79c | out: lpSystemTimeAsFileTime=0x520f79c*(dwLowDateTime=0x1c5b3750, dwHighDateTime=0x1d6076d)) [0258.855] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0258.855] GetCurrentThreadId () returned 0x704 [0258.855] GetCurrentThreadId () returned 0x704 [0258.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fba4 | out: lpSystemTimeAsFileTime=0x520fba4*(dwLowDateTime=0x1c5b3750, dwHighDateTime=0x1d6076d)) [0258.856] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.856] GetCurrentThreadId () returned 0x704 [0258.856] GetCurrentThreadId () returned 0x704 [0258.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fba4 | out: lpSystemTimeAsFileTime=0x520fba4*(dwLowDateTime=0x1c5b3750, dwHighDateTime=0x1d6076d)) [0258.856] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x14, wParam=0x1401007f, lParam=0x0) returned 0x1 [0258.875] GetCurrentThreadId () returned 0x704 [0258.875] GetCurrentThreadId () returned 0x704 [0258.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb8c | out: lpSystemTimeAsFileTime=0x520fb8c*(dwLowDateTime=0x1c5d98b0, dwHighDateTime=0x1d6076d)) [0258.875] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x47, wParam=0x0, lParam=0x520fe9c) returned 0x0 [0258.875] ShowWindow (hWnd=0x400fa, nCmdShow=6) returned 1 [0258.875] GetCurrentThreadId () returned 0x704 [0258.875] GetCurrentThreadId () returned 0x704 [0258.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1c5d98b0, dwHighDateTime=0x1d6076d)) [0258.875] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x8, wParam=0x0, lParam=0x0) returned 0x0 [0258.876] GetCurrentThreadId () returned 0x704 [0258.876] GetCurrentThreadId () returned 0x704 [0258.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f7a4 | out: lpSystemTimeAsFileTime=0x520f7a4*(dwLowDateTime=0x1c5d98b0, dwHighDateTime=0x1d6076d)) [0258.876] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0 [0258.876] GetCurrentThreadId () returned 0x704 [0258.876] GetCurrentThreadId () returned 0x704 [0258.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f274 | out: lpSystemTimeAsFileTime=0x520f274*(dwLowDateTime=0x1c5d98b0, dwHighDateTime=0x1d6076d)) [0258.876] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0 [0258.876] GetCurrentThreadId () returned 0x704 [0258.876] GetCurrentThreadId () returned 0x704 [0258.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1c5d98b0, dwHighDateTime=0x1d6076d)) [0258.876] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0258.876] GetCurrentThreadId () returned 0x704 [0258.876] GetCurrentThreadId () returned 0x704 [0258.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1c5d98b0, dwHighDateTime=0x1d6076d)) [0258.876] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0258.876] GetCurrentThreadId () returned 0x704 [0258.876] GetCurrentThreadId () returned 0x704 [0258.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1c5d98b0, dwHighDateTime=0x1d6076d)) [0258.876] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0258.877] GetCurrentThreadId () returned 0x704 [0258.877] GetCurrentThreadId () returned 0x704 [0258.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1c5d98b0, dwHighDateTime=0x1d6076d)) [0258.877] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x88, wParam=0x4, lParam=0x0) returned 0x0 [0258.877] GetCurrentThreadId () returned 0x704 [0258.877] GetCurrentThreadId () returned 0x704 [0258.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520eb78 | out: lpSystemTimeAsFileTime=0x520eb78*(dwLowDateTime=0x1c5d98b0, dwHighDateTime=0x1d6076d)) [0258.877] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0xd, wParam=0x1fe, lParam=0x520ee64) returned 0x8 [0259.148] GetCurrentThreadId () returned 0x704 [0259.148] GetCurrentThreadId () returned 0x704 [0259.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb84 | out: lpSystemTimeAsFileTime=0x520fb84*(dwLowDateTime=0x1c887170, dwHighDateTime=0x1d6076d)) [0259.148] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x46, wParam=0x0, lParam=0x520fe90) returned 0x0 [0259.148] GetCurrentThreadId () returned 0x704 [0259.148] GetCurrentThreadId () returned 0x704 [0259.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb54 | out: lpSystemTimeAsFileTime=0x520fb54*(dwLowDateTime=0x1c887170, dwHighDateTime=0x1d6076d)) [0259.148] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x83, wParam=0x1, lParam=0x520fe68) returned 0x0 [0259.181] GetCurrentThreadId () returned 0x704 [0259.181] GetCurrentThreadId () returned 0x704 [0259.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1c8d3430, dwHighDateTime=0x1d6076d)) [0259.181] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0259.181] GetCurrentThreadId () returned 0x704 [0259.181] GetCurrentThreadId () returned 0x704 [0259.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520e6f8 | out: lpSystemTimeAsFileTime=0x520e6f8*(dwLowDateTime=0x1c8d3430, dwHighDateTime=0x1d6076d)) [0259.181] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0xd, wParam=0x1fe, lParam=0x520e9e4) returned 0x8 [0259.182] GetCurrentThreadId () returned 0x704 [0259.182] GetCurrentThreadId () returned 0x704 [0259.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb80 | out: lpSystemTimeAsFileTime=0x520fb80*(dwLowDateTime=0x1c8d3430, dwHighDateTime=0x1d6076d)) [0259.182] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x47, wParam=0x0, lParam=0x520fe90) returned 0x0 [0259.182] GetCurrentThreadId () returned 0x704 [0259.182] GetCurrentThreadId () returned 0x704 [0259.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f7cc | out: lpSystemTimeAsFileTime=0x520f7cc*(dwLowDateTime=0x1c8d3430, dwHighDateTime=0x1d6076d)) [0259.182] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x3, wParam=0x0, lParam=0x83008300) returned 0x0 [0259.182] GetCurrentThreadId () returned 0x704 [0259.182] GetCurrentThreadId () returned 0x704 [0259.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f7cc | out: lpSystemTimeAsFileTime=0x520f7cc*(dwLowDateTime=0x1c8d3430, dwHighDateTime=0x1d6076d)) [0259.182] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0 [0259.185] ShowWindow (hWnd=0x400fa, nCmdShow=9) returned 1 [0259.185] GetCurrentThreadId () returned 0x704 [0259.185] GetCurrentThreadId () returned 0x704 [0259.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1c8d3430, dwHighDateTime=0x1d6076d)) [0259.185] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x13, wParam=0x0, lParam=0x0) returned 0x1 [0259.186] GetCurrentThreadId () returned 0x704 [0259.186] GetCurrentThreadId () returned 0x704 [0259.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1c8d3430, dwHighDateTime=0x1d6076d)) [0259.186] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x86, wParam=0x1, lParam=0x400fa) returned 0x1 [0259.186] GetCurrentThreadId () returned 0x704 [0259.186] GetCurrentThreadId () returned 0x704 [0259.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb84 | out: lpSystemTimeAsFileTime=0x520fb84*(dwLowDateTime=0x1c8d3430, dwHighDateTime=0x1d6076d)) [0259.186] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x46, wParam=0x0, lParam=0x520fe90) returned 0x0 [0259.187] GetCurrentThreadId () returned 0x704 [0259.187] GetCurrentThreadId () returned 0x704 [0259.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb80 | out: lpSystemTimeAsFileTime=0x520fb80*(dwLowDateTime=0x1c8d3430, dwHighDateTime=0x1d6076d)) [0259.187] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x47, wParam=0x0, lParam=0x520fe90) returned 0x0 [0259.190] GetCurrentThreadId () returned 0x704 [0259.190] GetCurrentThreadId () returned 0x704 [0259.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520eb78 | out: lpSystemTimeAsFileTime=0x520eb78*(dwLowDateTime=0x1c8d3430, dwHighDateTime=0x1d6076d)) [0259.190] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0xd, wParam=0x1fe, lParam=0x520ee64) returned 0x8 [0259.445] GetCurrentThreadId () returned 0x704 [0259.445] GetCurrentThreadId () returned 0x704 [0259.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb84 | out: lpSystemTimeAsFileTime=0x520fb84*(dwLowDateTime=0x1cb5ab90, dwHighDateTime=0x1d6076d)) [0259.445] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x46, wParam=0x0, lParam=0x520fe90) returned 0x0 [0259.445] GetCurrentThreadId () returned 0x704 [0259.445] GetCurrentThreadId () returned 0x704 [0259.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb54 | out: lpSystemTimeAsFileTime=0x520fb54*(dwLowDateTime=0x1cb5ab90, dwHighDateTime=0x1d6076d)) [0259.445] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x83, wParam=0x1, lParam=0x520fe68) returned 0x0 [0259.445] GetCurrentThreadId () returned 0x704 [0259.445] GetCurrentThreadId () returned 0x704 [0259.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1cb5ab90, dwHighDateTime=0x1d6076d)) [0259.445] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0259.446] GetCurrentThreadId () returned 0x704 [0259.446] GetCurrentThreadId () returned 0x704 [0259.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1cb5ab90, dwHighDateTime=0x1d6076d)) [0259.446] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x14, wParam=0x7010156, lParam=0x0) returned 0x1 [0259.446] GetCurrentThreadId () returned 0x704 [0259.446] GetCurrentThreadId () returned 0x704 [0259.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb80 | out: lpSystemTimeAsFileTime=0x520fb80*(dwLowDateTime=0x1cb5ab90, dwHighDateTime=0x1d6076d)) [0259.446] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x47, wParam=0x0, lParam=0x520fe90) returned 0x0 [0259.447] GetCurrentThreadId () returned 0x704 [0259.447] GetCurrentThreadId () returned 0x704 [0259.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f7cc | out: lpSystemTimeAsFileTime=0x520f7cc*(dwLowDateTime=0x1cb5ab90, dwHighDateTime=0x1d6076d)) [0259.447] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0259.447] GetCurrentThreadId () returned 0x704 [0259.447] GetCurrentThreadId () returned 0x704 [0259.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f7cc | out: lpSystemTimeAsFileTime=0x520f7cc*(dwLowDateTime=0x1cb5ab90, dwHighDateTime=0x1d6076d)) [0259.447] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x5, wParam=0x0, lParam=0x38405a0) returned 0x0 [0259.447] GetCurrentThreadId () returned 0x704 [0259.447] GetCurrentThreadId () returned 0x704 [0259.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f7a4 | out: lpSystemTimeAsFileTime=0x520f7a4*(dwLowDateTime=0x1cb5ab90, dwHighDateTime=0x1d6076d)) [0259.447] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0259.447] GetCurrentThreadId () returned 0x704 [0259.447] GetCurrentThreadId () returned 0x704 [0259.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520f274 | out: lpSystemTimeAsFileTime=0x520f274*(dwLowDateTime=0x1cb5ab90, dwHighDateTime=0x1d6076d)) [0259.447] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0259.447] GetCurrentThreadId () returned 0x704 [0259.447] GetCurrentThreadId () returned 0x704 [0259.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1cb5ab90, dwHighDateTime=0x1d6076d)) [0259.448] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0259.868] GetCurrentThreadId () returned 0x704 [0259.868] GetCurrentThreadId () returned 0x704 [0259.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1cba6e50, dwHighDateTime=0x1d6076d)) [0259.868] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x6, wParam=0x1, lParam=0x0) returned 0x0 [0259.868] UpdateWindow (hWnd=0x400fa) returned 1 [0259.868] GetCurrentThreadId () returned 0x704 [0259.868] GetCurrentThreadId () returned 0x704 [0259.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb98 | out: lpSystemTimeAsFileTime=0x520fb98*(dwLowDateTime=0x1cba6e50, dwHighDateTime=0x1d6076d)) [0259.869] GetCurrentThreadId () returned 0x704 [0259.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb5c | out: lpSystemTimeAsFileTime=0x520fb5c*(dwLowDateTime=0x1cba6e50, dwHighDateTime=0x1d6076d)) [0259.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb5c | out: lpSystemTimeAsFileTime=0x520fb5c*(dwLowDateTime=0x1cba6e50, dwHighDateTime=0x1d6076d)) [0259.869] GetCurrentThreadId () returned 0x704 [0259.869] BeginPaint (in: hWnd=0x400fa, lpPaint=0x520fd04 | out: lpPaint=0x520fd04) returned 0xf0107c0 [0259.869] CreateFontIndirectA (lplf=0x44b444) returned 0xb80a01d0 [0259.869] SelectObject (hdc=0xf0107c0, h=0xb80a01d0) returned 0x18a002e [0259.869] SetBkColor (hdc=0xf0107c0, color=0xe8e8e8) returned 0xffffff [0259.869] SetTextColor (hdc=0xf0107c0, color=0xf5f5f5) returned 0x0 [0259.869] DeleteObject (ho=0xb80a01d0) returned 1 [0259.869] CreateFontIndirectA (lplf=0x44b2a0) returned 0x960a01e0 [0259.870] SelectObject (hdc=0xf0107c0, h=0x960a01e0) returned 0xb80a01d0 [0259.870] SetBkColor (hdc=0xf0107c0, color=0x333333) returned 0xe8e8e8 [0259.870] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xf5f5f5 [0259.870] DeleteObject (ho=0x960a01e0) returned 1 [0259.870] CreateFontIndirectA (lplf=0x44b1b0) returned 0xb90a01d0 [0259.870] SelectObject (hdc=0xf0107c0, h=0xb90a01d0) returned 0x960a01e0 [0259.870] SetBkColor (hdc=0xf0107c0, color=0x333333) returned 0x333333 [0259.870] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0259.870] CreateSolidBrush (color=0x96) returned 0xd310016f [0259.870] FillRect (hDC=0xf0107c0, lprc=0x520fcf0, hbr=0xd310016f) returned 1 [0259.870] DeleteObject (ho=0xd310016f) returned 1 [0259.870] CreateSolidBrush (color=0x96) returned 0xffffffff971001e0 [0259.870] FillRect (hDC=0xf0107c0, lprc=0x520fcf0, hbr=0x971001e0) returned 1 [0259.870] DeleteObject (ho=0x971001e0) returned 1 [0259.870] CreateSolidBrush (color=0x96) returned 0xd410016f [0259.870] FillRect (hDC=0xf0107c0, lprc=0x520fcf0, hbr=0xd410016f) returned 1 [0259.870] DeleteObject (ho=0xd410016f) returned 1 [0259.870] CreateSolidBrush (color=0x96) returned 0x23100775 [0259.870] FillRect (hDC=0xf0107c0, lprc=0x520fcf0, hbr=0x23100775) returned 1 [0259.870] DeleteObject (ho=0x23100775) returned 1 [0259.870] CreateSolidBrush (color=0xffffff) returned 0x981001e0 [0259.870] FillRect (hDC=0xf0107c0, lprc=0x520fcf0, hbr=0x981001e0) returned 1 [0259.870] DeleteObject (ho=0x981001e0) returned 1 [0259.871] CreateSolidBrush (color=0x0) returned 0xd510016f [0259.871] FillRect (hDC=0xf0107c0, lprc=0x520fcf0, hbr=0xd510016f) returned 1 [0259.871] DeleteObject (ho=0xd510016f) returned 1 [0259.871] DeleteObject (ho=0xb90a01d0) returned 1 [0259.871] CreateFontIndirectA (lplf=0x44b4bc) returned 0x220a06a8 [0259.871] SelectObject (hdc=0xf0107c0, h=0x220a06a8) returned 0xb90a01d0 [0259.871] SetBkColor (hdc=0xf0107c0, color=0x321200) returned 0x333333 [0259.871] SetTextColor (hdc=0xf0107c0, color=0x877873) returned 0xffffff [0259.871] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x877873 [0259.871] SetBkColor (hdc=0xf0107c0, color=0x96) returned 0x321200 [0259.871] TextOutA (hdc=0xf0107c0, x=230, y=17, lpString="Unauthorized or pirated software has been detected. Your system has been blocked under the authority of 17 U.S.C s.506This computer contains pirated software and has been blocked by ICE-Homeland Security Investigations.Your computer is now blocked.As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=118) returned 1 [0259.877] DeleteObject (ho=0x220a06a8) returned 1 [0259.882] CreateFontIndirectA (lplf=0x44b3cc) returned 0xbb0a01d0 [0259.882] SelectObject (hdc=0xf0107c0, h=0xbb0a01d0) returned 0x220a06a8 [0259.882] SetBkColor (hdc=0xf0107c0, color=0x0) returned 0x96 [0259.882] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0259.882] TextOutW (hdc=0xf0107c0, x=225, y=705, lpString="Operation Global III is a coordinated effort by U.S., Canadian, European, Australian, New ZealandEnglish", c=97) returned 1 [0259.884] TextOutA (hdc=0xf0107c0, x=225, y=725, lpString="and other law enforcement agencies across the globe targeting computers with pirated content.O", c=93) returned 1 [0259.884] DeleteObject (ho=0xbb0a01d0) returned 1 [0259.887] BitBlt (hdc=0xf0107c0, x=235, y=70, cx=300, cy=300, hdcSrc=0x140100d1, x1=0, y1=0, rop=0xcc0020) returned 1 [0259.888] BitBlt (hdc=0xf0107c0, x=1050, y=55, cx=300, cy=300, hdcSrc=0x0, x1=0, y1=0, rop=0xcc0020) returned 0 [0259.888] BitBlt (hdc=0xf0107c0, x=525, y=60, cx=300, cy=300, hdcSrc=0x40101c1, x1=0, y1=0, rop=0xcc0020) returned 1 [0259.888] BitBlt (hdc=0xf0107c0, x=705, y=60, cx=300, cy=300, hdcSrc=0xae0101fa, x1=0, y1=0, rop=0xcc0020) returned 1 [0259.888] BitBlt (hdc=0xf0107c0, x=890, y=60, cx=300, cy=300, hdcSrc=0x9a010771, x1=0, y1=0, rop=0xcc0020) returned 1 [0259.888] CreateSolidBrush (color=0xd2) returned 0x24100775 [0259.888] FillRect (hDC=0xf0107c0, lprc=0x520fcf0, hbr=0x24100775) returned 1 [0259.888] DeleteObject (ho=0x24100775) returned 1 [0259.888] BitBlt (hdc=0xf0107c0, x=360, y=550, cx=600, cy=30, hdcSrc=0x3010770, x1=0, y1=0, rop=0xcc0020) returned 1 [0259.888] CreateFontIndirectA (lplf=0x44b444) returned 0x250a06a8 [0259.888] SelectObject (hdc=0xf0107c0, h=0x250a06a8) returned 0xbb0a01d0 [0259.888] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0259.888] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xffffff [0259.888] SetTextColor (hdc=0xf0107c0, color=0xf0) returned 0x0 [0259.888] DrawTextA (in: hdc=0xf0107c0, lpchText="Willful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=-1, lprc=0x520fcf0, format=0x10 | out: lpchText="Willful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcf0) returned 22 [0259.945] DrawTextA (in: hdc=0xf0107c0, lpchText="federal prison, a $250,000 fine, forfeiture and restitution (17 U.S.C s.506, 18 U.S.C s.2319)", cchText=-1, lprc=0x520fcf0, format=0x10 | out: lpchText="federal prison, a $250,000 fine, forfeiture and restitution (17 U.S.C s.506, 18 U.S.C s.2319)", lprc=0x520fcf0) returned 22 [0259.948] DeleteObject (ho=0x250a06a8) returned 1 [0259.950] CreateFontIndirectA (lplf=0x44b2a0) returned 0x90a06a6 [0259.950] SelectObject (hdc=0xf0107c0, h=0x90a06a6) returned 0x250a06a8 [0259.950] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0259.950] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xf0 [0259.950] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0259.950] DeleteObject (ho=0x90a06a6) returned 1 [0259.950] CreateFontIndirectA (lplf=0x44b390) returned 0x260a06a8 [0259.950] SelectObject (hdc=0xf0107c0, h=0x260a06a8) returned 0x90a06a6 [0259.950] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0259.950] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0259.950] DrawTextA (in: hdc=0xf0107c0, lpchText="Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=-1, lprc=0x520fcf0, format=0x10 | out: lpchText="Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcf0) returned 15 [0259.983] TextOutA (hdc=0xf0107c0, x=240, y=618, lpString="Any attempt to remove this message will damage your files, hardware and Windows installation. The NSB has two ways to pay a fine:1.You can pay the fine online through BitCoin. BitCoin is available nationwide.Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=93) returned 1 [0259.987] DeleteObject (ho=0x260a06a8) returned 1 [0259.987] CreateFontIndirectA (lplf=0x44b228) returned 0xd0a06a6 [0259.987] SelectObject (hdc=0xf0107c0, h=0xd0a06a6) returned 0x260a06a8 [0259.987] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0259.987] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0259.987] TextOutA (hdc=0xf0107c0, x=240, y=320, lpString="If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=85) returned 1 [0259.991] TextOutA (hdc=0xf0107c0, x=240, y=340, lpString="which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=107) returned 1 [0259.991] DeleteObject (ho=0xd0a06a6) returned 1 [0260.030] CreateFontIndirectA (lplf=0x44b480) returned 0xb0a06a1 [0260.030] SelectObject (hdc=0xf0107c0, h=0xb0a06a1) returned 0xd0a06a6 [0260.030] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.030] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.030] DrawTextA (in: hdc=0xf0107c0, lpchText="View encrypted files", cchText=-1, lprc=0x520fcf0, format=0x10 | out: lpchText="View encrypted files", lprc=0x520fcf0) returned 15 [0260.031] DeleteObject (ho=0xb0a06a1) returned 1 [0260.031] CreateFontIndirectA (lplf=0x44b2a0) returned 0x110a06a6 [0260.031] SelectObject (hdc=0xf0107c0, h=0x110a06a6) returned 0xb0a06a1 [0260.031] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.031] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.031] DeleteObject (ho=0x110a06a6) returned 1 [0260.031] CreateFontIndirectA (lplf=0x44b228) returned 0xc0a06a1 [0260.031] SelectObject (hdc=0xf0107c0, h=0xc0a06a1) returned 0x110a06a6 [0260.031] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.032] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.032] DrawTextA (in: hdc=0xf0107c0, lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=65, lprc=0x520fcf0, format=0x400 | out: lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcf0) returned 17 [0260.072] DrawTextA (in: hdc=0xf0107c0, lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=65, lprc=0x520fcf0, format=0x0 | out: lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcf0) returned 17 [0260.072] DrawTextA (in: hdc=0xf0107c0, lpchText="500 USD 2", cchText=12, lprc=0x520fcf0, format=0x400 | out: lpchText="500 USD 2", lprc=0x520fcf0) returned 17 [0260.074] DrawTextA (in: hdc=0xf0107c0, lpchText="500 USD 2", cchText=12, lprc=0x520fcf0, format=0x0 | out: lpchText="500 USD 2", lprc=0x520fcf0) returned 17 [0260.074] TextOutA (hdc=0xf0107c0, x=800, y=300, lpString=" Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=1) returned 1 [0260.074] TextOutA (hdc=0xf0107c0, x=240, y=360, lpString="There are two ways to pay a fine:Unauthorized or pirated software has been detected. Your system has been blocked under the authority of 17 U.S.C s.506This computer contains pirated software and has been blocked by ICE-Homeland Security Investigations.Your computer is now blocked.As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=33) returned 1 [0260.074] TextOutA (hdc=0xf0107c0, x=240, y=380, lpString="1.You can pay the fine online through BitCoin. BitCoin is available nationwide.Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=79) returned 1 [0260.074] TextOutA (hdc=0xf0107c0, x=240, y=400, lpString="Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=108) returned 1 [0260.074] TextOutA (hdc=0xf0107c0, x=240, y=420, lpString="2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=99) returned 1 [0260.076] TextOutA (hdc=0xf0107c0, x=240, y=440, lpString="Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=55) returned 1 [0260.077] TextOutA (hdc=0xf0107c0, x=240, y=460, lpString="To regain access now transfer BitCoins to the following address (click to copy): 1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", c=81) returned 1 [0260.077] DrawTextA (in: hdc=0xf0107c0, lpchText="1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", cchText=-1, lprc=0x520fcf0, format=0x10 | out: lpchText="1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", lprc=0x520fcf0) returned 17 [0260.077] TextOutA (hdc=0xf0107c0, x=870, y=525, lpString=" processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=1) returned 1 [0260.078] TextOutA (hdc=0xf0107c0, x=240, y=500, lpString="After the payment is finalized enter Transfer ID below.BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", c=55) returned 1 [0260.078] TextOutA (hdc=0xf0107c0, x=360, y=525, lpString="Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=12) returned 1 [0260.078] TextOutA (hdc=0xf0107c0, x=240, y=525, lpString="Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=7) returned 1 [0260.078] DrawTextA (in: hdc=0xf0107c0, lpchText="BTC 2.369", cchText=-1, lprc=0x520fcf0, format=0x10 | out: lpchText="BTC 2.369", lprc=0x520fcf0) returned 17 [0260.080] DeleteObject (ho=0xc0a06a1) returned 1 [0260.080] CreateFontIndirectA (lplf=0x44b264) returned 0x860a01a0 [0260.080] SelectObject (hdc=0xf0107c0, h=0x860a01a0) returned 0xc0a06a1 [0260.081] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.081] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.081] SetBkColor (hdc=0xf0107c0, color=0xd2) returned 0xffffff [0260.081] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0260.081] TextOutA (hdc=0xf0107c0, x=1061, y=556, lpString="PAY FINE\x19", c=8) returned 1 [0260.081] DeleteObject (ho=0x860a01a0) returned 1 [0260.082] CreateFontIndirectA (lplf=0x44b228) returned 0xd0a06a1 [0260.082] SelectObject (hdc=0xf0107c0, h=0xd0a06a1) returned 0x860a01a0 [0260.082] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xd2 [0260.082] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xffffff [0260.082] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.082] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.082] TextOutA (hdc=0xf0107c0, x=365, y=556, lpString="|", c=1) returned 1 [0260.082] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0260.082] DeleteObject (ho=0xd0a06a1) returned 1 [0260.082] CreateSolidBrush (color=0xc4c4c4) returned 0x25100775 [0260.082] FillRect (hDC=0xf0107c0, lprc=0x520fcf0, hbr=0x25100775) returned 1 [0260.083] DeleteObject (ho=0x25100775) returned 1 [0260.083] CreateFontIndirectA (lplf=0x44b2dc) returned 0x880a01a0 [0260.083] SelectObject (hdc=0xf0107c0, h=0x880a01a0) returned 0xd0a06a1 [0260.083] SetBkColor (hdc=0xf0107c0, color=0xc4c4c4) returned 0xffffff [0260.083] SetTextColor (hdc=0xf0107c0, color=0x666666) returned 0xffffff [0260.083] DrawTextA (in: hdc=0xf0107c0, lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=7, lprc=0x520fcf0, format=0x25 | out: lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcf0) returned 22 [0260.174] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", cchText=19, lprc=0x520fcf0, format=0x25 | out: lpchText="BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", lprc=0x520fcf0) returned 22 [0260.175] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin ExchangesBitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=17, lprc=0x520fcf0, format=0x25 | out: lpchText="BitCoin ExchangesBitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcf0) returned 22 [0260.176] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=11, lprc=0x520fcf0, format=0x25 | out: lpchText="BitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcf0) returned 22 [0260.177] DrawTextA (in: hdc=0xf0107c0, lpchText="Internet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=16, lprc=0x520fcf0, format=0x25 | out: lpchText="Internet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcf0) returned 22 [0260.177] DrawTextA (in: hdc=0xf0107c0, lpchText="NotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=7, lprc=0x520fcf0, format=0x25 | out: lpchText="NotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcf0) returned 22 [0260.178] DeleteObject (ho=0x880a01a0) returned 1 [0260.178] CreateSolidBrush (color=0xffffff) returned 0x26100775 [0260.178] FillRect (hDC=0xf0107c0, lprc=0x520fcf0, hbr=0x26100775) returned 1 [0260.178] DeleteObject (ho=0x26100775) returned 1 [0260.178] CreateFontIndirectA (lplf=0x44b2dc) returned 0x170a06a4 [0260.178] SelectObject (hdc=0xf0107c0, h=0x170a06a4) returned 0x880a01a0 [0260.178] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xc4c4c4 [0260.178] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x666666 [0260.178] DrawTextA (in: hdc=0xf0107c0, lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=7, lprc=0x520fcf0, format=0x25 | out: lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcf0) returned 22 [0260.178] DeleteObject (ho=0x170a06a4) returned 1 [0260.178] EndPaint (hWnd=0x400fa, lpPaint=0x520fd04) returned 1 [0260.179] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x0 [0260.179] GetCurrentThreadId () returned 0x704 [0260.179] GetCurrentThreadId () returned 0x704 [0260.179] GetCurrentThreadId () returned 0x704 [0260.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.179] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.179] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.179] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0260.179] GetCurrentThreadId () returned 0x704 [0260.179] GetCurrentThreadId () returned 0x704 [0260.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fc08 | out: lpSystemTimeAsFileTime=0x520fc08*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.179] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0xc090, wParam=0x0, lParam=0x0) returned 0x0 [0260.179] GetCurrentThreadId () returned 0x704 [0260.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.180] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.180] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.180] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0260.180] GetCurrentThreadId () returned 0x704 [0260.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.180] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.180] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.180] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0260.180] GetCurrentThreadId () returned 0x704 [0260.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.180] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.180] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.180] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0260.180] GetCurrentThreadId () returned 0x704 [0260.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.180] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.180] GetCurrentThreadId () returned 0x704 [0260.180] GetCurrentThreadId () returned 0x704 [0260.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.180] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x84, wParam=0x0, lParam=0x1850084) returned 0x1 [0260.180] GetCurrentThreadId () returned 0x704 [0260.180] GetCurrentThreadId () returned 0x704 [0260.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.180] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x20, wParam=0x400fa, lParam=0x2000001) returned 0x0 [0260.181] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.181] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0260.181] GetCurrentThreadId () returned 0x704 [0260.181] GetCurrentThreadId () returned 0x704 [0260.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fc08 | out: lpSystemTimeAsFileTime=0x520fc08*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.181] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0260.181] SetClassLongA (hWnd=0x400fa, nIndex=-12, dwNewLong=65539) returned 0x10003 [0260.182] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x200, wParam=0x0, lParam=0x1850084) returned 0x0 [0260.182] GetCurrentThreadId () returned 0x704 [0260.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.182] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.182] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.182] DispatchMessageA (lpMsg=0x40f83c) returned 0x5bdba27c [0260.182] GetCurrentThreadId () returned 0x704 [0260.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.182] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.182] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.182] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0260.182] GetCurrentThreadId () returned 0x704 [0260.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.182] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.183] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.183] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0260.183] GetCurrentThreadId () returned 0x704 [0260.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.183] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.198] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.198] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0260.198] GetCurrentThreadId () returned 0x704 [0260.198] GetCurrentThreadId () returned 0x704 [0260.198] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb54 | out: lpSystemTimeAsFileTime=0x520fb54*(dwLowDateTime=0x1cec6b30, dwHighDateTime=0x1d6076d)) [0260.198] BeginPaint (in: hWnd=0x400fa, lpPaint=0x520fcc0 | out: lpPaint=0x520fcc0) returned 0xf0107c0 [0260.199] CreateFontIndirectA (lplf=0x44b444) returned 0x30a06b0 [0260.199] SelectObject (hdc=0xf0107c0, h=0x30a06b0) returned 0x18a002e [0260.199] SetBkColor (hdc=0xf0107c0, color=0xe8e8e8) returned 0xffffff [0260.199] SetTextColor (hdc=0xf0107c0, color=0xf5f5f5) returned 0x0 [0260.199] DeleteObject (ho=0x30a06b0) returned 1 [0260.199] CreateFontIndirectA (lplf=0x44b2a0) returned 0x50a06bb [0260.199] SelectObject (hdc=0xf0107c0, h=0x50a06bb) returned 0x30a06b0 [0260.199] SetBkColor (hdc=0xf0107c0, color=0x333333) returned 0xe8e8e8 [0260.199] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xf5f5f5 [0260.199] DeleteObject (ho=0x50a06bb) returned 1 [0260.199] CreateFontIndirectA (lplf=0x44b1b0) returned 0x40a06b0 [0260.199] SelectObject (hdc=0xf0107c0, h=0x40a06b0) returned 0x50a06bb [0260.199] SetBkColor (hdc=0xf0107c0, color=0x333333) returned 0x333333 [0260.199] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.199] CreateSolidBrush (color=0x96) returned 0x27100775 [0260.199] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x27100775) returned 1 [0260.199] DeleteObject (ho=0x27100775) returned 1 [0260.199] CreateSolidBrush (color=0x96) returned 0x991001e0 [0260.199] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x991001e0) returned 1 [0260.199] DeleteObject (ho=0x991001e0) returned 1 [0260.199] CreateSolidBrush (color=0x96) returned 0xd610016f [0260.199] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0xd610016f) returned 1 [0260.199] DeleteObject (ho=0xd610016f) returned 1 [0260.199] CreateSolidBrush (color=0x96) returned 0x61006bb [0260.200] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x61006bb) returned 1 [0260.200] DeleteObject (ho=0x61006bb) returned 1 [0260.200] CreateSolidBrush (color=0xffffff) returned 0x28100775 [0260.200] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x28100775) returned 1 [0260.200] DeleteObject (ho=0x28100775) returned 1 [0260.200] CreateSolidBrush (color=0x0) returned 0x9a1001e0 [0260.200] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x9a1001e0) returned 1 [0260.200] DeleteObject (ho=0x9a1001e0) returned 1 [0260.200] DeleteObject (ho=0x40a06b0) returned 1 [0260.200] CreateFontIndirectA (lplf=0x44b4bc) returned 0x30a06bc [0260.200] SelectObject (hdc=0xf0107c0, h=0x30a06bc) returned 0x40a06b0 [0260.200] SetBkColor (hdc=0xf0107c0, color=0x321200) returned 0x333333 [0260.200] SetTextColor (hdc=0xf0107c0, color=0x877873) returned 0xffffff [0260.200] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x877873 [0260.200] SetBkColor (hdc=0xf0107c0, color=0x96) returned 0x321200 [0260.200] TextOutA (hdc=0xf0107c0, x=230, y=17, lpString="Unauthorized or pirated software has been detected. Your system has been blocked under the authority of 17 U.S.C s.506This computer contains pirated software and has been blocked by ICE-Homeland Security Investigations.Your computer is now blocked.As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=118) returned 1 [0260.201] DeleteObject (ho=0x30a06bc) returned 1 [0260.201] CreateFontIndirectA (lplf=0x44b3cc) returned 0x60a06b0 [0260.201] SelectObject (hdc=0xf0107c0, h=0x60a06b0) returned 0x30a06bc [0260.201] SetBkColor (hdc=0xf0107c0, color=0x0) returned 0x96 [0260.201] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.201] TextOutW (hdc=0xf0107c0, x=225, y=705, lpString="Operation Global III is a coordinated effort by U.S., Canadian, European, Australian, New ZealandEnglish", c=97) returned 1 [0260.201] TextOutA (hdc=0xf0107c0, x=225, y=725, lpString="and other law enforcement agencies across the globe targeting computers with pirated content.O", c=93) returned 1 [0260.201] DeleteObject (ho=0x60a06b0) returned 1 [0260.201] BitBlt (hdc=0xf0107c0, x=235, y=70, cx=300, cy=300, hdcSrc=0x140100d1, x1=0, y1=0, rop=0xcc0020) returned 1 [0260.202] BitBlt (hdc=0xf0107c0, x=1050, y=55, cx=300, cy=300, hdcSrc=0x0, x1=0, y1=0, rop=0xcc0020) returned 0 [0260.202] BitBlt (hdc=0xf0107c0, x=525, y=60, cx=300, cy=300, hdcSrc=0x40101c1, x1=0, y1=0, rop=0xcc0020) returned 1 [0260.202] BitBlt (hdc=0xf0107c0, x=705, y=60, cx=300, cy=300, hdcSrc=0xae0101fa, x1=0, y1=0, rop=0xcc0020) returned 1 [0260.202] BitBlt (hdc=0xf0107c0, x=890, y=60, cx=300, cy=300, hdcSrc=0x9a010771, x1=0, y1=0, rop=0xcc0020) returned 1 [0260.202] CreateSolidBrush (color=0xd2) returned 0x71006bb [0260.202] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x71006bb) returned 1 [0260.202] DeleteObject (ho=0x71006bb) returned 1 [0260.202] BitBlt (hdc=0xf0107c0, x=360, y=550, cx=600, cy=30, hdcSrc=0x3010770, x1=0, y1=0, rop=0xcc0020) returned 1 [0260.202] CreateFontIndirectA (lplf=0x44b444) returned 0x40a06bc [0260.202] SelectObject (hdc=0xf0107c0, h=0x40a06bc) returned 0x60a06b0 [0260.203] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0260.203] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xffffff [0260.203] SetTextColor (hdc=0xf0107c0, color=0xf0) returned 0x0 [0260.203] DrawTextA (in: hdc=0xf0107c0, lpchText="Willful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="Willful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0260.204] DrawTextA (in: hdc=0xf0107c0, lpchText="federal prison, a $250,000 fine, forfeiture and restitution (17 U.S.C s.506, 18 U.S.C s.2319)", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="federal prison, a $250,000 fine, forfeiture and restitution (17 U.S.C s.506, 18 U.S.C s.2319)", lprc=0x520fcac) returned 22 [0260.205] DeleteObject (ho=0x40a06bc) returned 1 [0260.206] CreateFontIndirectA (lplf=0x44b2a0) returned 0xb0a06b0 [0260.206] SelectObject (hdc=0xf0107c0, h=0xb0a06b0) returned 0x40a06bc [0260.206] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.206] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xf0 [0260.206] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.206] DeleteObject (ho=0xb0a06b0) returned 1 [0260.206] CreateFontIndirectA (lplf=0x44b390) returned 0x50a06bc [0260.206] SelectObject (hdc=0xf0107c0, h=0x50a06bc) returned 0xb0a06b0 [0260.206] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.206] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.206] DrawTextA (in: hdc=0xf0107c0, lpchText="Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 15 [0260.209] TextOutA (hdc=0xf0107c0, x=240, y=618, lpString="Any attempt to remove this message will damage your files, hardware and Windows installation. The NSB has two ways to pay a fine:1.You can pay the fine online through BitCoin. BitCoin is available nationwide.Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=93) returned 1 [0260.209] DeleteObject (ho=0x50a06bc) returned 1 [0260.209] CreateFontIndirectA (lplf=0x44b228) returned 0xf0a06b0 [0260.209] SelectObject (hdc=0xf0107c0, h=0xf0a06b0) returned 0x50a06bc [0260.209] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.209] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.209] TextOutA (hdc=0xf0107c0, x=240, y=320, lpString="If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=85) returned 1 [0260.210] TextOutA (hdc=0xf0107c0, x=240, y=340, lpString="which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=107) returned 1 [0260.210] DeleteObject (ho=0xf0a06b0) returned 1 [0260.210] CreateFontIndirectA (lplf=0x44b480) returned 0x80a06bc [0260.210] SelectObject (hdc=0xf0107c0, h=0x80a06bc) returned 0xf0a06b0 [0260.210] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.210] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.210] DrawTextA (in: hdc=0xf0107c0, lpchText="View encrypted files", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="View encrypted files", lprc=0x520fcac) returned 15 [0260.211] DeleteObject (ho=0x80a06bc) returned 1 [0260.211] CreateFontIndirectA (lplf=0x44b2a0) returned 0x130a06b0 [0260.211] SelectObject (hdc=0xf0107c0, h=0x130a06b0) returned 0x80a06bc [0260.211] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.211] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.211] DeleteObject (ho=0x130a06b0) returned 1 [0260.211] CreateFontIndirectA (lplf=0x44b228) returned 0x90a06bc [0260.211] SelectObject (hdc=0xf0107c0, h=0x90a06bc) returned 0x130a06b0 [0260.211] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.211] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.211] DrawTextA (in: hdc=0xf0107c0, lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=65, lprc=0x520fcac, format=0x400 | out: lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 17 [0260.212] DrawTextA (in: hdc=0xf0107c0, lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=65, lprc=0x520fcac, format=0x0 | out: lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 17 [0260.212] DrawTextA (in: hdc=0xf0107c0, lpchText="500 USD 2", cchText=12, lprc=0x520fcac, format=0x400 | out: lpchText="500 USD 2", lprc=0x520fcac) returned 17 [0260.212] DrawTextA (in: hdc=0xf0107c0, lpchText="500 USD 2", cchText=12, lprc=0x520fcac, format=0x0 | out: lpchText="500 USD 2", lprc=0x520fcac) returned 17 [0260.212] TextOutA (hdc=0xf0107c0, x=800, y=300, lpString=" Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=1) returned 1 [0260.213] TextOutA (hdc=0xf0107c0, x=240, y=360, lpString="There are two ways to pay a fine:Unauthorized or pirated software has been detected. Your system has been blocked under the authority of 17 U.S.C s.506This computer contains pirated software and has been blocked by ICE-Homeland Security Investigations.Your computer is now blocked.As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=33) returned 1 [0260.213] TextOutA (hdc=0xf0107c0, x=240, y=380, lpString="1.You can pay the fine online through BitCoin. BitCoin is available nationwide.Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=79) returned 1 [0260.213] TextOutA (hdc=0xf0107c0, x=240, y=400, lpString="Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=108) returned 1 [0260.213] TextOutA (hdc=0xf0107c0, x=240, y=420, lpString="2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=99) returned 1 [0260.215] TextOutA (hdc=0xf0107c0, x=240, y=440, lpString="Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=55) returned 1 [0260.215] TextOutA (hdc=0xf0107c0, x=240, y=460, lpString="To regain access now transfer BitCoins to the following address (click to copy): 1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", c=81) returned 1 [0260.215] DrawTextA (in: hdc=0xf0107c0, lpchText="1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", lprc=0x520fcac) returned 17 [0260.216] TextOutA (hdc=0xf0107c0, x=870, y=525, lpString=" processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=1) returned 1 [0260.216] TextOutA (hdc=0xf0107c0, x=240, y=500, lpString="After the payment is finalized enter Transfer ID below.BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", c=55) returned 1 [0260.216] TextOutA (hdc=0xf0107c0, x=360, y=525, lpString="Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=12) returned 1 [0260.216] TextOutA (hdc=0xf0107c0, x=240, y=525, lpString="Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=7) returned 1 [0260.216] DrawTextA (in: hdc=0xf0107c0, lpchText="BTC 2.369", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="BTC 2.369", lprc=0x520fcac) returned 17 [0260.217] DeleteObject (ho=0x90a06bc) returned 1 [0260.217] CreateFontIndirectA (lplf=0x44b264) returned 0x270a06b0 [0260.217] SelectObject (hdc=0xf0107c0, h=0x270a06b0) returned 0x90a06bc [0260.217] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.217] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.217] SetBkColor (hdc=0xf0107c0, color=0xd2) returned 0xffffff [0260.217] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0260.217] TextOutA (hdc=0xf0107c0, x=1061, y=556, lpString="PAY FINE\x19", c=8) returned 1 [0260.217] DeleteObject (ho=0x270a06b0) returned 1 [0260.217] CreateFontIndirectA (lplf=0x44b228) returned 0xa0a06bc [0260.217] SelectObject (hdc=0xf0107c0, h=0xa0a06bc) returned 0x270a06b0 [0260.217] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xd2 [0260.217] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xffffff [0260.218] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0260.218] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0260.218] TextOutA (hdc=0xf0107c0, x=365, y=556, lpString="|", c=1) returned 1 [0260.218] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0260.218] DeleteObject (ho=0xa0a06bc) returned 1 [0260.218] CreateSolidBrush (color=0xc4c4c4) returned 0x81006bb [0260.218] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x81006bb) returned 1 [0260.218] DeleteObject (ho=0x81006bb) returned 1 [0260.218] CreateFontIndirectA (lplf=0x44b2dc) returned 0x290a06b0 [0260.218] SelectObject (hdc=0xf0107c0, h=0x290a06b0) returned 0xa0a06bc [0260.218] SetBkColor (hdc=0xf0107c0, color=0xc4c4c4) returned 0xffffff [0260.218] SetTextColor (hdc=0xf0107c0, color=0x666666) returned 0xffffff [0260.218] DrawTextA (in: hdc=0xf0107c0, lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0260.218] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", cchText=19, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", lprc=0x520fcac) returned 22 [0260.219] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin ExchangesBitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=17, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin ExchangesBitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0260.219] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=11, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0260.220] DrawTextA (in: hdc=0xf0107c0, lpchText="Internet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=16, lprc=0x520fcac, format=0x25 | out: lpchText="Internet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0260.220] DrawTextA (in: hdc=0xf0107c0, lpchText="NotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="NotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0260.220] DeleteObject (ho=0x290a06b0) returned 1 [0260.220] CreateSolidBrush (color=0xffffff) returned 0x91006bb [0260.220] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x91006bb) returned 1 [0260.220] DeleteObject (ho=0x91006bb) returned 1 [0260.221] CreateFontIndirectA (lplf=0x44b2dc) returned 0x1d0a06bc [0260.221] SelectObject (hdc=0xf0107c0, h=0x1d0a06bc) returned 0x290a06b0 [0260.221] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xc4c4c4 [0260.221] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x666666 [0260.221] DrawTextA (in: hdc=0xf0107c0, lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0260.221] DeleteObject (ho=0x1d0a06bc) returned 1 [0260.221] EndPaint (hWnd=0x400fa, lpPaint=0x520fcc0) returned 1 [0260.221] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x0 [0260.221] GetCurrentThreadId () returned 0x704 [0260.221] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ceecc90, dwHighDateTime=0x1d6076d)) [0260.221] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.222] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.222] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.222] GetCurrentThreadId () returned 0x704 [0260.222] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ceecc90, dwHighDateTime=0x1d6076d)) [0260.222] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.248] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.248] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.248] GetCurrentThreadId () returned 0x704 [0260.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cf38f50, dwHighDateTime=0x1d6076d)) [0260.248] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.270] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.270] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.270] GetCurrentThreadId () returned 0x704 [0260.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cf85210, dwHighDateTime=0x1d6076d)) [0260.270] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.301] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.301] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.301] GetCurrentThreadId () returned 0x704 [0260.301] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1cfd14d0, dwHighDateTime=0x1d6076d)) [0260.301] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.332] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.332] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.332] GetCurrentThreadId () returned 0x704 [0260.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d01d790, dwHighDateTime=0x1d6076d)) [0260.332] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.363] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.363] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.363] GetCurrentThreadId () returned 0x704 [0260.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d069a50, dwHighDateTime=0x1d6076d)) [0260.363] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.395] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.395] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.395] GetCurrentThreadId () returned 0x704 [0260.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d0b5d10, dwHighDateTime=0x1d6076d)) [0260.395] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.426] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.426] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.426] GetCurrentThreadId () returned 0x704 [0260.426] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d101fd0, dwHighDateTime=0x1d6076d)) [0260.427] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.457] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.457] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.457] GetCurrentThreadId () returned 0x704 [0260.457] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d14e290, dwHighDateTime=0x1d6076d)) [0260.457] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.488] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.488] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.488] GetCurrentThreadId () returned 0x704 [0260.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d19a550, dwHighDateTime=0x1d6076d)) [0260.488] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.519] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.519] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.519] GetCurrentThreadId () returned 0x704 [0260.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d1e6810, dwHighDateTime=0x1d6076d)) [0260.519] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.550] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.550] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.550] GetCurrentThreadId () returned 0x704 [0260.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d232ad0, dwHighDateTime=0x1d6076d)) [0260.551] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.582] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.582] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.582] GetCurrentThreadId () returned 0x704 [0260.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d27ed90, dwHighDateTime=0x1d6076d)) [0260.582] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.613] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.613] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.613] GetCurrentThreadId () returned 0x704 [0260.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d2cb050, dwHighDateTime=0x1d6076d)) [0260.613] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.644] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.644] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.644] GetCurrentThreadId () returned 0x704 [0260.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d317310, dwHighDateTime=0x1d6076d)) [0260.644] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.675] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.675] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.675] GetCurrentThreadId () returned 0x704 [0260.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d3635d0, dwHighDateTime=0x1d6076d)) [0260.675] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.706] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.706] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.706] GetCurrentThreadId () returned 0x704 [0260.707] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d3af890, dwHighDateTime=0x1d6076d)) [0260.708] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.738] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.738] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.738] GetCurrentThreadId () returned 0x704 [0260.738] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d3fbb50, dwHighDateTime=0x1d6076d)) [0260.738] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.771] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.771] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.771] GetCurrentThreadId () returned 0x704 [0260.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d447e10, dwHighDateTime=0x1d6076d)) [0260.771] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.800] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.800] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.800] GetCurrentThreadId () returned 0x704 [0260.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d4940d0, dwHighDateTime=0x1d6076d)) [0260.800] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.832] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.832] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.832] GetCurrentThreadId () returned 0x704 [0260.832] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d4e0390, dwHighDateTime=0x1d6076d)) [0260.832] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.866] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.866] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.866] GetCurrentThreadId () returned 0x704 [0260.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d52c650, dwHighDateTime=0x1d6076d)) [0260.866] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.894] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.894] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.894] GetCurrentThreadId () returned 0x704 [0260.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d578910, dwHighDateTime=0x1d6076d)) [0260.895] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.925] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.925] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.925] GetCurrentThreadId () returned 0x704 [0260.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d5c4bd0, dwHighDateTime=0x1d6076d)) [0260.925] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.965] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.965] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.966] GetCurrentThreadId () returned 0x704 [0260.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d610e90, dwHighDateTime=0x1d6076d)) [0260.966] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0260.987] TranslateMessage (lpMsg=0x40f83c) returned 0 [0260.987] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0260.987] GetCurrentThreadId () returned 0x704 [0260.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d65d150, dwHighDateTime=0x1d6076d)) [0260.987] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.019] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.019] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.019] GetCurrentThreadId () returned 0x704 [0261.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d6a9410, dwHighDateTime=0x1d6076d)) [0261.020] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.050] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.050] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.050] GetCurrentThreadId () returned 0x704 [0261.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d6f56d0, dwHighDateTime=0x1d6076d)) [0261.050] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.081] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.081] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.081] GetCurrentThreadId () returned 0x704 [0261.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d741990, dwHighDateTime=0x1d6076d)) [0261.081] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.112] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.112] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.112] GetCurrentThreadId () returned 0x704 [0261.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d78dc50, dwHighDateTime=0x1d6076d)) [0261.112] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.143] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.143] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.143] GetCurrentThreadId () returned 0x704 [0261.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d7d9f10, dwHighDateTime=0x1d6076d)) [0261.143] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.178] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.178] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.178] GetCurrentThreadId () returned 0x704 [0261.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d8261d0, dwHighDateTime=0x1d6076d)) [0261.178] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.206] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.206] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.206] GetCurrentThreadId () returned 0x704 [0261.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d872490, dwHighDateTime=0x1d6076d)) [0261.206] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.237] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.237] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.237] GetCurrentThreadId () returned 0x704 [0261.237] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d8be750, dwHighDateTime=0x1d6076d)) [0261.237] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.268] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.268] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.268] GetCurrentThreadId () returned 0x704 [0261.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d90aa10, dwHighDateTime=0x1d6076d)) [0261.268] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.299] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.299] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.299] GetCurrentThreadId () returned 0x704 [0261.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d956cd0, dwHighDateTime=0x1d6076d)) [0261.299] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.330] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.330] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.330] GetCurrentThreadId () returned 0x704 [0261.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d9a2f90, dwHighDateTime=0x1d6076d)) [0261.331] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.362] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.362] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.362] GetCurrentThreadId () returned 0x704 [0261.362] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1d9ef250, dwHighDateTime=0x1d6076d)) [0261.362] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.397] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.397] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.398] GetCurrentThreadId () returned 0x704 [0261.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1da3b510, dwHighDateTime=0x1d6076d)) [0261.398] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.424] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.424] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.424] GetCurrentThreadId () returned 0x704 [0261.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1da877d0, dwHighDateTime=0x1d6076d)) [0261.424] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.455] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.455] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.455] GetCurrentThreadId () returned 0x704 [0261.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.456] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.486] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.486] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.486] GetCurrentThreadId () returned 0x704 [0261.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1db1fd50, dwHighDateTime=0x1d6076d)) [0261.487] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.518] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.518] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.518] GetCurrentThreadId () returned 0x704 [0261.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1db6c010, dwHighDateTime=0x1d6076d)) [0261.518] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.549] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.549] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.549] GetCurrentThreadId () returned 0x704 [0261.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1dbb82d0, dwHighDateTime=0x1d6076d)) [0261.549] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.580] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.580] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.580] GetCurrentThreadId () returned 0x704 [0261.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1dc04590, dwHighDateTime=0x1d6076d)) [0261.580] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.611] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.611] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.611] GetCurrentThreadId () returned 0x704 [0261.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1dc50850, dwHighDateTime=0x1d6076d)) [0261.611] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.642] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.642] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.642] GetCurrentThreadId () returned 0x704 [0261.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1dc9cb10, dwHighDateTime=0x1d6076d)) [0261.643] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.674] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.674] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.674] GetCurrentThreadId () returned 0x704 [0261.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1dce8dd0, dwHighDateTime=0x1d6076d)) [0261.674] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.705] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.705] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.705] GetCurrentThreadId () returned 0x704 [0261.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1dd35090, dwHighDateTime=0x1d6076d)) [0261.705] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.741] GetCurrentThreadId () returned 0x704 [0261.741] GetCurrentThreadId () returned 0x704 [0261.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x1dd81350, dwHighDateTime=0x1d6076d)) [0261.741] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x84, wParam=0x0, lParam=0x11e016d) returned 0x1 [0261.741] GetCurrentThreadId () returned 0x704 [0261.741] GetCurrentThreadId () returned 0x704 [0261.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x1dd81350, dwHighDateTime=0x1d6076d)) [0261.741] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x20, wParam=0x400fa, lParam=0x2000001) returned 0x0 [0261.741] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.741] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0261.741] GetCurrentThreadId () returned 0x704 [0261.741] GetCurrentThreadId () returned 0x704 [0261.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fc08 | out: lpSystemTimeAsFileTime=0x520fc08*(dwLowDateTime=0x1dd81350, dwHighDateTime=0x1d6076d)) [0261.741] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0261.741] SetClassLongA (hWnd=0x400fa, nIndex=-12, dwNewLong=65539) returned 0x10003 [0261.741] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x200, wParam=0x0, lParam=0x11e016d) returned 0x0 [0261.741] GetCurrentThreadId () returned 0x704 [0261.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1dd81350, dwHighDateTime=0x1d6076d)) [0261.741] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.742] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.742] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.742] GetCurrentThreadId () returned 0x704 [0261.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1dd81350, dwHighDateTime=0x1d6076d)) [0261.742] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.767] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.767] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.767] GetCurrentThreadId () returned 0x704 [0261.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ddcd610, dwHighDateTime=0x1d6076d)) [0261.767] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.799] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.799] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.799] GetCurrentThreadId () returned 0x704 [0261.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1de198d0, dwHighDateTime=0x1d6076d)) [0261.799] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.830] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.830] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.830] GetCurrentThreadId () returned 0x704 [0261.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1de65b90, dwHighDateTime=0x1d6076d)) [0261.830] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.877] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.877] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.877] GetCurrentThreadId () returned 0x704 [0261.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ded7fb0, dwHighDateTime=0x1d6076d)) [0261.877] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.908] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.908] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.908] GetCurrentThreadId () returned 0x704 [0261.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1df24270, dwHighDateTime=0x1d6076d)) [0261.908] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.939] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.939] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.939] GetCurrentThreadId () returned 0x704 [0261.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1df70530, dwHighDateTime=0x1d6076d)) [0261.939] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0261.970] TranslateMessage (lpMsg=0x40f83c) returned 0 [0261.970] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0261.970] GetCurrentThreadId () returned 0x704 [0261.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1dfbc7f0, dwHighDateTime=0x1d6076d)) [0261.970] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.001] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.001] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.001] GetCurrentThreadId () returned 0x704 [0262.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e008ab0, dwHighDateTime=0x1d6076d)) [0262.001] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.032] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.032] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.032] GetCurrentThreadId () returned 0x704 [0262.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e054d70, dwHighDateTime=0x1d6076d)) [0262.032] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.064] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.064] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.064] GetCurrentThreadId () returned 0x704 [0262.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e0a1030, dwHighDateTime=0x1d6076d)) [0262.064] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.098] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.098] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.098] GetCurrentThreadId () returned 0x704 [0262.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e0ed2f0, dwHighDateTime=0x1d6076d)) [0262.098] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.126] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.126] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.126] GetCurrentThreadId () returned 0x704 [0262.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e1395b0, dwHighDateTime=0x1d6076d)) [0262.128] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.158] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.158] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.158] GetCurrentThreadId () returned 0x704 [0262.158] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e185870, dwHighDateTime=0x1d6076d)) [0262.158] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.188] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.188] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.188] GetCurrentThreadId () returned 0x704 [0262.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e1d1b30, dwHighDateTime=0x1d6076d)) [0262.188] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.219] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.220] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.220] GetCurrentThreadId () returned 0x704 [0262.220] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e21ddf0, dwHighDateTime=0x1d6076d)) [0262.220] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.251] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.251] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.251] GetCurrentThreadId () returned 0x704 [0262.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e26a0b0, dwHighDateTime=0x1d6076d)) [0262.251] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.282] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.282] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.282] GetCurrentThreadId () returned 0x704 [0262.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e2b6370, dwHighDateTime=0x1d6076d)) [0262.282] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.313] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.313] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.313] GetCurrentThreadId () returned 0x704 [0262.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e302630, dwHighDateTime=0x1d6076d)) [0262.313] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.344] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.344] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.345] GetCurrentThreadId () returned 0x704 [0262.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e34e8f0, dwHighDateTime=0x1d6076d)) [0262.345] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.376] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.376] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.376] GetCurrentThreadId () returned 0x704 [0262.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e39abb0, dwHighDateTime=0x1d6076d)) [0262.376] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.407] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.407] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.407] GetCurrentThreadId () returned 0x704 [0262.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e3e6e70, dwHighDateTime=0x1d6076d)) [0262.407] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.438] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.438] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.438] GetCurrentThreadId () returned 0x704 [0262.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e433130, dwHighDateTime=0x1d6076d)) [0262.438] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.469] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.469] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.469] GetCurrentThreadId () returned 0x704 [0262.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e47f3f0, dwHighDateTime=0x1d6076d)) [0262.469] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.500] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.500] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.500] GetCurrentThreadId () returned 0x704 [0262.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e4cb6b0, dwHighDateTime=0x1d6076d)) [0262.501] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.532] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.532] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.532] GetCurrentThreadId () returned 0x704 [0262.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e517970, dwHighDateTime=0x1d6076d)) [0262.532] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.563] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.563] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.563] GetCurrentThreadId () returned 0x704 [0262.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e563c30, dwHighDateTime=0x1d6076d)) [0262.563] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.594] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.594] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.594] GetCurrentThreadId () returned 0x704 [0262.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e5afef0, dwHighDateTime=0x1d6076d)) [0262.594] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.625] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.625] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.625] GetCurrentThreadId () returned 0x704 [0262.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e5fc1b0, dwHighDateTime=0x1d6076d)) [0262.625] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.656] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.657] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.657] GetCurrentThreadId () returned 0x704 [0262.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e648470, dwHighDateTime=0x1d6076d)) [0262.657] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.688] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.688] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.688] GetCurrentThreadId () returned 0x704 [0262.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e694730, dwHighDateTime=0x1d6076d)) [0262.688] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.720] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.720] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.720] GetCurrentThreadId () returned 0x704 [0262.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e6e09f0, dwHighDateTime=0x1d6076d)) [0262.720] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.750] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.750] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.750] GetCurrentThreadId () returned 0x704 [0262.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e72ccb0, dwHighDateTime=0x1d6076d)) [0262.750] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.781] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.781] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.781] GetCurrentThreadId () returned 0x704 [0262.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e778f70, dwHighDateTime=0x1d6076d)) [0262.781] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.812] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.812] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.812] GetCurrentThreadId () returned 0x704 [0262.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e7c5230, dwHighDateTime=0x1d6076d)) [0262.812] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.844] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.844] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.844] GetCurrentThreadId () returned 0x704 [0262.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e8114f0, dwHighDateTime=0x1d6076d)) [0262.844] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.890] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.890] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.890] GetCurrentThreadId () returned 0x704 [0262.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e85d7b0, dwHighDateTime=0x1d6076d)) [0262.890] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.906] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.906] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.906] GetCurrentThreadId () returned 0x704 [0262.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e8a9a70, dwHighDateTime=0x1d6076d)) [0262.906] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.937] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.937] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.937] GetCurrentThreadId () returned 0x704 [0262.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e8f5d30, dwHighDateTime=0x1d6076d)) [0262.937] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0262.968] TranslateMessage (lpMsg=0x40f83c) returned 0 [0262.968] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0262.968] GetCurrentThreadId () returned 0x704 [0262.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e941ff0, dwHighDateTime=0x1d6076d)) [0262.969] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.000] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.000] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.000] GetCurrentThreadId () returned 0x704 [0263.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e98e2b0, dwHighDateTime=0x1d6076d)) [0263.000] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.031] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.031] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.031] GetCurrentThreadId () returned 0x704 [0263.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1e9da570, dwHighDateTime=0x1d6076d)) [0263.031] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.062] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.062] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.062] GetCurrentThreadId () returned 0x704 [0263.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ea26830, dwHighDateTime=0x1d6076d)) [0263.062] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.063] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.063] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0263.063] GetCurrentThreadId () returned 0x704 [0263.063] GetCurrentThreadId () returned 0x704 [0263.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb54 | out: lpSystemTimeAsFileTime=0x520fb54*(dwLowDateTime=0x1ea26830, dwHighDateTime=0x1d6076d)) [0263.063] BeginPaint (in: hWnd=0x400fa, lpPaint=0x520fcc0 | out: lpPaint=0x520fcc0) returned 0xf0107c0 [0263.063] CreateFontIndirectA (lplf=0x44b444) returned 0x8e0a01a0 [0263.063] SelectObject (hdc=0xf0107c0, h=0x8e0a01a0) returned 0x18a002e [0263.063] SetBkColor (hdc=0xf0107c0, color=0xe8e8e8) returned 0xffffff [0263.063] SetTextColor (hdc=0xf0107c0, color=0xf5f5f5) returned 0x0 [0263.063] DeleteObject (ho=0x8e0a01a0) returned 1 [0263.063] CreateFontIndirectA (lplf=0x44b2a0) returned 0xf0a06af [0263.063] SelectObject (hdc=0xf0107c0, h=0xf0a06af) returned 0x8e0a01a0 [0263.063] SetBkColor (hdc=0xf0107c0, color=0x333333) returned 0xe8e8e8 [0263.063] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xf5f5f5 [0263.063] DeleteObject (ho=0xf0a06af) returned 1 [0263.063] CreateFontIndirectA (lplf=0x44b1b0) returned 0x8f0a01a0 [0263.063] SelectObject (hdc=0xf0107c0, h=0x8f0a01a0) returned 0xf0a06af [0263.063] SetBkColor (hdc=0xf0107c0, color=0x333333) returned 0x333333 [0263.064] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0263.064] CreateSolidBrush (color=0x96) returned 0xa1006bb [0263.064] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0xa1006bb) returned 1 [0263.064] DeleteObject (ho=0xa1006bb) returned 1 [0263.064] CreateSolidBrush (color=0x96) returned 0x29100775 [0263.064] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x29100775) returned 1 [0263.064] DeleteObject (ho=0x29100775) returned 1 [0263.064] CreateSolidBrush (color=0x96) returned 0xd710016f [0263.064] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0xd710016f) returned 1 [0263.064] DeleteObject (ho=0xd710016f) returned 1 [0263.064] CreateSolidBrush (color=0x96) returned 0x9b1001e0 [0263.064] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x9b1001e0) returned 1 [0263.064] DeleteObject (ho=0x9b1001e0) returned 1 [0263.064] CreateSolidBrush (color=0xffffff) returned 0x101006af [0263.064] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x101006af) returned 1 [0263.064] DeleteObject (ho=0x101006af) returned 1 [0263.064] CreateSolidBrush (color=0x0) returned 0xb1006bb [0263.064] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0xb1006bb) returned 1 [0263.064] DeleteObject (ho=0xb1006bb) returned 1 [0263.064] DeleteObject (ho=0x8f0a01a0) returned 1 [0263.065] CreateFontIndirectA (lplf=0x44b4bc) returned 0x1a0a06a4 [0263.065] SelectObject (hdc=0xf0107c0, h=0x1a0a06a4) returned 0x8f0a01a0 [0263.065] SetBkColor (hdc=0xf0107c0, color=0x321200) returned 0x333333 [0263.065] SetTextColor (hdc=0xf0107c0, color=0x877873) returned 0xffffff [0263.065] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x877873 [0263.065] SetBkColor (hdc=0xf0107c0, color=0x96) returned 0x321200 [0263.065] TextOutA (hdc=0xf0107c0, x=230, y=17, lpString="Unauthorized or pirated software has been detected. Your system has been blocked under the authority of 17 U.S.C s.506This computer contains pirated software and has been blocked by ICE-Homeland Security Investigations.Your computer is now blocked.As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=118) returned 1 [0263.065] DeleteObject (ho=0x1a0a06a4) returned 1 [0263.066] CreateFontIndirectA (lplf=0x44b3cc) returned 0x910a01a0 [0263.066] SelectObject (hdc=0xf0107c0, h=0x910a01a0) returned 0x1a0a06a4 [0263.066] SetBkColor (hdc=0xf0107c0, color=0x0) returned 0x96 [0263.066] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0263.066] TextOutW (hdc=0xf0107c0, x=225, y=705, lpString="Operation Global III is a coordinated effort by U.S., Canadian, European, Australian, New ZealandEnglish", c=97) returned 1 [0263.066] TextOutA (hdc=0xf0107c0, x=225, y=725, lpString="and other law enforcement agencies across the globe targeting computers with pirated content.O", c=93) returned 1 [0263.066] DeleteObject (ho=0x910a01a0) returned 1 [0263.066] BitBlt (hdc=0xf0107c0, x=235, y=70, cx=300, cy=300, hdcSrc=0x140100d1, x1=0, y1=0, rop=0xcc0020) returned 1 [0263.067] BitBlt (hdc=0xf0107c0, x=1050, y=55, cx=300, cy=300, hdcSrc=0x0, x1=0, y1=0, rop=0xcc0020) returned 0 [0263.067] BitBlt (hdc=0xf0107c0, x=525, y=60, cx=300, cy=300, hdcSrc=0x40101c1, x1=0, y1=0, rop=0xcc0020) returned 1 [0263.067] BitBlt (hdc=0xf0107c0, x=705, y=60, cx=300, cy=300, hdcSrc=0xae0101fa, x1=0, y1=0, rop=0xcc0020) returned 1 [0263.067] BitBlt (hdc=0xf0107c0, x=890, y=60, cx=300, cy=300, hdcSrc=0x9a010771, x1=0, y1=0, rop=0xcc0020) returned 1 [0263.067] CreateSolidBrush (color=0xd2) returned 0x111006af [0263.067] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x111006af) returned 1 [0263.067] DeleteObject (ho=0x111006af) returned 1 [0263.067] BitBlt (hdc=0xf0107c0, x=360, y=550, cx=600, cy=30, hdcSrc=0x3010770, x1=0, y1=0, rop=0xcc0020) returned 1 [0263.067] CreateFontIndirectA (lplf=0x44b444) returned 0x1d0a06a4 [0263.067] SelectObject (hdc=0xf0107c0, h=0x1d0a06a4) returned 0x910a01a0 [0263.067] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0263.067] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xffffff [0263.067] SetTextColor (hdc=0xf0107c0, color=0xf0) returned 0x0 [0263.067] DrawTextA (in: hdc=0xf0107c0, lpchText="Willful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="Willful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0263.069] DrawTextA (in: hdc=0xf0107c0, lpchText="federal prison, a $250,000 fine, forfeiture and restitution (17 U.S.C s.506, 18 U.S.C s.2319)", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="federal prison, a $250,000 fine, forfeiture and restitution (17 U.S.C s.506, 18 U.S.C s.2319)", lprc=0x520fcac) returned 22 [0263.070] DeleteObject (ho=0x1d0a06a4) returned 1 [0263.071] CreateFontIndirectA (lplf=0x44b2a0) returned 0x960a01a0 [0263.071] SelectObject (hdc=0xf0107c0, h=0x960a01a0) returned 0x1d0a06a4 [0263.071] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0263.071] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xf0 [0263.071] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0263.071] DeleteObject (ho=0x960a01a0) returned 1 [0263.071] CreateFontIndirectA (lplf=0x44b390) returned 0x1e0a06a4 [0263.071] SelectObject (hdc=0xf0107c0, h=0x1e0a06a4) returned 0x960a01a0 [0263.071] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0263.071] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0263.071] DrawTextA (in: hdc=0xf0107c0, lpchText="Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 15 [0263.073] TextOutA (hdc=0xf0107c0, x=240, y=618, lpString="Any attempt to remove this message will damage your files, hardware and Windows installation. The NSB has two ways to pay a fine:1.You can pay the fine online through BitCoin. BitCoin is available nationwide.Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=93) returned 1 [0263.074] DeleteObject (ho=0x1e0a06a4) returned 1 [0263.074] CreateFontIndirectA (lplf=0x44b228) returned 0x9a0a01a0 [0263.074] SelectObject (hdc=0xf0107c0, h=0x9a0a01a0) returned 0x1e0a06a4 [0263.074] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0263.074] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0263.074] TextOutA (hdc=0xf0107c0, x=240, y=320, lpString="If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=85) returned 1 [0263.074] TextOutA (hdc=0xf0107c0, x=240, y=340, lpString="which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=107) returned 1 [0263.074] DeleteObject (ho=0x9a0a01a0) returned 1 [0263.075] CreateFontIndirectA (lplf=0x44b480) returned 0x210a06a4 [0263.075] SelectObject (hdc=0xf0107c0, h=0x210a06a4) returned 0x9a0a01a0 [0263.075] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0263.075] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0263.075] DrawTextA (in: hdc=0xf0107c0, lpchText="View encrypted files", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="View encrypted files", lprc=0x520fcac) returned 15 [0263.075] DeleteObject (ho=0x210a06a4) returned 1 [0263.075] CreateFontIndirectA (lplf=0x44b2a0) returned 0x9e0a01a0 [0263.075] SelectObject (hdc=0xf0107c0, h=0x9e0a01a0) returned 0x210a06a4 [0263.075] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0263.075] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0263.075] DeleteObject (ho=0x9e0a01a0) returned 1 [0263.075] CreateFontIndirectA (lplf=0x44b228) returned 0x220a06a4 [0263.075] SelectObject (hdc=0xf0107c0, h=0x220a06a4) returned 0x9e0a01a0 [0263.076] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0263.076] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0263.076] DrawTextA (in: hdc=0xf0107c0, lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=65, lprc=0x520fcac, format=0x400 | out: lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 17 [0263.076] DrawTextA (in: hdc=0xf0107c0, lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=65, lprc=0x520fcac, format=0x0 | out: lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 17 [0263.076] DrawTextA (in: hdc=0xf0107c0, lpchText="500 USD 2", cchText=12, lprc=0x520fcac, format=0x400 | out: lpchText="500 USD 2", lprc=0x520fcac) returned 17 [0263.076] DrawTextA (in: hdc=0xf0107c0, lpchText="500 USD 2", cchText=12, lprc=0x520fcac, format=0x0 | out: lpchText="500 USD 2", lprc=0x520fcac) returned 17 [0263.077] TextOutA (hdc=0xf0107c0, x=800, y=300, lpString=" Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=1) returned 1 [0263.077] TextOutA (hdc=0xf0107c0, x=240, y=360, lpString="There are two ways to pay a fine:Unauthorized or pirated software has been detected. Your system has been blocked under the authority of 17 U.S.C s.506This computer contains pirated software and has been blocked by ICE-Homeland Security Investigations.Your computer is now blocked.As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=33) returned 1 [0263.077] TextOutA (hdc=0xf0107c0, x=240, y=380, lpString="1.You can pay the fine online through BitCoin. BitCoin is available nationwide.Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=79) returned 1 [0263.077] TextOutA (hdc=0xf0107c0, x=240, y=400, lpString="Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=108) returned 1 [0263.077] TextOutA (hdc=0xf0107c0, x=240, y=420, lpString="2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=99) returned 1 [0263.088] TextOutA (hdc=0xf0107c0, x=240, y=440, lpString="Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=55) returned 1 [0263.088] TextOutA (hdc=0xf0107c0, x=240, y=460, lpString="To regain access now transfer BitCoins to the following address (click to copy): 1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", c=81) returned 1 [0263.088] DrawTextA (in: hdc=0xf0107c0, lpchText="1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", lprc=0x520fcac) returned 17 [0263.089] TextOutA (hdc=0xf0107c0, x=870, y=525, lpString=" processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=1) returned 1 [0263.089] TextOutA (hdc=0xf0107c0, x=240, y=500, lpString="After the payment is finalized enter Transfer ID below.BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", c=55) returned 1 [0263.089] TextOutA (hdc=0xf0107c0, x=360, y=525, lpString="Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=12) returned 1 [0263.089] TextOutA (hdc=0xf0107c0, x=240, y=525, lpString="Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=7) returned 1 [0263.089] DrawTextA (in: hdc=0xf0107c0, lpchText="BTC 2.369", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="BTC 2.369", lprc=0x520fcac) returned 17 [0263.090] DeleteObject (ho=0x220a06a4) returned 1 [0263.090] CreateFontIndirectA (lplf=0x44b264) returned 0xb20a01a0 [0263.090] SelectObject (hdc=0xf0107c0, h=0xb20a01a0) returned 0x220a06a4 [0263.090] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0263.090] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0263.090] SetBkColor (hdc=0xf0107c0, color=0xd2) returned 0xffffff [0263.090] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0263.090] TextOutA (hdc=0xf0107c0, x=1061, y=556, lpString="PAY FINE\x19", c=8) returned 1 [0263.091] DeleteObject (ho=0xb20a01a0) returned 1 [0263.091] CreateFontIndirectA (lplf=0x44b228) returned 0x230a06a4 [0263.091] SelectObject (hdc=0xf0107c0, h=0x230a06a4) returned 0xb20a01a0 [0263.091] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xd2 [0263.091] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xffffff [0263.091] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0263.091] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0263.091] TextOutA (hdc=0xf0107c0, x=365, y=556, lpString="|", c=1) returned 1 [0263.091] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0263.091] DeleteObject (ho=0x230a06a4) returned 1 [0263.091] CreateSolidBrush (color=0xc4c4c4) returned 0x121006af [0263.091] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x121006af) returned 1 [0263.091] DeleteObject (ho=0x121006af) returned 1 [0263.091] CreateFontIndirectA (lplf=0x44b2dc) returned 0xb40a01a0 [0263.091] SelectObject (hdc=0xf0107c0, h=0xb40a01a0) returned 0x230a06a4 [0263.091] SetBkColor (hdc=0xf0107c0, color=0xc4c4c4) returned 0xffffff [0263.091] SetTextColor (hdc=0xf0107c0, color=0x666666) returned 0xffffff [0263.091] DrawTextA (in: hdc=0xf0107c0, lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0263.092] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", cchText=19, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", lprc=0x520fcac) returned 22 [0263.092] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin ExchangesBitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=17, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin ExchangesBitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0263.092] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=11, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0263.093] DrawTextA (in: hdc=0xf0107c0, lpchText="Internet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=16, lprc=0x520fcac, format=0x25 | out: lpchText="Internet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0263.093] DrawTextA (in: hdc=0xf0107c0, lpchText="NotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="NotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0263.094] DeleteObject (ho=0xb40a01a0) returned 1 [0263.094] CreateSolidBrush (color=0xffffff) returned 0x131006af [0263.094] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x131006af) returned 1 [0263.094] DeleteObject (ho=0x131006af) returned 1 [0263.094] CreateFontIndirectA (lplf=0x44b2dc) returned 0x360a06a4 [0263.094] SelectObject (hdc=0xf0107c0, h=0x360a06a4) returned 0xb40a01a0 [0263.094] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xc4c4c4 [0263.094] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x666666 [0263.094] DrawTextA (in: hdc=0xf0107c0, lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0263.094] DeleteObject (ho=0x360a06a4) returned 1 [0263.094] EndPaint (hWnd=0x400fa, lpPaint=0x520fcc0) returned 1 [0263.094] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x0 [0263.095] GetCurrentThreadId () returned 0x704 [0263.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ea72af0, dwHighDateTime=0x1d6076d)) [0263.095] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.095] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.095] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.095] GetCurrentThreadId () returned 0x704 [0263.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ea72af0, dwHighDateTime=0x1d6076d)) [0263.095] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.095] GetCurrentThreadId () returned 0x704 [0263.095] GetCurrentThreadId () returned 0x704 [0263.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x1ea72af0, dwHighDateTime=0x1d6076d)) [0263.095] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x312, wParam=0x1, lParam=0x0) returned 0x0 [0263.124] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.124] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.124] GetCurrentThreadId () returned 0x704 [0263.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1eabedb0, dwHighDateTime=0x1d6076d)) [0263.124] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.156] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.156] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.156] GetCurrentThreadId () returned 0x704 [0263.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1eb0b070, dwHighDateTime=0x1d6076d)) [0263.156] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.187] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.187] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.187] GetCurrentThreadId () returned 0x704 [0263.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1eb57330, dwHighDateTime=0x1d6076d)) [0263.187] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.218] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.218] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.218] GetCurrentThreadId () returned 0x704 [0263.218] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1eba35f0, dwHighDateTime=0x1d6076d)) [0263.218] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.249] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.249] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.249] GetCurrentThreadId () returned 0x704 [0263.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ebef8b0, dwHighDateTime=0x1d6076d)) [0263.249] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.281] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.281] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.281] GetCurrentThreadId () returned 0x704 [0263.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ec3bb70, dwHighDateTime=0x1d6076d)) [0263.281] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.312] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.312] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.312] GetCurrentThreadId () returned 0x704 [0263.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ec87e30, dwHighDateTime=0x1d6076d)) [0263.312] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.343] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.343] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.343] GetCurrentThreadId () returned 0x704 [0263.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ecd40f0, dwHighDateTime=0x1d6076d)) [0263.343] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.374] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.374] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.374] GetCurrentThreadId () returned 0x704 [0263.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ed203b0, dwHighDateTime=0x1d6076d)) [0263.374] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.405] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.405] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.405] GetCurrentThreadId () returned 0x704 [0263.405] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ed6c670, dwHighDateTime=0x1d6076d)) [0263.405] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.437] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.437] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.437] GetCurrentThreadId () returned 0x704 [0263.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1edb8930, dwHighDateTime=0x1d6076d)) [0263.437] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.468] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.468] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.468] GetCurrentThreadId () returned 0x704 [0263.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ee04bf0, dwHighDateTime=0x1d6076d)) [0263.468] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.499] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.499] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.499] GetCurrentThreadId () returned 0x704 [0263.499] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ee50eb0, dwHighDateTime=0x1d6076d)) [0263.499] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.518] GetCurrentThreadId () returned 0x704 [0263.518] GetCurrentThreadId () returned 0x704 [0263.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x1ee77010, dwHighDateTime=0x1d6076d)) [0263.518] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x84, wParam=0x0, lParam=0x1cb0386) returned 0x1 [0263.518] GetCurrentThreadId () returned 0x704 [0263.518] GetCurrentThreadId () returned 0x704 [0263.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x1ee77010, dwHighDateTime=0x1d6076d)) [0263.518] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x20, wParam=0x400fa, lParam=0x2000001) returned 0x0 [0263.519] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.519] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0263.519] GetCurrentThreadId () returned 0x704 [0263.519] GetCurrentThreadId () returned 0x704 [0263.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fc08 | out: lpSystemTimeAsFileTime=0x520fc08*(dwLowDateTime=0x1ee77010, dwHighDateTime=0x1d6076d)) [0263.519] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0263.519] SetClassLongA (hWnd=0x400fa, nIndex=-12, dwNewLong=65539) returned 0x10003 [0263.519] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x200, wParam=0x0, lParam=0x1cb0386) returned 0x0 [0263.519] GetCurrentThreadId () returned 0x704 [0263.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ee77010, dwHighDateTime=0x1d6076d)) [0263.519] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.530] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.530] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.530] GetCurrentThreadId () returned 0x704 [0263.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ee9d170, dwHighDateTime=0x1d6076d)) [0263.530] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.561] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.561] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.561] GetCurrentThreadId () returned 0x704 [0263.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1eee9430, dwHighDateTime=0x1d6076d)) [0263.562] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.592] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.592] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.593] GetCurrentThreadId () returned 0x704 [0263.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ef356f0, dwHighDateTime=0x1d6076d)) [0263.593] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.624] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.624] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.624] GetCurrentThreadId () returned 0x704 [0263.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ef819b0, dwHighDateTime=0x1d6076d)) [0263.624] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.655] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.655] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.655] GetCurrentThreadId () returned 0x704 [0263.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1efcdc70, dwHighDateTime=0x1d6076d)) [0263.655] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.686] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.686] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.686] GetCurrentThreadId () returned 0x704 [0263.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f019f30, dwHighDateTime=0x1d6076d)) [0263.687] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.718] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.718] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.718] GetCurrentThreadId () returned 0x704 [0263.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f0661f0, dwHighDateTime=0x1d6076d)) [0263.719] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.748] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.748] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.749] GetCurrentThreadId () returned 0x704 [0263.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f0b24b0, dwHighDateTime=0x1d6076d)) [0263.749] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.780] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.780] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.780] GetCurrentThreadId () returned 0x704 [0263.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f0fe770, dwHighDateTime=0x1d6076d)) [0263.780] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.811] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.811] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.811] GetCurrentThreadId () returned 0x704 [0263.811] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f14aa30, dwHighDateTime=0x1d6076d)) [0263.811] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.842] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.842] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.842] GetCurrentThreadId () returned 0x704 [0263.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f196cf0, dwHighDateTime=0x1d6076d)) [0263.842] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.873] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.873] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.873] GetCurrentThreadId () returned 0x704 [0263.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f1e2fb0, dwHighDateTime=0x1d6076d)) [0263.873] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.904] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.904] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.904] GetCurrentThreadId () returned 0x704 [0263.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f22f270, dwHighDateTime=0x1d6076d)) [0263.905] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.936] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.936] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.936] GetCurrentThreadId () returned 0x704 [0263.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f27b530, dwHighDateTime=0x1d6076d)) [0263.936] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.967] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.967] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.967] GetCurrentThreadId () returned 0x704 [0263.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f2c77f0, dwHighDateTime=0x1d6076d)) [0263.967] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0263.998] TranslateMessage (lpMsg=0x40f83c) returned 0 [0263.998] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0263.998] GetCurrentThreadId () returned 0x704 [0263.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f313ab0, dwHighDateTime=0x1d6076d)) [0263.998] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.029] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.029] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.029] GetCurrentThreadId () returned 0x704 [0264.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f35fd70, dwHighDateTime=0x1d6076d)) [0264.029] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.061] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.061] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.061] GetCurrentThreadId () returned 0x704 [0264.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f3ac030, dwHighDateTime=0x1d6076d)) [0264.061] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.092] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.092] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.092] GetCurrentThreadId () returned 0x704 [0264.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f3f82f0, dwHighDateTime=0x1d6076d)) [0264.092] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.123] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.123] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.123] GetCurrentThreadId () returned 0x704 [0264.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f4445b0, dwHighDateTime=0x1d6076d)) [0264.123] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.154] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.154] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.154] GetCurrentThreadId () returned 0x704 [0264.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f490870, dwHighDateTime=0x1d6076d)) [0264.155] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.186] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.186] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.186] GetCurrentThreadId () returned 0x704 [0264.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f4dcb30, dwHighDateTime=0x1d6076d)) [0264.186] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.216] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.217] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.217] GetCurrentThreadId () returned 0x704 [0264.217] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f528df0, dwHighDateTime=0x1d6076d)) [0264.217] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.248] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.248] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.248] GetCurrentThreadId () returned 0x704 [0264.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f5750b0, dwHighDateTime=0x1d6076d)) [0264.248] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.279] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.279] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.279] GetCurrentThreadId () returned 0x704 [0264.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f5c1370, dwHighDateTime=0x1d6076d)) [0264.279] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.310] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.310] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.310] GetCurrentThreadId () returned 0x704 [0264.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f60d630, dwHighDateTime=0x1d6076d)) [0264.310] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.341] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.341] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.341] GetCurrentThreadId () returned 0x704 [0264.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f6598f0, dwHighDateTime=0x1d6076d)) [0264.341] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.372] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.372] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.372] GetCurrentThreadId () returned 0x704 [0264.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f6a5bb0, dwHighDateTime=0x1d6076d)) [0264.372] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.403] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.404] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.404] GetCurrentThreadId () returned 0x704 [0264.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f6f1e70, dwHighDateTime=0x1d6076d)) [0264.404] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.435] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.435] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.435] GetCurrentThreadId () returned 0x704 [0264.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f73e130, dwHighDateTime=0x1d6076d)) [0264.435] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.466] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.466] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.466] GetCurrentThreadId () returned 0x704 [0264.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f78a3f0, dwHighDateTime=0x1d6076d)) [0264.466] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.497] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.497] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.497] GetCurrentThreadId () returned 0x704 [0264.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f7d66b0, dwHighDateTime=0x1d6076d)) [0264.497] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.528] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.528] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.528] GetCurrentThreadId () returned 0x704 [0264.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f822970, dwHighDateTime=0x1d6076d)) [0264.528] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.559] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.560] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.560] GetCurrentThreadId () returned 0x704 [0264.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f86ec30, dwHighDateTime=0x1d6076d)) [0264.560] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.591] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.591] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.591] GetCurrentThreadId () returned 0x704 [0264.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f8baef0, dwHighDateTime=0x1d6076d)) [0264.591] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.622] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.622] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.622] GetCurrentThreadId () returned 0x704 [0264.622] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f9071b0, dwHighDateTime=0x1d6076d)) [0264.622] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.653] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.653] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.653] GetCurrentThreadId () returned 0x704 [0264.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f953470, dwHighDateTime=0x1d6076d)) [0264.653] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.684] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.684] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.685] GetCurrentThreadId () returned 0x704 [0264.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f99f730, dwHighDateTime=0x1d6076d)) [0264.685] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.716] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.716] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.716] GetCurrentThreadId () returned 0x704 [0264.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1f9eb9f0, dwHighDateTime=0x1d6076d)) [0264.716] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.749] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.749] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.749] GetCurrentThreadId () returned 0x704 [0264.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fa37cb0, dwHighDateTime=0x1d6076d)) [0264.749] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.778] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.778] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.778] GetCurrentThreadId () returned 0x704 [0264.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fa83f70, dwHighDateTime=0x1d6076d)) [0264.778] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.809] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.809] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.809] GetCurrentThreadId () returned 0x704 [0264.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fad0230, dwHighDateTime=0x1d6076d)) [0264.809] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.840] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.840] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.840] GetCurrentThreadId () returned 0x704 [0264.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fb1c4f0, dwHighDateTime=0x1d6076d)) [0264.841] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.872] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.872] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.872] GetCurrentThreadId () returned 0x704 [0264.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fb687b0, dwHighDateTime=0x1d6076d)) [0264.872] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.919] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.919] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.920] GetCurrentThreadId () returned 0x704 [0264.920] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fbdabd0, dwHighDateTime=0x1d6076d)) [0264.920] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.955] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.955] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.955] GetCurrentThreadId () returned 0x704 [0264.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fc26e90, dwHighDateTime=0x1d6076d)) [0264.955] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0264.981] TranslateMessage (lpMsg=0x40f83c) returned 0 [0264.981] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0264.981] GetCurrentThreadId () returned 0x704 [0264.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fc73150, dwHighDateTime=0x1d6076d)) [0264.981] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.012] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.012] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.012] GetCurrentThreadId () returned 0x704 [0265.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fcbf410, dwHighDateTime=0x1d6076d)) [0265.012] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.043] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.043] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.043] GetCurrentThreadId () returned 0x704 [0265.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fd0b6d0, dwHighDateTime=0x1d6076d)) [0265.043] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.074] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.074] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.074] GetCurrentThreadId () returned 0x704 [0265.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fd57990, dwHighDateTime=0x1d6076d)) [0265.074] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.106] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.106] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.106] GetCurrentThreadId () returned 0x704 [0265.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fda3c50, dwHighDateTime=0x1d6076d)) [0265.106] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.137] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.137] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.137] GetCurrentThreadId () returned 0x704 [0265.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fdeff10, dwHighDateTime=0x1d6076d)) [0265.137] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.168] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.168] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.168] GetCurrentThreadId () returned 0x704 [0265.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fe3c1d0, dwHighDateTime=0x1d6076d)) [0265.168] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.199] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.199] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.199] GetCurrentThreadId () returned 0x704 [0265.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fe88490, dwHighDateTime=0x1d6076d)) [0265.199] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.230] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.230] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.230] GetCurrentThreadId () returned 0x704 [0265.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1fed4750, dwHighDateTime=0x1d6076d)) [0265.231] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.262] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.262] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.262] GetCurrentThreadId () returned 0x704 [0265.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ff20a10, dwHighDateTime=0x1d6076d)) [0265.262] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.293] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.293] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.293] GetCurrentThreadId () returned 0x704 [0265.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ff6ccd0, dwHighDateTime=0x1d6076d)) [0265.293] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.324] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.324] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.324] GetCurrentThreadId () returned 0x704 [0265.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x1ffb8f90, dwHighDateTime=0x1d6076d)) [0265.324] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.355] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.355] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.355] GetCurrentThreadId () returned 0x704 [0265.355] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20005250, dwHighDateTime=0x1d6076d)) [0265.355] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.386] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.386] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.386] GetCurrentThreadId () returned 0x704 [0265.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20051510, dwHighDateTime=0x1d6076d)) [0265.387] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.418] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.418] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.418] GetCurrentThreadId () returned 0x704 [0265.418] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2009d7d0, dwHighDateTime=0x1d6076d)) [0265.418] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.449] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.449] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.449] GetCurrentThreadId () returned 0x704 [0265.449] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x200e9a90, dwHighDateTime=0x1d6076d)) [0265.449] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.480] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.480] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.480] GetCurrentThreadId () returned 0x704 [0265.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20135d50, dwHighDateTime=0x1d6076d)) [0265.480] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.511] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.511] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.511] GetCurrentThreadId () returned 0x704 [0265.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20182010, dwHighDateTime=0x1d6076d)) [0265.511] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.542] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.542] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.542] GetCurrentThreadId () returned 0x704 [0265.542] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x201ce2d0, dwHighDateTime=0x1d6076d)) [0265.543] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.574] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.574] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.574] GetCurrentThreadId () returned 0x704 [0265.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2021a590, dwHighDateTime=0x1d6076d)) [0265.574] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.605] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.605] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.605] GetCurrentThreadId () returned 0x704 [0265.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20266850, dwHighDateTime=0x1d6076d)) [0265.605] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.636] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.636] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.636] GetCurrentThreadId () returned 0x704 [0265.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x202b2b10, dwHighDateTime=0x1d6076d)) [0265.636] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.670] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.670] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.670] GetCurrentThreadId () returned 0x704 [0265.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x202fedd0, dwHighDateTime=0x1d6076d)) [0265.670] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.699] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.699] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.699] GetCurrentThreadId () returned 0x704 [0265.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2034b090, dwHighDateTime=0x1d6076d)) [0265.699] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.730] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.730] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.730] GetCurrentThreadId () returned 0x704 [0265.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20397350, dwHighDateTime=0x1d6076d)) [0265.730] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.761] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.761] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.761] GetCurrentThreadId () returned 0x704 [0265.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x203e3610, dwHighDateTime=0x1d6076d)) [0265.761] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.792] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.792] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.792] GetCurrentThreadId () returned 0x704 [0265.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2042f8d0, dwHighDateTime=0x1d6076d)) [0265.792] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.823] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.823] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.823] GetCurrentThreadId () returned 0x704 [0265.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2047bb90, dwHighDateTime=0x1d6076d)) [0265.823] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.854] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.854] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.854] GetCurrentThreadId () returned 0x704 [0265.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x204c7e50, dwHighDateTime=0x1d6076d)) [0265.855] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.886] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.886] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.886] GetCurrentThreadId () returned 0x704 [0265.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20514110, dwHighDateTime=0x1d6076d)) [0265.886] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.930] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.930] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.930] GetCurrentThreadId () returned 0x704 [0265.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x205603d0, dwHighDateTime=0x1d6076d)) [0265.930] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.960] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.960] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.960] GetCurrentThreadId () returned 0x704 [0265.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x205ac690, dwHighDateTime=0x1d6076d)) [0265.960] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0265.979] TranslateMessage (lpMsg=0x40f83c) returned 0 [0265.979] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0265.979] GetCurrentThreadId () returned 0x704 [0265.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x205f8950, dwHighDateTime=0x1d6076d)) [0265.979] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.010] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.010] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.011] GetCurrentThreadId () returned 0x704 [0266.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20644c10, dwHighDateTime=0x1d6076d)) [0266.011] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.042] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.042] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.042] GetCurrentThreadId () returned 0x704 [0266.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20690ed0, dwHighDateTime=0x1d6076d)) [0266.042] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.073] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.073] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.073] GetCurrentThreadId () returned 0x704 [0266.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x206dd190, dwHighDateTime=0x1d6076d)) [0266.073] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.104] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.104] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.104] GetCurrentThreadId () returned 0x704 [0266.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20729450, dwHighDateTime=0x1d6076d)) [0266.104] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.135] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.135] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.135] GetCurrentThreadId () returned 0x704 [0266.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20775710, dwHighDateTime=0x1d6076d)) [0266.135] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.166] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.166] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.167] GetCurrentThreadId () returned 0x704 [0266.167] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x207c19d0, dwHighDateTime=0x1d6076d)) [0266.167] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.198] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.198] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.198] GetCurrentThreadId () returned 0x704 [0266.198] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2080dc90, dwHighDateTime=0x1d6076d)) [0266.198] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.229] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.229] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.229] GetCurrentThreadId () returned 0x704 [0266.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20859f50, dwHighDateTime=0x1d6076d)) [0266.229] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.260] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.260] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.260] GetCurrentThreadId () returned 0x704 [0266.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x208a6210, dwHighDateTime=0x1d6076d)) [0266.260] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.291] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.291] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.291] GetCurrentThreadId () returned 0x704 [0266.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x208f24d0, dwHighDateTime=0x1d6076d)) [0266.291] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.324] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.324] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.324] GetCurrentThreadId () returned 0x704 [0266.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2093e790, dwHighDateTime=0x1d6076d)) [0266.325] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.354] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.354] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.354] GetCurrentThreadId () returned 0x704 [0266.354] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2098aa50, dwHighDateTime=0x1d6076d)) [0266.354] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.386] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.386] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.386] GetCurrentThreadId () returned 0x704 [0266.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x209d6d10, dwHighDateTime=0x1d6076d)) [0266.386] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.416] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.416] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.416] GetCurrentThreadId () returned 0x704 [0266.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20a22fd0, dwHighDateTime=0x1d6076d)) [0266.416] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.447] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.447] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.447] GetCurrentThreadId () returned 0x704 [0266.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20a6f290, dwHighDateTime=0x1d6076d)) [0266.447] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.478] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.478] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.479] GetCurrentThreadId () returned 0x704 [0266.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20abb550, dwHighDateTime=0x1d6076d)) [0266.479] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.510] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.510] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.510] GetCurrentThreadId () returned 0x704 [0266.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20b07810, dwHighDateTime=0x1d6076d)) [0266.510] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.541] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.541] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.541] GetCurrentThreadId () returned 0x704 [0266.541] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20b53ad0, dwHighDateTime=0x1d6076d)) [0266.541] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.572] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.572] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.572] GetCurrentThreadId () returned 0x704 [0266.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20b9fd90, dwHighDateTime=0x1d6076d)) [0266.572] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.603] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.603] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.603] GetCurrentThreadId () returned 0x704 [0266.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20bec050, dwHighDateTime=0x1d6076d)) [0266.603] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.635] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.635] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.636] GetCurrentThreadId () returned 0x704 [0266.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20c38310, dwHighDateTime=0x1d6076d)) [0266.636] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.666] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.666] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.666] GetCurrentThreadId () returned 0x704 [0266.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20c845d0, dwHighDateTime=0x1d6076d)) [0266.666] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.697] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.697] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.697] GetCurrentThreadId () returned 0x704 [0266.697] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20cd0890, dwHighDateTime=0x1d6076d)) [0266.697] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.728] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.728] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.728] GetCurrentThreadId () returned 0x704 [0266.728] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20d1cb50, dwHighDateTime=0x1d6076d)) [0266.728] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.760] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.760] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.760] GetCurrentThreadId () returned 0x704 [0266.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20d68e10, dwHighDateTime=0x1d6076d)) [0266.760] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.790] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.790] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.790] GetCurrentThreadId () returned 0x704 [0266.791] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20db50d0, dwHighDateTime=0x1d6076d)) [0266.791] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.822] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.822] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.822] GetCurrentThreadId () returned 0x704 [0266.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20e01390, dwHighDateTime=0x1d6076d)) [0266.822] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.853] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.853] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.853] GetCurrentThreadId () returned 0x704 [0266.853] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20e4d650, dwHighDateTime=0x1d6076d)) [0266.853] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.884] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.884] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.884] GetCurrentThreadId () returned 0x704 [0266.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20e99910, dwHighDateTime=0x1d6076d)) [0266.884] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.915] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.915] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.915] GetCurrentThreadId () returned 0x704 [0266.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20ee5bd0, dwHighDateTime=0x1d6076d)) [0266.915] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.952] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.952] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.952] GetCurrentThreadId () returned 0x704 [0266.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20f31e90, dwHighDateTime=0x1d6076d)) [0266.952] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0266.978] TranslateMessage (lpMsg=0x40f83c) returned 0 [0266.978] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0266.978] GetCurrentThreadId () returned 0x704 [0266.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20f7e150, dwHighDateTime=0x1d6076d)) [0266.978] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.009] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.009] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.009] GetCurrentThreadId () returned 0x704 [0267.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x20fca410, dwHighDateTime=0x1d6076d)) [0267.009] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.041] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.041] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.041] GetCurrentThreadId () returned 0x704 [0267.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x210166d0, dwHighDateTime=0x1d6076d)) [0267.041] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.071] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.071] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.071] GetCurrentThreadId () returned 0x704 [0267.071] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21062990, dwHighDateTime=0x1d6076d)) [0267.071] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.105] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.105] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.105] GetCurrentThreadId () returned 0x704 [0267.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x210aec50, dwHighDateTime=0x1d6076d)) [0267.105] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.134] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.134] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.134] GetCurrentThreadId () returned 0x704 [0267.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x210faf10, dwHighDateTime=0x1d6076d)) [0267.134] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.150] GetCurrentThreadId () returned 0x704 [0267.150] GetCurrentThreadId () returned 0x704 [0267.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x21121070, dwHighDateTime=0x1d6076d)) [0267.150] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x312, wParam=0x1, lParam=0x0) returned 0x0 [0267.165] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.165] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.165] GetCurrentThreadId () returned 0x704 [0267.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x211471d0, dwHighDateTime=0x1d6076d)) [0267.165] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.196] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.196] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.196] GetCurrentThreadId () returned 0x704 [0267.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21193490, dwHighDateTime=0x1d6076d)) [0267.196] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.227] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.227] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.227] GetCurrentThreadId () returned 0x704 [0267.227] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x211df750, dwHighDateTime=0x1d6076d)) [0267.227] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.259] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.259] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.259] GetCurrentThreadId () returned 0x704 [0267.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2122ba10, dwHighDateTime=0x1d6076d)) [0267.259] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.290] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.290] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.290] GetCurrentThreadId () returned 0x704 [0267.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21277cd0, dwHighDateTime=0x1d6076d)) [0267.290] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.321] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.321] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.321] GetCurrentThreadId () returned 0x704 [0267.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x212c3f90, dwHighDateTime=0x1d6076d)) [0267.321] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.352] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.352] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.352] GetCurrentThreadId () returned 0x704 [0267.352] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21310250, dwHighDateTime=0x1d6076d)) [0267.352] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.383] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.383] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.383] GetCurrentThreadId () returned 0x704 [0267.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2135c510, dwHighDateTime=0x1d6076d)) [0267.383] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.414] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.414] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.414] GetCurrentThreadId () returned 0x704 [0267.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x213a87d0, dwHighDateTime=0x1d6076d)) [0267.415] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.446] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.446] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.446] GetCurrentThreadId () returned 0x704 [0267.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x213f4a90, dwHighDateTime=0x1d6076d)) [0267.446] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.477] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.477] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.477] GetCurrentThreadId () returned 0x704 [0267.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21440d50, dwHighDateTime=0x1d6076d)) [0267.477] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.508] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.508] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.508] GetCurrentThreadId () returned 0x704 [0267.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2148d010, dwHighDateTime=0x1d6076d)) [0267.508] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.539] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.539] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.539] GetCurrentThreadId () returned 0x704 [0267.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x214d92d0, dwHighDateTime=0x1d6076d)) [0267.539] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.570] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.570] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.570] GetCurrentThreadId () returned 0x704 [0267.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21525590, dwHighDateTime=0x1d6076d)) [0267.571] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.602] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.602] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.602] GetCurrentThreadId () returned 0x704 [0267.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21571850, dwHighDateTime=0x1d6076d)) [0267.603] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.633] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.633] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.633] GetCurrentThreadId () returned 0x704 [0267.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x215bdb10, dwHighDateTime=0x1d6076d)) [0267.633] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.664] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.664] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.664] GetCurrentThreadId () returned 0x704 [0267.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21609dd0, dwHighDateTime=0x1d6076d)) [0267.664] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.695] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.695] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.695] GetCurrentThreadId () returned 0x704 [0267.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21656090, dwHighDateTime=0x1d6076d)) [0267.695] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.726] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.726] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.727] GetCurrentThreadId () returned 0x704 [0267.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x216a2350, dwHighDateTime=0x1d6076d)) [0267.727] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.760] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.760] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.760] GetCurrentThreadId () returned 0x704 [0267.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x216ee610, dwHighDateTime=0x1d6076d)) [0267.761] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.789] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.789] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.789] GetCurrentThreadId () returned 0x704 [0267.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2173a8d0, dwHighDateTime=0x1d6076d)) [0267.789] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.820] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.820] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.820] GetCurrentThreadId () returned 0x704 [0267.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21786b90, dwHighDateTime=0x1d6076d)) [0267.820] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.851] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.851] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.851] GetCurrentThreadId () returned 0x704 [0267.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x217d2e50, dwHighDateTime=0x1d6076d)) [0267.851] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.882] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.882] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.882] GetCurrentThreadId () returned 0x704 [0267.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2181f110, dwHighDateTime=0x1d6076d)) [0267.883] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.914] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.914] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.914] GetCurrentThreadId () returned 0x704 [0267.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2186b3d0, dwHighDateTime=0x1d6076d)) [0267.914] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.963] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.963] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.963] GetCurrentThreadId () returned 0x704 [0267.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x218dd7f0, dwHighDateTime=0x1d6076d)) [0267.963] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0267.992] TranslateMessage (lpMsg=0x40f83c) returned 0 [0267.992] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0267.992] GetCurrentThreadId () returned 0x704 [0267.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21929ab0, dwHighDateTime=0x1d6076d)) [0267.992] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.023] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.023] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.023] GetCurrentThreadId () returned 0x704 [0268.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21975d70, dwHighDateTime=0x1d6076d)) [0268.023] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.054] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.054] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.054] GetCurrentThreadId () returned 0x704 [0268.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x219c2030, dwHighDateTime=0x1d6076d)) [0268.054] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.088] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.088] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.089] GetCurrentThreadId () returned 0x704 [0268.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21a0e2f0, dwHighDateTime=0x1d6076d)) [0268.089] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.116] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.116] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.116] GetCurrentThreadId () returned 0x704 [0268.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21a5a5b0, dwHighDateTime=0x1d6076d)) [0268.117] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.148] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.148] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.148] GetCurrentThreadId () returned 0x704 [0268.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21aa6870, dwHighDateTime=0x1d6076d)) [0268.148] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.179] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.179] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.179] GetCurrentThreadId () returned 0x704 [0268.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21af2b30, dwHighDateTime=0x1d6076d)) [0268.179] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.210] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.210] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.210] GetCurrentThreadId () returned 0x704 [0268.210] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21b3edf0, dwHighDateTime=0x1d6076d)) [0268.210] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.241] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.241] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.241] GetCurrentThreadId () returned 0x704 [0268.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21b8b0b0, dwHighDateTime=0x1d6076d)) [0268.241] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.272] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.272] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.273] GetCurrentThreadId () returned 0x704 [0268.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21bd7370, dwHighDateTime=0x1d6076d)) [0268.273] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.304] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.304] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.304] GetCurrentThreadId () returned 0x704 [0268.304] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21c23630, dwHighDateTime=0x1d6076d)) [0268.304] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.335] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.335] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.335] GetCurrentThreadId () returned 0x704 [0268.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21c6f8f0, dwHighDateTime=0x1d6076d)) [0268.335] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.366] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.366] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.366] GetCurrentThreadId () returned 0x704 [0268.366] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21cbbbb0, dwHighDateTime=0x1d6076d)) [0268.366] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.397] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.397] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.397] GetCurrentThreadId () returned 0x704 [0268.397] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21d07e70, dwHighDateTime=0x1d6076d)) [0268.397] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.429] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.429] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.429] GetCurrentThreadId () returned 0x704 [0268.429] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21d54130, dwHighDateTime=0x1d6076d)) [0268.429] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.460] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.460] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.460] GetCurrentThreadId () returned 0x704 [0268.460] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21da03f0, dwHighDateTime=0x1d6076d)) [0268.460] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.491] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.491] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.491] GetCurrentThreadId () returned 0x704 [0268.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21dec6b0, dwHighDateTime=0x1d6076d)) [0268.491] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.522] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.522] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.522] GetCurrentThreadId () returned 0x704 [0268.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21e38970, dwHighDateTime=0x1d6076d)) [0268.522] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.553] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.553] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.553] GetCurrentThreadId () returned 0x704 [0268.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21e84c30, dwHighDateTime=0x1d6076d)) [0268.553] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.584] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.584] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.584] GetCurrentThreadId () returned 0x704 [0268.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21ed0ef0, dwHighDateTime=0x1d6076d)) [0268.585] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.616] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.616] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.616] GetCurrentThreadId () returned 0x704 [0268.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21f1d1b0, dwHighDateTime=0x1d6076d)) [0268.616] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.647] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.647] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.647] GetCurrentThreadId () returned 0x704 [0268.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21f69470, dwHighDateTime=0x1d6076d)) [0268.647] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.678] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.678] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.678] GetCurrentThreadId () returned 0x704 [0268.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x21fb5730, dwHighDateTime=0x1d6076d)) [0268.678] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.709] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.709] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.709] GetCurrentThreadId () returned 0x704 [0268.709] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x220019f0, dwHighDateTime=0x1d6076d)) [0268.709] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.741] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.741] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.741] GetCurrentThreadId () returned 0x704 [0268.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2204dcb0, dwHighDateTime=0x1d6076d)) [0268.741] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.772] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.772] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.772] GetCurrentThreadId () returned 0x704 [0268.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22099f70, dwHighDateTime=0x1d6076d)) [0268.772] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.806] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.806] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.806] GetCurrentThreadId () returned 0x704 [0268.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x220e6230, dwHighDateTime=0x1d6076d)) [0268.806] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.834] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.834] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.834] GetCurrentThreadId () returned 0x704 [0268.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x221324f0, dwHighDateTime=0x1d6076d)) [0268.834] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.865] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.865] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.865] GetCurrentThreadId () returned 0x704 [0268.865] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2217e7b0, dwHighDateTime=0x1d6076d)) [0268.865] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.896] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.896] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.897] GetCurrentThreadId () returned 0x704 [0268.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x221caa70, dwHighDateTime=0x1d6076d)) [0268.897] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.928] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.928] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.928] GetCurrentThreadId () returned 0x704 [0268.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22216d30, dwHighDateTime=0x1d6076d)) [0268.928] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0268.984] TranslateMessage (lpMsg=0x40f83c) returned 0 [0268.984] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0268.984] GetCurrentThreadId () returned 0x704 [0268.984] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22289150, dwHighDateTime=0x1d6076d)) [0268.984] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.006] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.006] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.006] GetCurrentThreadId () returned 0x704 [0269.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x222d5410, dwHighDateTime=0x1d6076d)) [0269.006] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.037] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.037] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.037] GetCurrentThreadId () returned 0x704 [0269.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x223216d0, dwHighDateTime=0x1d6076d)) [0269.037] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.068] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.068] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.068] GetCurrentThreadId () returned 0x704 [0269.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2236d990, dwHighDateTime=0x1d6076d)) [0269.068] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.099] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.099] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.099] GetCurrentThreadId () returned 0x704 [0269.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x223b9c50, dwHighDateTime=0x1d6076d)) [0269.099] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.131] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.131] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.131] GetCurrentThreadId () returned 0x704 [0269.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22405f10, dwHighDateTime=0x1d6076d)) [0269.131] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.162] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.162] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.162] GetCurrentThreadId () returned 0x704 [0269.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x224521d0, dwHighDateTime=0x1d6076d)) [0269.162] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.193] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.193] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.193] GetCurrentThreadId () returned 0x704 [0269.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2249e490, dwHighDateTime=0x1d6076d)) [0269.193] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.224] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.224] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.224] GetCurrentThreadId () returned 0x704 [0269.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x224ea750, dwHighDateTime=0x1d6076d)) [0269.224] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.255] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.255] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.255] GetCurrentThreadId () returned 0x704 [0269.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22536a10, dwHighDateTime=0x1d6076d)) [0269.256] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.286] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.286] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.287] GetCurrentThreadId () returned 0x704 [0269.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22582cd0, dwHighDateTime=0x1d6076d)) [0269.287] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.318] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.318] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.318] GetCurrentThreadId () returned 0x704 [0269.318] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x225cef90, dwHighDateTime=0x1d6076d)) [0269.318] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.349] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.349] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.349] GetCurrentThreadId () returned 0x704 [0269.349] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2261b250, dwHighDateTime=0x1d6076d)) [0269.349] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.380] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.384] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.384] GetCurrentThreadId () returned 0x704 [0269.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22667510, dwHighDateTime=0x1d6076d)) [0269.384] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.384] GetCurrentThreadId () returned 0x704 [0269.384] GetCurrentThreadId () returned 0x704 [0269.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x22667510, dwHighDateTime=0x1d6076d)) [0269.384] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x84, wParam=0x0, lParam=0x2560298) returned 0x1 [0269.385] GetCurrentThreadId () returned 0x704 [0269.385] GetCurrentThreadId () returned 0x704 [0269.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x22667510, dwHighDateTime=0x1d6076d)) [0269.385] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x20, wParam=0x400fa, lParam=0x2000001) returned 0x0 [0269.385] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.385] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0269.385] GetCurrentThreadId () returned 0x704 [0269.385] GetCurrentThreadId () returned 0x704 [0269.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fc08 | out: lpSystemTimeAsFileTime=0x520fc08*(dwLowDateTime=0x22667510, dwHighDateTime=0x1d6076d)) [0269.385] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0269.385] SetClassLongA (hWnd=0x400fa, nIndex=-12, dwNewLong=65539) returned 0x10003 [0269.385] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x200, wParam=0x0, lParam=0x2560298) returned 0x0 [0269.385] GetCurrentThreadId () returned 0x704 [0269.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22667510, dwHighDateTime=0x1d6076d)) [0269.386] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.411] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.411] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.411] GetCurrentThreadId () returned 0x704 [0269.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x226b37d0, dwHighDateTime=0x1d6076d)) [0269.411] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.443] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.443] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.443] GetCurrentThreadId () returned 0x704 [0269.443] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x226ffa90, dwHighDateTime=0x1d6076d)) [0269.443] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.474] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.474] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.474] GetCurrentThreadId () returned 0x704 [0269.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2274bd50, dwHighDateTime=0x1d6076d)) [0269.474] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.505] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.505] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.505] GetCurrentThreadId () returned 0x704 [0269.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22798010, dwHighDateTime=0x1d6076d)) [0269.505] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.536] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.536] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.536] GetCurrentThreadId () returned 0x704 [0269.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x227e42d0, dwHighDateTime=0x1d6076d)) [0269.536] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.567] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.567] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.567] GetCurrentThreadId () returned 0x704 [0269.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22830590, dwHighDateTime=0x1d6076d)) [0269.567] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.599] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.599] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.599] GetCurrentThreadId () returned 0x704 [0269.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2287c850, dwHighDateTime=0x1d6076d)) [0269.599] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.632] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.632] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.633] GetCurrentThreadId () returned 0x704 [0269.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x228c8b10, dwHighDateTime=0x1d6076d)) [0269.633] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.665] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.665] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.666] GetCurrentThreadId () returned 0x704 [0269.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.666] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.692] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.692] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.692] GetCurrentThreadId () returned 0x704 [0269.692] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22961090, dwHighDateTime=0x1d6076d)) [0269.692] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.723] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.723] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.723] GetCurrentThreadId () returned 0x704 [0269.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x229ad350, dwHighDateTime=0x1d6076d)) [0269.723] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.754] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.754] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.754] GetCurrentThreadId () returned 0x704 [0269.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x229f9610, dwHighDateTime=0x1d6076d)) [0269.754] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.786] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.786] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.786] GetCurrentThreadId () returned 0x704 [0269.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22a458d0, dwHighDateTime=0x1d6076d)) [0269.786] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.817] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.817] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.817] GetCurrentThreadId () returned 0x704 [0269.817] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22a91b90, dwHighDateTime=0x1d6076d)) [0269.817] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.848] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.848] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.848] GetCurrentThreadId () returned 0x704 [0269.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22adde50, dwHighDateTime=0x1d6076d)) [0269.848] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.879] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.879] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.879] GetCurrentThreadId () returned 0x704 [0269.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22b2a110, dwHighDateTime=0x1d6076d)) [0269.879] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.910] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.910] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.910] GetCurrentThreadId () returned 0x704 [0269.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22b763d0, dwHighDateTime=0x1d6076d)) [0269.911] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.942] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.942] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.942] GetCurrentThreadId () returned 0x704 [0269.942] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22bc2690, dwHighDateTime=0x1d6076d)) [0269.942] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0269.983] TranslateMessage (lpMsg=0x40f83c) returned 0 [0269.983] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0269.983] GetCurrentThreadId () returned 0x704 [0269.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22c0e950, dwHighDateTime=0x1d6076d)) [0269.983] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.004] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.004] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.004] GetCurrentThreadId () returned 0x704 [0270.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22c5ac10, dwHighDateTime=0x1d6076d)) [0270.004] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.036] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.036] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.036] GetCurrentThreadId () returned 0x704 [0270.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22ca6ed0, dwHighDateTime=0x1d6076d)) [0270.036] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.066] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.066] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.066] GetCurrentThreadId () returned 0x704 [0270.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22cf3190, dwHighDateTime=0x1d6076d)) [0270.067] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.098] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.098] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.098] GetCurrentThreadId () returned 0x704 [0270.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22d3f450, dwHighDateTime=0x1d6076d)) [0270.098] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.129] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.129] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.129] GetCurrentThreadId () returned 0x704 [0270.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22d8b710, dwHighDateTime=0x1d6076d)) [0270.129] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.160] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.160] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.160] GetCurrentThreadId () returned 0x704 [0270.160] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22dd79d0, dwHighDateTime=0x1d6076d)) [0270.160] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.191] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.191] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.191] GetCurrentThreadId () returned 0x704 [0270.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22e23c90, dwHighDateTime=0x1d6076d)) [0270.191] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.223] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.223] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.223] GetCurrentThreadId () returned 0x704 [0270.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22e6ff50, dwHighDateTime=0x1d6076d)) [0270.223] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.254] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.254] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.254] GetCurrentThreadId () returned 0x704 [0270.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22ebc210, dwHighDateTime=0x1d6076d)) [0270.254] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.285] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.285] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.285] GetCurrentThreadId () returned 0x704 [0270.285] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22f084d0, dwHighDateTime=0x1d6076d)) [0270.285] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.316] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.316] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.316] GetCurrentThreadId () returned 0x704 [0270.316] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22f54790, dwHighDateTime=0x1d6076d)) [0270.316] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.347] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.347] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.347] GetCurrentThreadId () returned 0x704 [0270.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22fa0a50, dwHighDateTime=0x1d6076d)) [0270.348] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.378] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.378] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.379] GetCurrentThreadId () returned 0x704 [0270.379] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x22fecd10, dwHighDateTime=0x1d6076d)) [0270.379] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.410] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.410] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.410] GetCurrentThreadId () returned 0x704 [0270.410] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23038fd0, dwHighDateTime=0x1d6076d)) [0270.410] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.441] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.441] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.441] GetCurrentThreadId () returned 0x704 [0270.441] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23085290, dwHighDateTime=0x1d6076d)) [0270.441] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.473] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.473] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.473] GetCurrentThreadId () returned 0x704 [0270.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x230d1550, dwHighDateTime=0x1d6076d)) [0270.474] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.503] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.503] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.503] GetCurrentThreadId () returned 0x704 [0270.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2311d810, dwHighDateTime=0x1d6076d)) [0270.503] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.534] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.534] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.534] GetCurrentThreadId () returned 0x704 [0270.534] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23169ad0, dwHighDateTime=0x1d6076d)) [0270.534] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.566] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.566] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.566] GetCurrentThreadId () returned 0x704 [0270.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x231b5d90, dwHighDateTime=0x1d6076d)) [0270.566] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.597] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.597] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.597] GetCurrentThreadId () returned 0x704 [0270.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23202050, dwHighDateTime=0x1d6076d)) [0270.597] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.628] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.628] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.628] GetCurrentThreadId () returned 0x704 [0270.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2324e310, dwHighDateTime=0x1d6076d)) [0270.628] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.659] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.659] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.659] GetCurrentThreadId () returned 0x704 [0270.659] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2329a5d0, dwHighDateTime=0x1d6076d)) [0270.659] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.690] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.690] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.691] GetCurrentThreadId () returned 0x704 [0270.691] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x232e6890, dwHighDateTime=0x1d6076d)) [0270.691] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.722] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.722] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.722] GetCurrentThreadId () returned 0x704 [0270.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23332b50, dwHighDateTime=0x1d6076d)) [0270.722] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.753] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.753] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.753] GetCurrentThreadId () returned 0x704 [0270.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2337ee10, dwHighDateTime=0x1d6076d)) [0270.753] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.786] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.786] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.786] GetCurrentThreadId () returned 0x704 [0270.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x233cb0d0, dwHighDateTime=0x1d6076d)) [0270.786] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.816] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.816] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.816] GetCurrentThreadId () returned 0x704 [0270.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23417390, dwHighDateTime=0x1d6076d)) [0270.816] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.846] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.846] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.846] GetCurrentThreadId () returned 0x704 [0270.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23463650, dwHighDateTime=0x1d6076d)) [0270.847] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.878] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.878] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.878] GetCurrentThreadId () returned 0x704 [0270.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x234af910, dwHighDateTime=0x1d6076d)) [0270.878] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.909] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.909] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.909] GetCurrentThreadId () returned 0x704 [0270.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x234fbbd0, dwHighDateTime=0x1d6076d)) [0270.909] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.940] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.940] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.940] GetCurrentThreadId () returned 0x704 [0270.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23547e90, dwHighDateTime=0x1d6076d)) [0270.940] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0270.992] TranslateMessage (lpMsg=0x40f83c) returned 0 [0270.992] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0270.992] GetCurrentThreadId () returned 0x704 [0270.992] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23594150, dwHighDateTime=0x1d6076d)) [0270.992] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.018] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.018] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.018] GetCurrentThreadId () returned 0x704 [0271.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x235e0410, dwHighDateTime=0x1d6076d)) [0271.018] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.049] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.049] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.049] GetCurrentThreadId () returned 0x704 [0271.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2362c6d0, dwHighDateTime=0x1d6076d)) [0271.050] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.080] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.080] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.081] GetCurrentThreadId () returned 0x704 [0271.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23678990, dwHighDateTime=0x1d6076d)) [0271.081] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.112] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.112] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.112] GetCurrentThreadId () returned 0x704 [0271.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x236c4c50, dwHighDateTime=0x1d6076d)) [0271.112] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.128] GetCurrentThreadId () returned 0x704 [0271.128] GetCurrentThreadId () returned 0x704 [0271.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x236eadb0, dwHighDateTime=0x1d6076d)) [0271.128] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x312, wParam=0x1, lParam=0x0) returned 0x0 [0271.143] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.143] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.143] GetCurrentThreadId () returned 0x704 [0271.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23710f10, dwHighDateTime=0x1d6076d)) [0271.143] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.176] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.176] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.177] GetCurrentThreadId () returned 0x704 [0271.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2375d1d0, dwHighDateTime=0x1d6076d)) [0271.177] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.205] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.205] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.205] GetCurrentThreadId () returned 0x704 [0271.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x237a9490, dwHighDateTime=0x1d6076d)) [0271.205] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.236] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.236] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.237] GetCurrentThreadId () returned 0x704 [0271.237] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x237f5750, dwHighDateTime=0x1d6076d)) [0271.237] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.268] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.268] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.268] GetCurrentThreadId () returned 0x704 [0271.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23841a10, dwHighDateTime=0x1d6076d)) [0271.268] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.299] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.299] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.299] GetCurrentThreadId () returned 0x704 [0271.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2388dcd0, dwHighDateTime=0x1d6076d)) [0271.299] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.336] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.336] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.336] GetCurrentThreadId () returned 0x704 [0271.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x238d9f90, dwHighDateTime=0x1d6076d)) [0271.336] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.361] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.361] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.361] GetCurrentThreadId () returned 0x704 [0271.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23926250, dwHighDateTime=0x1d6076d)) [0271.361] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.393] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.393] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.393] GetCurrentThreadId () returned 0x704 [0271.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23972510, dwHighDateTime=0x1d6076d)) [0271.393] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.424] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.424] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.424] GetCurrentThreadId () returned 0x704 [0271.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x239be7d0, dwHighDateTime=0x1d6076d)) [0271.424] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.455] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.455] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.455] GetCurrentThreadId () returned 0x704 [0271.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23a0aa90, dwHighDateTime=0x1d6076d)) [0271.455] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.486] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.486] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.486] GetCurrentThreadId () returned 0x704 [0271.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23a56d50, dwHighDateTime=0x1d6076d)) [0271.486] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.517] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.517] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.517] GetCurrentThreadId () returned 0x704 [0271.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23aa3010, dwHighDateTime=0x1d6076d)) [0271.517] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.548] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.548] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.548] GetCurrentThreadId () returned 0x704 [0271.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23aef2d0, dwHighDateTime=0x1d6076d)) [0271.549] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.580] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.580] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.580] GetCurrentThreadId () returned 0x704 [0271.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23b3b590, dwHighDateTime=0x1d6076d)) [0271.580] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.611] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.611] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.611] GetCurrentThreadId () returned 0x704 [0271.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23b87850, dwHighDateTime=0x1d6076d)) [0271.611] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.642] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.642] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.642] GetCurrentThreadId () returned 0x704 [0271.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23bd3b10, dwHighDateTime=0x1d6076d)) [0271.642] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.674] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.674] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.674] GetCurrentThreadId () returned 0x704 [0271.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23c1fdd0, dwHighDateTime=0x1d6076d)) [0271.674] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.712] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.712] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.712] GetCurrentThreadId () returned 0x704 [0271.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23c6c090, dwHighDateTime=0x1d6076d)) [0271.712] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.736] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.736] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.736] GetCurrentThreadId () returned 0x704 [0271.736] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23cb8350, dwHighDateTime=0x1d6076d)) [0271.736] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.769] GetCurrentThreadId () returned 0x704 [0271.769] GetCurrentThreadId () returned 0x704 [0271.769] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x23d04610, dwHighDateTime=0x1d6076d)) [0271.770] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x84, wParam=0x0, lParam=0x2ed038f) returned 0x1 [0271.770] GetCurrentThreadId () returned 0x704 [0271.770] GetCurrentThreadId () returned 0x704 [0271.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x23d04610, dwHighDateTime=0x1d6076d)) [0271.770] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x20, wParam=0x400fa, lParam=0x2000001) returned 0x0 [0271.770] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.770] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0271.770] GetCurrentThreadId () returned 0x704 [0271.770] GetCurrentThreadId () returned 0x704 [0271.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fc08 | out: lpSystemTimeAsFileTime=0x520fc08*(dwLowDateTime=0x23d04610, dwHighDateTime=0x1d6076d)) [0271.770] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0271.770] SetClassLongA (hWnd=0x400fa, nIndex=-12, dwNewLong=65539) returned 0x10003 [0271.770] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x200, wParam=0x0, lParam=0x2ed038f) returned 0x0 [0271.770] GetCurrentThreadId () returned 0x704 [0271.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23d04610, dwHighDateTime=0x1d6076d)) [0271.770] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.770] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.770] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.771] GetCurrentThreadId () returned 0x704 [0271.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23d04610, dwHighDateTime=0x1d6076d)) [0271.771] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.798] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.798] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.798] GetCurrentThreadId () returned 0x704 [0271.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23d508d0, dwHighDateTime=0x1d6076d)) [0271.798] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.829] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.829] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.829] GetCurrentThreadId () returned 0x704 [0271.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23d9cb90, dwHighDateTime=0x1d6076d)) [0271.829] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.860] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.860] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.860] GetCurrentThreadId () returned 0x704 [0271.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23de8e50, dwHighDateTime=0x1d6076d)) [0271.861] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.892] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.892] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.892] GetCurrentThreadId () returned 0x704 [0271.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23e35110, dwHighDateTime=0x1d6076d)) [0271.892] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.923] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.923] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.923] GetCurrentThreadId () returned 0x704 [0271.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23e813d0, dwHighDateTime=0x1d6076d)) [0271.923] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.954] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.954] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.954] GetCurrentThreadId () returned 0x704 [0271.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23ecd690, dwHighDateTime=0x1d6076d)) [0271.954] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0271.999] TranslateMessage (lpMsg=0x40f83c) returned 0 [0271.999] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0271.999] GetCurrentThreadId () returned 0x704 [0271.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23f19950, dwHighDateTime=0x1d6076d)) [0271.999] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.016] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.016] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.016] GetCurrentThreadId () returned 0x704 [0272.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23f65c10, dwHighDateTime=0x1d6076d)) [0272.017] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.048] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.048] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.048] GetCurrentThreadId () returned 0x704 [0272.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23fb1ed0, dwHighDateTime=0x1d6076d)) [0272.048] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.079] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.079] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.079] GetCurrentThreadId () returned 0x704 [0272.079] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x23ffe190, dwHighDateTime=0x1d6076d)) [0272.079] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.110] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.110] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.110] GetCurrentThreadId () returned 0x704 [0272.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2404a450, dwHighDateTime=0x1d6076d)) [0272.111] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.141] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.141] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.141] GetCurrentThreadId () returned 0x704 [0272.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24096710, dwHighDateTime=0x1d6076d)) [0272.141] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.175] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.175] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.175] GetCurrentThreadId () returned 0x704 [0272.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x240e29d0, dwHighDateTime=0x1d6076d)) [0272.175] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.204] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.204] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.204] GetCurrentThreadId () returned 0x704 [0272.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2412ec90, dwHighDateTime=0x1d6076d)) [0272.204] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.235] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.235] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.235] GetCurrentThreadId () returned 0x704 [0272.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2417af50, dwHighDateTime=0x1d6076d)) [0272.235] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.266] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.266] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.266] GetCurrentThreadId () returned 0x704 [0272.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x241c7210, dwHighDateTime=0x1d6076d)) [0272.266] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.297] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.297] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.298] GetCurrentThreadId () returned 0x704 [0272.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x242134d0, dwHighDateTime=0x1d6076d)) [0272.298] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.328] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.328] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.328] GetCurrentThreadId () returned 0x704 [0272.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2425f790, dwHighDateTime=0x1d6076d)) [0272.328] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.359] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.360] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.360] GetCurrentThreadId () returned 0x704 [0272.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x242aba50, dwHighDateTime=0x1d6076d)) [0272.360] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.391] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.391] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.391] GetCurrentThreadId () returned 0x704 [0272.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x242f7d10, dwHighDateTime=0x1d6076d)) [0272.391] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.422] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.422] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.422] GetCurrentThreadId () returned 0x704 [0272.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24343fd0, dwHighDateTime=0x1d6076d)) [0272.422] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.454] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.454] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.454] GetCurrentThreadId () returned 0x704 [0272.454] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24390290, dwHighDateTime=0x1d6076d)) [0272.454] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.484] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.485] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.485] GetCurrentThreadId () returned 0x704 [0272.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x243dc550, dwHighDateTime=0x1d6076d)) [0272.485] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.516] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.516] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.516] GetCurrentThreadId () returned 0x704 [0272.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24428810, dwHighDateTime=0x1d6076d)) [0272.516] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.547] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.547] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.547] GetCurrentThreadId () returned 0x704 [0272.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24474ad0, dwHighDateTime=0x1d6076d)) [0272.547] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.578] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.578] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.578] GetCurrentThreadId () returned 0x704 [0272.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x244c0d90, dwHighDateTime=0x1d6076d)) [0272.578] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.609] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.609] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.609] GetCurrentThreadId () returned 0x704 [0272.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2450d050, dwHighDateTime=0x1d6076d)) [0272.609] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.640] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.640] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.640] GetCurrentThreadId () returned 0x704 [0272.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24559310, dwHighDateTime=0x1d6076d)) [0272.641] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.672] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.672] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.672] GetCurrentThreadId () returned 0x704 [0272.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x245a55d0, dwHighDateTime=0x1d6076d)) [0272.672] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.703] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.703] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.703] GetCurrentThreadId () returned 0x704 [0272.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x245f1890, dwHighDateTime=0x1d6076d)) [0272.703] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.734] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.734] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.734] GetCurrentThreadId () returned 0x704 [0272.734] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2463db50, dwHighDateTime=0x1d6076d)) [0272.734] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.765] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.765] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.765] GetCurrentThreadId () returned 0x704 [0272.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24689e10, dwHighDateTime=0x1d6076d)) [0272.765] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.797] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.797] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.797] GetCurrentThreadId () returned 0x704 [0272.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x246d60d0, dwHighDateTime=0x1d6076d)) [0272.797] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.828] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.828] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.828] GetCurrentThreadId () returned 0x704 [0272.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24722390, dwHighDateTime=0x1d6076d)) [0272.828] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.845] GetCurrentThreadId () returned 0x704 [0272.845] GetCurrentThreadId () returned 0x704 [0272.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x247484f0, dwHighDateTime=0x1d6076d)) [0272.846] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x84, wParam=0x0, lParam=0x22f0059) returned 0x1 [0272.846] GetCurrentThreadId () returned 0x704 [0272.846] GetCurrentThreadId () returned 0x704 [0272.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x247484f0, dwHighDateTime=0x1d6076d)) [0272.846] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x20, wParam=0x400fa, lParam=0x2000001) returned 0x0 [0272.846] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.846] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0272.846] GetCurrentThreadId () returned 0x704 [0272.846] GetCurrentThreadId () returned 0x704 [0272.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fc08 | out: lpSystemTimeAsFileTime=0x520fc08*(dwLowDateTime=0x247484f0, dwHighDateTime=0x1d6076d)) [0272.846] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0272.846] SetClassLongA (hWnd=0x400fa, nIndex=-12, dwNewLong=65539) returned 0x10003 [0272.846] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x200, wParam=0x0, lParam=0x22f0059) returned 0x0 [0272.846] GetCurrentThreadId () returned 0x704 [0272.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x247484f0, dwHighDateTime=0x1d6076d)) [0272.846] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.859] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.859] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.859] GetCurrentThreadId () returned 0x704 [0272.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2476e650, dwHighDateTime=0x1d6076d)) [0272.859] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.890] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.890] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.890] GetCurrentThreadId () returned 0x704 [0272.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x247ba910, dwHighDateTime=0x1d6076d)) [0272.890] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.921] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.921] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.921] GetCurrentThreadId () returned 0x704 [0272.921] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24806bd0, dwHighDateTime=0x1d6076d)) [0272.922] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.953] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.953] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.953] GetCurrentThreadId () returned 0x704 [0272.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24852e90, dwHighDateTime=0x1d6076d)) [0272.953] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0272.990] TranslateMessage (lpMsg=0x40f83c) returned 0 [0272.990] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0272.990] GetCurrentThreadId () returned 0x704 [0272.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2489f150, dwHighDateTime=0x1d6076d)) [0272.991] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.015] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.015] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.015] GetCurrentThreadId () returned 0x704 [0273.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x248eb410, dwHighDateTime=0x1d6076d)) [0273.015] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.046] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.046] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.046] GetCurrentThreadId () returned 0x704 [0273.046] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x249376d0, dwHighDateTime=0x1d6076d)) [0273.046] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.077] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.077] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.077] GetCurrentThreadId () returned 0x704 [0273.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24983990, dwHighDateTime=0x1d6076d)) [0273.077] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.108] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.108] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.108] GetCurrentThreadId () returned 0x704 [0273.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x249cfc50, dwHighDateTime=0x1d6076d)) [0273.109] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.140] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.140] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.140] GetCurrentThreadId () returned 0x704 [0273.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24a1bf10, dwHighDateTime=0x1d6076d)) [0273.140] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.171] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.171] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.171] GetCurrentThreadId () returned 0x704 [0273.171] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24a681d0, dwHighDateTime=0x1d6076d)) [0273.171] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.202] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.202] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.202] GetCurrentThreadId () returned 0x704 [0273.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24ab4490, dwHighDateTime=0x1d6076d)) [0273.202] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.233] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.233] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.233] GetCurrentThreadId () returned 0x704 [0273.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24b00750, dwHighDateTime=0x1d6076d)) [0273.234] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.264] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.265] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.265] GetCurrentThreadId () returned 0x704 [0273.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24b4ca10, dwHighDateTime=0x1d6076d)) [0273.265] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.296] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.296] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.296] GetCurrentThreadId () returned 0x704 [0273.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24b98cd0, dwHighDateTime=0x1d6076d)) [0273.296] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.327] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.327] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.327] GetCurrentThreadId () returned 0x704 [0273.327] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24be4f90, dwHighDateTime=0x1d6076d)) [0273.327] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.358] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.358] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.358] GetCurrentThreadId () returned 0x704 [0273.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24c31250, dwHighDateTime=0x1d6076d)) [0273.358] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.389] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.389] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.389] GetCurrentThreadId () returned 0x704 [0273.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24c7d510, dwHighDateTime=0x1d6076d)) [0273.389] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.421] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.421] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.421] GetCurrentThreadId () returned 0x704 [0273.421] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24cc97d0, dwHighDateTime=0x1d6076d)) [0273.421] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.452] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.452] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.452] GetCurrentThreadId () returned 0x704 [0273.452] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24d15a90, dwHighDateTime=0x1d6076d)) [0273.452] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.483] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.483] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.483] GetCurrentThreadId () returned 0x704 [0273.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24d61d50, dwHighDateTime=0x1d6076d)) [0273.483] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.514] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.514] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.514] GetCurrentThreadId () returned 0x704 [0273.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24dae010, dwHighDateTime=0x1d6076d)) [0273.514] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.545] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.545] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.545] GetCurrentThreadId () returned 0x704 [0273.545] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24dfa2d0, dwHighDateTime=0x1d6076d)) [0273.545] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.576] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.576] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.576] GetCurrentThreadId () returned 0x704 [0273.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24e46590, dwHighDateTime=0x1d6076d)) [0273.577] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.608] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.608] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.608] GetCurrentThreadId () returned 0x704 [0273.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24e92850, dwHighDateTime=0x1d6076d)) [0273.608] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.639] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.639] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.639] GetCurrentThreadId () returned 0x704 [0273.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24edeb10, dwHighDateTime=0x1d6076d)) [0273.639] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.670] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.671] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.671] GetCurrentThreadId () returned 0x704 [0273.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24f2add0, dwHighDateTime=0x1d6076d)) [0273.671] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.701] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.701] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.701] GetCurrentThreadId () returned 0x704 [0273.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24f77090, dwHighDateTime=0x1d6076d)) [0273.701] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.732] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.732] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.733] GetCurrentThreadId () returned 0x704 [0273.733] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x24fc3350, dwHighDateTime=0x1d6076d)) [0273.733] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.764] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.764] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.764] GetCurrentThreadId () returned 0x704 [0273.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2500f610, dwHighDateTime=0x1d6076d)) [0273.764] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.795] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.795] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.795] GetCurrentThreadId () returned 0x704 [0273.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2505b8d0, dwHighDateTime=0x1d6076d)) [0273.795] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.826] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.826] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.826] GetCurrentThreadId () returned 0x704 [0273.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x250a7b90, dwHighDateTime=0x1d6076d)) [0273.826] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.857] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.857] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.857] GetCurrentThreadId () returned 0x704 [0273.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x250f3e50, dwHighDateTime=0x1d6076d)) [0273.857] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.888] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.888] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.888] GetCurrentThreadId () returned 0x704 [0273.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25140110, dwHighDateTime=0x1d6076d)) [0273.889] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.920] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.920] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.920] GetCurrentThreadId () returned 0x704 [0273.920] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2518c3d0, dwHighDateTime=0x1d6076d)) [0273.920] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0273.951] TranslateMessage (lpMsg=0x40f83c) returned 0 [0273.951] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0273.951] GetCurrentThreadId () returned 0x704 [0273.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x251d8690, dwHighDateTime=0x1d6076d)) [0273.951] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.002] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.002] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.002] GetCurrentThreadId () returned 0x704 [0274.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2524aab0, dwHighDateTime=0x1d6076d)) [0274.002] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.029] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.029] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.029] GetCurrentThreadId () returned 0x704 [0274.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25296d70, dwHighDateTime=0x1d6076d)) [0274.029] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.060] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.060] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.060] GetCurrentThreadId () returned 0x704 [0274.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x252e3030, dwHighDateTime=0x1d6076d)) [0274.060] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.087] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.087] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0274.087] GetCurrentThreadId () returned 0x704 [0274.087] GetCurrentThreadId () returned 0x704 [0274.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb54 | out: lpSystemTimeAsFileTime=0x520fb54*(dwLowDateTime=0x25309190, dwHighDateTime=0x1d6076d)) [0274.087] BeginPaint (in: hWnd=0x400fa, lpPaint=0x520fcc0 | out: lpPaint=0x520fcc0) returned 0xf0107c0 [0274.087] CreateFontIndirectA (lplf=0x44b444) returned 0x2d0a06b0 [0274.087] SelectObject (hdc=0xf0107c0, h=0x2d0a06b0) returned 0x18a002e [0274.087] SetBkColor (hdc=0xf0107c0, color=0xe8e8e8) returned 0xffffff [0274.087] SetTextColor (hdc=0xf0107c0, color=0xf5f5f5) returned 0x0 [0274.087] DeleteObject (ho=0x2d0a06b0) returned 1 [0274.087] CreateFontIndirectA (lplf=0x44b2a0) returned 0xd0a06c5 [0274.087] SelectObject (hdc=0xf0107c0, h=0xd0a06c5) returned 0x2d0a06b0 [0274.087] SetBkColor (hdc=0xf0107c0, color=0x333333) returned 0xe8e8e8 [0274.087] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xf5f5f5 [0274.087] DeleteObject (ho=0xd0a06c5) returned 1 [0274.087] CreateFontIndirectA (lplf=0x44b1b0) returned 0x2e0a06b0 [0274.087] SelectObject (hdc=0xf0107c0, h=0x2e0a06b0) returned 0xd0a06c5 [0274.088] SetBkColor (hdc=0xf0107c0, color=0x333333) returned 0x333333 [0274.088] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0274.088] CreateSolidBrush (color=0x96) returned 0x141006af [0274.088] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x141006af) returned 1 [0274.088] DeleteObject (ho=0x141006af) returned 1 [0274.088] CreateSolidBrush (color=0x96) returned 0x2a100775 [0274.088] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x2a100775) returned 1 [0274.088] DeleteObject (ho=0x2a100775) returned 1 [0274.088] CreateSolidBrush (color=0x96) returned 0xd810016f [0274.088] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0xd810016f) returned 1 [0274.088] DeleteObject (ho=0xd810016f) returned 1 [0274.088] CreateSolidBrush (color=0x96) returned 0x9c1001e0 [0274.088] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x9c1001e0) returned 1 [0274.088] DeleteObject (ho=0x9c1001e0) returned 1 [0274.088] CreateSolidBrush (color=0xffffff) returned 0xc1006bb [0274.088] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0xc1006bb) returned 1 [0274.088] DeleteObject (ho=0xc1006bb) returned 1 [0274.088] CreateSolidBrush (color=0x0) returned 0xe1006c5 [0274.089] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0xe1006c5) returned 1 [0274.089] DeleteObject (ho=0xe1006c5) returned 1 [0274.089] DeleteObject (ho=0x2e0a06b0) returned 1 [0274.089] CreateFontIndirectA (lplf=0x44b4bc) returned 0x30a06c6 [0274.089] SelectObject (hdc=0xf0107c0, h=0x30a06c6) returned 0x2e0a06b0 [0274.089] SetBkColor (hdc=0xf0107c0, color=0x321200) returned 0x333333 [0274.089] SetTextColor (hdc=0xf0107c0, color=0x877873) returned 0xffffff [0274.089] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x877873 [0274.089] SetBkColor (hdc=0xf0107c0, color=0x96) returned 0x321200 [0274.089] TextOutA (hdc=0xf0107c0, x=230, y=17, lpString="Unauthorized or pirated software has been detected. Your system has been blocked under the authority of 17 U.S.C s.506This computer contains pirated software and has been blocked by ICE-Homeland Security Investigations.Your computer is now blocked.As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=118) returned 1 [0274.089] DeleteObject (ho=0x30a06c6) returned 1 [0274.089] CreateFontIndirectA (lplf=0x44b3cc) returned 0x300a06b0 [0274.089] SelectObject (hdc=0xf0107c0, h=0x300a06b0) returned 0x30a06c6 [0274.089] SetBkColor (hdc=0xf0107c0, color=0x0) returned 0x96 [0274.090] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0274.090] TextOutW (hdc=0xf0107c0, x=225, y=705, lpString="Operation Global III is a coordinated effort by U.S., Canadian, European, Australian, New ZealandEnglish", c=97) returned 1 [0274.090] TextOutA (hdc=0xf0107c0, x=225, y=725, lpString="and other law enforcement agencies across the globe targeting computers with pirated content.O", c=93) returned 1 [0274.090] DeleteObject (ho=0x300a06b0) returned 1 [0274.090] BitBlt (hdc=0xf0107c0, x=235, y=70, cx=300, cy=300, hdcSrc=0x140100d1, x1=0, y1=0, rop=0xcc0020) returned 1 [0274.090] BitBlt (hdc=0xf0107c0, x=1050, y=55, cx=300, cy=300, hdcSrc=0x0, x1=0, y1=0, rop=0xcc0020) returned 0 [0274.090] BitBlt (hdc=0xf0107c0, x=525, y=60, cx=300, cy=300, hdcSrc=0x40101c1, x1=0, y1=0, rop=0xcc0020) returned 1 [0274.091] BitBlt (hdc=0xf0107c0, x=705, y=60, cx=300, cy=300, hdcSrc=0xae0101fa, x1=0, y1=0, rop=0xcc0020) returned 1 [0274.091] BitBlt (hdc=0xf0107c0, x=890, y=60, cx=300, cy=300, hdcSrc=0x9a010771, x1=0, y1=0, rop=0xcc0020) returned 1 [0274.091] CreateSolidBrush (color=0xd2) returned 0x151006af [0274.091] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x151006af) returned 1 [0274.092] DeleteObject (ho=0x151006af) returned 1 [0274.092] BitBlt (hdc=0xf0107c0, x=360, y=550, cx=600, cy=30, hdcSrc=0x3010770, x1=0, y1=0, rop=0xcc0020) returned 1 [0274.092] CreateFontIndirectA (lplf=0x44b444) returned 0x60a06c6 [0274.092] SelectObject (hdc=0xf0107c0, h=0x60a06c6) returned 0x300a06b0 [0274.092] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0274.092] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xffffff [0274.092] SetTextColor (hdc=0xf0107c0, color=0xf0) returned 0x0 [0274.092] DrawTextA (in: hdc=0xf0107c0, lpchText="Willful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="Willful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0274.094] DrawTextA (in: hdc=0xf0107c0, lpchText="federal prison, a $250,000 fine, forfeiture and restitution (17 U.S.C s.506, 18 U.S.C s.2319)", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="federal prison, a $250,000 fine, forfeiture and restitution (17 U.S.C s.506, 18 U.S.C s.2319)", lprc=0x520fcac) returned 22 [0274.095] DeleteObject (ho=0x60a06c6) returned 1 [0274.095] CreateFontIndirectA (lplf=0x44b2a0) returned 0x350a06b0 [0274.095] SelectObject (hdc=0xf0107c0, h=0x350a06b0) returned 0x60a06c6 [0274.095] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0274.095] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xf0 [0274.095] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0274.095] DeleteObject (ho=0x350a06b0) returned 1 [0274.095] CreateFontIndirectA (lplf=0x44b390) returned 0x70a06c6 [0274.095] SelectObject (hdc=0xf0107c0, h=0x70a06c6) returned 0x350a06b0 [0274.095] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0274.095] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0274.095] DrawTextA (in: hdc=0xf0107c0, lpchText="Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 15 [0274.096] TextOutA (hdc=0xf0107c0, x=240, y=618, lpString="Any attempt to remove this message will damage your files, hardware and Windows installation. The NSB has two ways to pay a fine:1.You can pay the fine online through BitCoin. BitCoin is available nationwide.Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=93) returned 1 [0274.096] DeleteObject (ho=0x70a06c6) returned 1 [0274.096] CreateFontIndirectA (lplf=0x44b228) returned 0x390a06b0 [0274.097] SelectObject (hdc=0xf0107c0, h=0x390a06b0) returned 0x70a06c6 [0274.097] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0274.097] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0274.097] TextOutA (hdc=0xf0107c0, x=240, y=320, lpString="If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=85) returned 1 [0274.097] TextOutA (hdc=0xf0107c0, x=240, y=340, lpString="which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=107) returned 1 [0274.097] DeleteObject (ho=0x390a06b0) returned 1 [0274.097] CreateFontIndirectA (lplf=0x44b480) returned 0xa0a06c6 [0274.097] SelectObject (hdc=0xf0107c0, h=0xa0a06c6) returned 0x390a06b0 [0274.097] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0274.097] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0274.097] DrawTextA (in: hdc=0xf0107c0, lpchText="View encrypted files", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="View encrypted files", lprc=0x520fcac) returned 15 [0274.098] DeleteObject (ho=0xa0a06c6) returned 1 [0274.098] CreateFontIndirectA (lplf=0x44b2a0) returned 0x3d0a06b0 [0274.098] SelectObject (hdc=0xf0107c0, h=0x3d0a06b0) returned 0xa0a06c6 [0274.098] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0274.098] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0274.098] DeleteObject (ho=0x3d0a06b0) returned 1 [0274.098] CreateFontIndirectA (lplf=0x44b228) returned 0xb0a06c6 [0274.098] SelectObject (hdc=0xf0107c0, h=0xb0a06c6) returned 0x3d0a06b0 [0274.098] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0274.098] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0274.098] DrawTextA (in: hdc=0xf0107c0, lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=65, lprc=0x520fcac, format=0x400 | out: lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 17 [0274.098] DrawTextA (in: hdc=0xf0107c0, lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=65, lprc=0x520fcac, format=0x0 | out: lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 17 [0274.098] DrawTextA (in: hdc=0xf0107c0, lpchText="500 USD 2", cchText=12, lprc=0x520fcac, format=0x400 | out: lpchText="500 USD 2", lprc=0x520fcac) returned 17 [0274.099] DrawTextA (in: hdc=0xf0107c0, lpchText="500 USD 2", cchText=12, lprc=0x520fcac, format=0x0 | out: lpchText="500 USD 2", lprc=0x520fcac) returned 17 [0274.099] TextOutA (hdc=0xf0107c0, x=800, y=300, lpString=" Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=1) returned 1 [0274.099] TextOutA (hdc=0xf0107c0, x=240, y=360, lpString="There are two ways to pay a fine:Unauthorized or pirated software has been detected. Your system has been blocked under the authority of 17 U.S.C s.506This computer contains pirated software and has been blocked by ICE-Homeland Security Investigations.Your computer is now blocked.As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=33) returned 1 [0274.099] TextOutA (hdc=0xf0107c0, x=240, y=380, lpString="1.You can pay the fine online through BitCoin. BitCoin is available nationwide.Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=79) returned 1 [0274.099] TextOutA (hdc=0xf0107c0, x=240, y=400, lpString="Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=108) returned 1 [0274.099] TextOutA (hdc=0xf0107c0, x=240, y=420, lpString="2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=99) returned 1 [0274.100] TextOutA (hdc=0xf0107c0, x=240, y=440, lpString="Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=55) returned 1 [0274.100] TextOutA (hdc=0xf0107c0, x=240, y=460, lpString="To regain access now transfer BitCoins to the following address (click to copy): 1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", c=81) returned 1 [0274.100] DrawTextA (in: hdc=0xf0107c0, lpchText="1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", lprc=0x520fcac) returned 17 [0274.101] TextOutA (hdc=0xf0107c0, x=870, y=525, lpString=" processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=1) returned 1 [0274.101] TextOutA (hdc=0xf0107c0, x=240, y=500, lpString="After the payment is finalized enter Transfer ID below.BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", c=55) returned 1 [0274.101] TextOutA (hdc=0xf0107c0, x=360, y=525, lpString="Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=12) returned 1 [0274.101] TextOutA (hdc=0xf0107c0, x=240, y=525, lpString="Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=7) returned 1 [0274.101] DrawTextA (in: hdc=0xf0107c0, lpchText="BTC 2.369", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="BTC 2.369", lprc=0x520fcac) returned 17 [0274.101] DeleteObject (ho=0xb0a06c6) returned 1 [0274.102] CreateFontIndirectA (lplf=0x44b264) returned 0x510a06b0 [0274.102] SelectObject (hdc=0xf0107c0, h=0x510a06b0) returned 0xb0a06c6 [0274.102] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0274.102] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0274.102] SetBkColor (hdc=0xf0107c0, color=0xd2) returned 0xffffff [0274.102] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0274.102] TextOutA (hdc=0xf0107c0, x=1061, y=556, lpString="PAY FINE\x19", c=8) returned 1 [0274.102] DeleteObject (ho=0x510a06b0) returned 1 [0274.102] CreateFontIndirectA (lplf=0x44b228) returned 0xc0a06c6 [0274.102] SelectObject (hdc=0xf0107c0, h=0xc0a06c6) returned 0x510a06b0 [0274.102] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xd2 [0274.102] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xffffff [0274.102] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0274.102] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0274.102] TextOutA (hdc=0xf0107c0, x=365, y=556, lpString="|", c=1) returned 1 [0274.102] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0274.102] DeleteObject (ho=0xc0a06c6) returned 1 [0274.102] CreateSolidBrush (color=0xc4c4c4) returned 0x161006af [0274.102] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x161006af) returned 1 [0274.102] DeleteObject (ho=0x161006af) returned 1 [0274.102] CreateFontIndirectA (lplf=0x44b2dc) returned 0x530a06b0 [0274.102] SelectObject (hdc=0xf0107c0, h=0x530a06b0) returned 0xc0a06c6 [0274.103] SetBkColor (hdc=0xf0107c0, color=0xc4c4c4) returned 0xffffff [0274.103] SetTextColor (hdc=0xf0107c0, color=0x666666) returned 0xffffff [0274.103] DrawTextA (in: hdc=0xf0107c0, lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0274.103] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", cchText=19, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", lprc=0x520fcac) returned 22 [0274.103] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin ExchangesBitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=17, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin ExchangesBitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0274.104] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=11, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0274.104] DrawTextA (in: hdc=0xf0107c0, lpchText="Internet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=16, lprc=0x520fcac, format=0x25 | out: lpchText="Internet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0274.104] DrawTextA (in: hdc=0xf0107c0, lpchText="NotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="NotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0274.105] DeleteObject (ho=0x530a06b0) returned 1 [0274.105] CreateSolidBrush (color=0xffffff) returned 0x171006af [0274.105] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x171006af) returned 1 [0274.105] DeleteObject (ho=0x171006af) returned 1 [0274.105] CreateFontIndirectA (lplf=0x44b2dc) returned 0x1f0a06c6 [0274.105] SelectObject (hdc=0xf0107c0, h=0x1f0a06c6) returned 0x530a06b0 [0274.105] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xc4c4c4 [0274.105] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x666666 [0274.105] DrawTextA (in: hdc=0xf0107c0, lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0274.105] DeleteObject (ho=0x1f0a06c6) returned 1 [0274.105] EndPaint (hWnd=0x400fa, lpPaint=0x520fcc0) returned 1 [0274.105] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x0 [0274.106] GetCurrentThreadId () returned 0x704 [0274.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2532f2f0, dwHighDateTime=0x1d6076d)) [0274.106] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.106] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.106] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.106] GetCurrentThreadId () returned 0x704 [0274.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2532f2f0, dwHighDateTime=0x1d6076d)) [0274.106] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.133] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.133] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.133] GetCurrentThreadId () returned 0x704 [0274.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2537b5b0, dwHighDateTime=0x1d6076d)) [0274.133] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.154] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.154] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.154] GetCurrentThreadId () returned 0x704 [0274.154] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x253c7870, dwHighDateTime=0x1d6076d)) [0274.154] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.185] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.185] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.185] GetCurrentThreadId () returned 0x704 [0274.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25413b30, dwHighDateTime=0x1d6076d)) [0274.185] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.216] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.216] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.216] GetCurrentThreadId () returned 0x704 [0274.216] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2545fdf0, dwHighDateTime=0x1d6076d)) [0274.216] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.247] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.247] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.247] GetCurrentThreadId () returned 0x704 [0274.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x254ac0b0, dwHighDateTime=0x1d6076d)) [0274.247] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.278] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.278] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.278] GetCurrentThreadId () returned 0x704 [0274.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x254f8370, dwHighDateTime=0x1d6076d)) [0274.278] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.310] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.310] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.310] GetCurrentThreadId () returned 0x704 [0274.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25544630, dwHighDateTime=0x1d6076d)) [0274.310] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.341] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.341] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.341] GetCurrentThreadId () returned 0x704 [0274.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x255908f0, dwHighDateTime=0x1d6076d)) [0274.341] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.372] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.372] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.372] GetCurrentThreadId () returned 0x704 [0274.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x255dcbb0, dwHighDateTime=0x1d6076d)) [0274.372] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.403] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.403] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.403] GetCurrentThreadId () returned 0x704 [0274.403] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25628e70, dwHighDateTime=0x1d6076d)) [0274.403] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.434] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.434] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.434] GetCurrentThreadId () returned 0x704 [0274.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25675130, dwHighDateTime=0x1d6076d)) [0274.434] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.466] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.466] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.466] GetCurrentThreadId () returned 0x704 [0274.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x256c13f0, dwHighDateTime=0x1d6076d)) [0274.466] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.497] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.497] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.497] GetCurrentThreadId () returned 0x704 [0274.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2570d6b0, dwHighDateTime=0x1d6076d)) [0274.497] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.528] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.528] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.528] GetCurrentThreadId () returned 0x704 [0274.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25759970, dwHighDateTime=0x1d6076d)) [0274.528] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.559] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.559] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.559] GetCurrentThreadId () returned 0x704 [0274.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x257a5c30, dwHighDateTime=0x1d6076d)) [0274.559] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.590] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.590] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.591] GetCurrentThreadId () returned 0x704 [0274.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x257f1ef0, dwHighDateTime=0x1d6076d)) [0274.591] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.622] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.622] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.622] GetCurrentThreadId () returned 0x704 [0274.622] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2583e1b0, dwHighDateTime=0x1d6076d)) [0274.622] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.653] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.653] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.653] GetCurrentThreadId () returned 0x704 [0274.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2588a470, dwHighDateTime=0x1d6076d)) [0274.653] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.684] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.684] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.684] GetCurrentThreadId () returned 0x704 [0274.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x258d6730, dwHighDateTime=0x1d6076d)) [0274.684] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.715] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.715] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.715] GetCurrentThreadId () returned 0x704 [0274.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x259229f0, dwHighDateTime=0x1d6076d)) [0274.715] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.747] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.747] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.747] GetCurrentThreadId () returned 0x704 [0274.747] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2596ecb0, dwHighDateTime=0x1d6076d)) [0274.747] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.777] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.778] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.778] GetCurrentThreadId () returned 0x704 [0274.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x259baf70, dwHighDateTime=0x1d6076d)) [0274.778] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.809] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.809] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.809] GetCurrentThreadId () returned 0x704 [0274.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25a07230, dwHighDateTime=0x1d6076d)) [0274.809] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.840] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.840] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.840] GetCurrentThreadId () returned 0x704 [0274.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25a534f0, dwHighDateTime=0x1d6076d)) [0274.840] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.871] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.871] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.871] GetCurrentThreadId () returned 0x704 [0274.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25a9f7b0, dwHighDateTime=0x1d6076d)) [0274.871] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.902] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.902] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.902] GetCurrentThreadId () returned 0x704 [0274.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25aeba70, dwHighDateTime=0x1d6076d)) [0274.903] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.934] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.934] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.934] GetCurrentThreadId () returned 0x704 [0274.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25b37d30, dwHighDateTime=0x1d6076d)) [0274.934] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0274.972] TranslateMessage (lpMsg=0x40f83c) returned 0 [0274.972] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0274.972] GetCurrentThreadId () returned 0x704 [0274.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25b83ff0, dwHighDateTime=0x1d6076d)) [0274.972] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.012] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.012] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.012] GetCurrentThreadId () returned 0x704 [0275.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25bf6410, dwHighDateTime=0x1d6076d)) [0275.012] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.043] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.043] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.043] GetCurrentThreadId () returned 0x704 [0275.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25c426d0, dwHighDateTime=0x1d6076d)) [0275.043] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.074] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.074] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.074] GetCurrentThreadId () returned 0x704 [0275.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25c8e990, dwHighDateTime=0x1d6076d)) [0275.074] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.105] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.105] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.105] GetCurrentThreadId () returned 0x704 [0275.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25cdac50, dwHighDateTime=0x1d6076d)) [0275.105] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.106] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.106] DispatchMessageA (lpMsg=0x40f83c) returned 0x0 [0275.106] GetCurrentThreadId () returned 0x704 [0275.106] GetCurrentThreadId () returned 0x704 [0275.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb54 | out: lpSystemTimeAsFileTime=0x520fb54*(dwLowDateTime=0x25cdac50, dwHighDateTime=0x1d6076d)) [0275.106] BeginPaint (in: hWnd=0x400fa, lpPaint=0x520fcc0 | out: lpPaint=0x520fcc0) returned 0xf0107c0 [0275.106] CreateFontIndirectA (lplf=0x44b444) returned 0xba0a01a0 [0275.106] SelectObject (hdc=0xf0107c0, h=0xba0a01a0) returned 0x18a002e [0275.106] SetBkColor (hdc=0xf0107c0, color=0xe8e8e8) returned 0xffffff [0275.106] SetTextColor (hdc=0xf0107c0, color=0xf5f5f5) returned 0x0 [0275.106] DeleteObject (ho=0xba0a01a0) returned 1 [0275.106] CreateFontIndirectA (lplf=0x44b2a0) returned 0x270a06bc [0275.106] SelectObject (hdc=0xf0107c0, h=0x270a06bc) returned 0xba0a01a0 [0275.106] SetBkColor (hdc=0xf0107c0, color=0x333333) returned 0xe8e8e8 [0275.106] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xf5f5f5 [0275.106] DeleteObject (ho=0x270a06bc) returned 1 [0275.106] CreateFontIndirectA (lplf=0x44b1b0) returned 0xbb0a01a0 [0275.106] SelectObject (hdc=0xf0107c0, h=0xbb0a01a0) returned 0x270a06bc [0275.106] SetBkColor (hdc=0xf0107c0, color=0x333333) returned 0x333333 [0275.106] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0275.106] CreateSolidBrush (color=0x96) returned 0x181006af [0275.106] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x181006af) returned 1 [0275.106] DeleteObject (ho=0x181006af) returned 1 [0275.106] CreateSolidBrush (color=0x96) returned 0x2b100775 [0275.106] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x2b100775) returned 1 [0275.106] DeleteObject (ho=0x2b100775) returned 1 [0275.106] CreateSolidBrush (color=0x96) returned 0xd910016f [0275.106] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0xd910016f) returned 1 [0275.106] DeleteObject (ho=0xd910016f) returned 1 [0275.106] CreateSolidBrush (color=0x96) returned 0x9d1001e0 [0275.106] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x9d1001e0) returned 1 [0275.107] DeleteObject (ho=0x9d1001e0) returned 1 [0275.107] CreateSolidBrush (color=0xffffff) returned 0xd1006bb [0275.107] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0xd1006bb) returned 1 [0275.107] DeleteObject (ho=0xd1006bb) returned 1 [0275.107] CreateSolidBrush (color=0x0) returned 0xf1006c5 [0275.107] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0xf1006c5) returned 1 [0275.107] DeleteObject (ho=0xf1006c5) returned 1 [0275.107] DeleteObject (ho=0xbb0a01a0) returned 1 [0275.107] CreateFontIndirectA (lplf=0x44b4bc) returned 0x280a06bc [0275.107] SelectObject (hdc=0xf0107c0, h=0x280a06bc) returned 0xbb0a01a0 [0275.107] SetBkColor (hdc=0xf0107c0, color=0x321200) returned 0x333333 [0275.107] SetTextColor (hdc=0xf0107c0, color=0x877873) returned 0xffffff [0275.107] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x877873 [0275.107] SetBkColor (hdc=0xf0107c0, color=0x96) returned 0x321200 [0275.108] TextOutA (hdc=0xf0107c0, x=230, y=17, lpString="Unauthorized or pirated software has been detected. Your system has been blocked under the authority of 17 U.S.C s.506This computer contains pirated software and has been blocked by ICE-Homeland Security Investigations.Your computer is now blocked.As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=118) returned 1 [0275.108] DeleteObject (ho=0x280a06bc) returned 1 [0275.108] CreateFontIndirectA (lplf=0x44b3cc) returned 0xbd0a01a0 [0275.108] SelectObject (hdc=0xf0107c0, h=0xbd0a01a0) returned 0x280a06bc [0275.108] SetBkColor (hdc=0xf0107c0, color=0x0) returned 0x96 [0275.108] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0275.108] TextOutW (hdc=0xf0107c0, x=225, y=705, lpString="Operation Global III is a coordinated effort by U.S., Canadian, European, Australian, New ZealandEnglish", c=97) returned 1 [0275.108] TextOutA (hdc=0xf0107c0, x=225, y=725, lpString="and other law enforcement agencies across the globe targeting computers with pirated content.O", c=93) returned 1 [0275.108] DeleteObject (ho=0xbd0a01a0) returned 1 [0275.108] BitBlt (hdc=0xf0107c0, x=235, y=70, cx=300, cy=300, hdcSrc=0x140100d1, x1=0, y1=0, rop=0xcc0020) returned 1 [0275.109] BitBlt (hdc=0xf0107c0, x=1050, y=55, cx=300, cy=300, hdcSrc=0x0, x1=0, y1=0, rop=0xcc0020) returned 0 [0275.109] BitBlt (hdc=0xf0107c0, x=525, y=60, cx=300, cy=300, hdcSrc=0x40101c1, x1=0, y1=0, rop=0xcc0020) returned 1 [0275.109] BitBlt (hdc=0xf0107c0, x=705, y=60, cx=300, cy=300, hdcSrc=0xae0101fa, x1=0, y1=0, rop=0xcc0020) returned 1 [0275.109] BitBlt (hdc=0xf0107c0, x=890, y=60, cx=300, cy=300, hdcSrc=0x9a010771, x1=0, y1=0, rop=0xcc0020) returned 1 [0275.109] CreateSolidBrush (color=0xd2) returned 0x191006af [0275.109] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x191006af) returned 1 [0275.109] DeleteObject (ho=0x191006af) returned 1 [0275.109] BitBlt (hdc=0xf0107c0, x=360, y=550, cx=600, cy=30, hdcSrc=0x3010770, x1=0, y1=0, rop=0xcc0020) returned 1 [0275.109] CreateFontIndirectA (lplf=0x44b444) returned 0x2b0a06bc [0275.109] SelectObject (hdc=0xf0107c0, h=0x2b0a06bc) returned 0xbd0a01a0 [0275.109] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0275.109] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xffffff [0275.109] SetTextColor (hdc=0xf0107c0, color=0xf0) returned 0x0 [0275.109] DrawTextA (in: hdc=0xf0107c0, lpchText="Willful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="Willful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0275.111] DrawTextA (in: hdc=0xf0107c0, lpchText="federal prison, a $250,000 fine, forfeiture and restitution (17 U.S.C s.506, 18 U.S.C s.2319)", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="federal prison, a $250,000 fine, forfeiture and restitution (17 U.S.C s.506, 18 U.S.C s.2319)", lprc=0x520fcac) returned 22 [0275.112] DeleteObject (ho=0x2b0a06bc) returned 1 [0275.112] CreateFontIndirectA (lplf=0x44b2a0) returned 0xc20a01a0 [0275.112] SelectObject (hdc=0xf0107c0, h=0xc20a01a0) returned 0x2b0a06bc [0275.112] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0275.112] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xf0 [0275.112] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0275.112] DeleteObject (ho=0xc20a01a0) returned 1 [0275.112] CreateFontIndirectA (lplf=0x44b390) returned 0x2c0a06bc [0275.112] SelectObject (hdc=0xf0107c0, h=0x2c0a06bc) returned 0xc20a01a0 [0275.112] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0275.112] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0275.112] DrawTextA (in: hdc=0xf0107c0, lpchText="Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 15 [0275.114] TextOutA (hdc=0xf0107c0, x=240, y=618, lpString="Any attempt to remove this message will damage your files, hardware and Windows installation. The NSB has two ways to pay a fine:1.You can pay the fine online through BitCoin. BitCoin is available nationwide.Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=93) returned 1 [0275.114] DeleteObject (ho=0x2c0a06bc) returned 1 [0275.114] CreateFontIndirectA (lplf=0x44b228) returned 0xc60a01a0 [0275.114] SelectObject (hdc=0xf0107c0, h=0xc60a01a0) returned 0x2c0a06bc [0275.114] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0275.114] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0275.114] TextOutA (hdc=0xf0107c0, x=240, y=320, lpString="If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=85) returned 1 [0275.114] TextOutA (hdc=0xf0107c0, x=240, y=340, lpString="which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=107) returned 1 [0275.114] DeleteObject (ho=0xc60a01a0) returned 1 [0275.115] CreateFontIndirectA (lplf=0x44b480) returned 0x2f0a06bc [0275.115] SelectObject (hdc=0xf0107c0, h=0x2f0a06bc) returned 0xc60a01a0 [0275.115] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0275.115] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0275.115] DrawTextA (in: hdc=0xf0107c0, lpchText="View encrypted files", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="View encrypted files", lprc=0x520fcac) returned 15 [0275.115] DeleteObject (ho=0x2f0a06bc) returned 1 [0275.115] CreateFontIndirectA (lplf=0x44b2a0) returned 0xca0a01a0 [0275.115] SelectObject (hdc=0xf0107c0, h=0xca0a01a0) returned 0x2f0a06bc [0275.115] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0275.115] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0275.115] DeleteObject (ho=0xca0a01a0) returned 1 [0275.115] CreateFontIndirectA (lplf=0x44b228) returned 0x300a06bc [0275.115] SelectObject (hdc=0xf0107c0, h=0x300a06bc) returned 0xca0a01a0 [0275.115] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0275.115] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0275.116] DrawTextA (in: hdc=0xf0107c0, lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=65, lprc=0x520fcac, format=0x400 | out: lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 17 [0275.116] DrawTextA (in: hdc=0xf0107c0, lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", cchText=65, lprc=0x520fcac, format=0x0 | out: lpchText="As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", lprc=0x520fcac) returned 17 [0275.116] DrawTextA (in: hdc=0xf0107c0, lpchText="500 USD 2", cchText=12, lprc=0x520fcac, format=0x400 | out: lpchText="500 USD 2", lprc=0x520fcac) returned 17 [0275.116] DrawTextA (in: hdc=0xf0107c0, lpchText="500 USD 2", cchText=12, lprc=0x520fcac, format=0x0 | out: lpchText="500 USD 2", lprc=0x520fcac) returned 17 [0275.116] TextOutA (hdc=0xf0107c0, x=800, y=300, lpString=" Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=1) returned 1 [0275.116] TextOutA (hdc=0xf0107c0, x=240, y=360, lpString="There are two ways to pay a fine:Unauthorized or pirated software has been detected. Your system has been blocked under the authority of 17 U.S.C s.506This computer contains pirated software and has been blocked by ICE-Homeland Security Investigations.Your computer is now blocked.As a first-time offender you are required by law to pay a fine of Hard drive contents will be permanently removed from this computer if the fine is not paid.Note: Hard drive contents, network files on this computer have been encrypted. Hard drive contents will be inaccessible until the fine is paid.", c=33) returned 1 [0275.116] TextOutA (hdc=0xf0107c0, x=240, y=380, lpString="1.You can pay the fine online through BitCoin. BitCoin is available nationwide.Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=79) returned 1 [0275.116] TextOutA (hdc=0xf0107c0, x=240, y=400, lpString="Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment.2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=108) returned 1 [0275.116] TextOutA (hdc=0xf0107c0, x=240, y=420, lpString="2.(Offline Option) You can come to your local courthouse and pay the fine at the 'Cashiers' window.Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=99) returned 1 [0275.117] TextOutA (hdc=0xf0107c0, x=240, y=440, lpString="Your computer will be unlocked within 4-5 working days.Online fine payments areprocessed by Royal Bank of Canada. processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=55) returned 1 [0275.117] TextOutA (hdc=0xf0107c0, x=240, y=460, lpString="To regain access now transfer BitCoins to the following address (click to copy): 1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", c=81) returned 1 [0275.117] DrawTextA (in: hdc=0xf0107c0, lpchText="1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="1NdR8tEKRBoQ1oiyAPhpuks9Uct6XftEdW", lprc=0x520fcac) returned 17 [0275.118] TextOutA (hdc=0xf0107c0, x=870, y=525, lpString=" processed by Chase Paymentech.If the fine is not paid within three days, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=1) returned 1 [0275.118] TextOutA (hdc=0xf0107c0, x=240, y=500, lpString="After the payment is finalized enter Transfer ID below.BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", c=55) returned 1 [0275.118] TextOutA (hdc=0xf0107c0, x=360, y=525, lpString="Transfer ID:Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=12) returned 1 [0275.118] TextOutA (hdc=0xf0107c0, x=240, y=525, lpString="Amount:BTCPaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", c=7) returned 1 [0275.118] DrawTextA (in: hdc=0xf0107c0, lpchText="BTC 2.369", cchText=-1, lprc=0x520fcac, format=0x10 | out: lpchText="BTC 2.369", lprc=0x520fcac) returned 17 [0275.119] DeleteObject (ho=0x300a06bc) returned 1 [0275.119] CreateFontIndirectA (lplf=0x44b264) returned 0xde0a01a0 [0275.119] SelectObject (hdc=0xf0107c0, h=0xde0a01a0) returned 0x300a06bc [0275.119] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0275.119] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0275.119] SetBkColor (hdc=0xf0107c0, color=0xd2) returned 0xffffff [0275.119] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0275.119] TextOutA (hdc=0xf0107c0, x=1061, y=556, lpString="PAY FINE\x19", c=8) returned 1 [0275.119] DeleteObject (ho=0xde0a01a0) returned 1 [0275.119] CreateFontIndirectA (lplf=0x44b228) returned 0x310a06bc [0275.120] SelectObject (hdc=0xf0107c0, h=0x310a06bc) returned 0xde0a01a0 [0275.120] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xd2 [0275.120] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0xffffff [0275.120] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xffffff [0275.120] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x0 [0275.120] TextOutA (hdc=0xf0107c0, x=365, y=556, lpString="|", c=1) returned 1 [0275.120] SetTextColor (hdc=0xf0107c0, color=0xffffff) returned 0x0 [0275.120] DeleteObject (ho=0x310a06bc) returned 1 [0275.120] CreateSolidBrush (color=0xc4c4c4) returned 0x1a1006af [0275.120] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x1a1006af) returned 1 [0275.120] DeleteObject (ho=0x1a1006af) returned 1 [0275.120] CreateFontIndirectA (lplf=0x44b2dc) returned 0xe00a01a0 [0275.120] SelectObject (hdc=0xf0107c0, h=0xe00a01a0) returned 0x310a06bc [0275.120] SetBkColor (hdc=0xf0107c0, color=0xc4c4c4) returned 0xffffff [0275.120] SetTextColor (hdc=0xf0107c0, color=0x666666) returned 0xffffff [0275.120] DrawTextA (in: hdc=0xf0107c0, lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0275.120] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", cchText=19, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin InformationAbout BitCoinBitCoin is a software-based online payment system.Internet connection is unavailable. Click Network Connections and connect to the InternetYour code has been received. Awaiting verification. Payments are processed Monday to Friday 09.00 AM-06.00 PMPAY FINE\x19", lprc=0x520fcac) returned 22 [0275.121] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin ExchangesBitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=17, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin ExchangesBitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0275.121] DrawTextA (in: hdc=0xf0107c0, lpchText="BitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=11, lprc=0x520fcac, format=0x25 | out: lpchText="BitCoin ATMInternet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0275.121] DrawTextA (in: hdc=0xf0107c0, lpchText="Internet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=16, lprc=0x520fcac, format=0x25 | out: lpchText="Internet BrowserNotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0275.122] DrawTextA (in: hdc=0xf0107c0, lpchText="NotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="NotepadNetwork ConnectionsTo save notepad contents click File->Save.The file will be saved as You can access it later.ATMs", lprc=0x520fcac) returned 22 [0275.122] DeleteObject (ho=0xe00a01a0) returned 1 [0275.122] CreateSolidBrush (color=0xffffff) returned 0x1b1006af [0275.122] FillRect (hDC=0xf0107c0, lprc=0x520fcac, hbr=0x1b1006af) returned 1 [0275.122] DeleteObject (ho=0x1b1006af) returned 1 [0275.122] CreateFontIndirectA (lplf=0x44b2dc) returned 0x440a06bc [0275.122] SelectObject (hdc=0xf0107c0, h=0x440a06bc) returned 0xe00a01a0 [0275.122] SetBkColor (hdc=0xf0107c0, color=0xffffff) returned 0xc4c4c4 [0275.122] SetTextColor (hdc=0xf0107c0, color=0x0) returned 0x666666 [0275.122] DrawTextA (in: hdc=0xf0107c0, lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", cchText=7, lprc=0x520fcac, format=0x25 | out: lpchText="PaymentWillful copyright infringement is a federal crime that carries penalties of up to five years in", lprc=0x520fcac) returned 22 [0275.122] DeleteObject (ho=0x440a06bc) returned 1 [0275.122] EndPaint (hWnd=0x400fa, lpPaint=0x520fcc0) returned 1 [0275.122] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x0 [0275.123] GetCurrentThreadId () returned 0x704 [0275.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25d00db0, dwHighDateTime=0x1d6076d)) [0275.123] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.123] GetCurrentThreadId () returned 0x704 [0275.123] GetCurrentThreadId () returned 0x704 [0275.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520fb7c | out: lpSystemTimeAsFileTime=0x520fb7c*(dwLowDateTime=0x25d00db0, dwHighDateTime=0x1d6076d)) [0275.123] NtdllDefWindowProc_A (hWnd=0x400fa, Msg=0x312, wParam=0x1, lParam=0x0) returned 0x0 [0275.146] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.146] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.146] GetCurrentThreadId () returned 0x704 [0275.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25d26f10, dwHighDateTime=0x1d6076d)) [0275.146] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.168] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.168] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.168] GetCurrentThreadId () returned 0x704 [0275.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25d731d0, dwHighDateTime=0x1d6076d)) [0275.168] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.199] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.199] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.199] GetCurrentThreadId () returned 0x704 [0275.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25dbf490, dwHighDateTime=0x1d6076d)) [0275.199] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.230] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.230] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.230] GetCurrentThreadId () returned 0x704 [0275.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25e0b750, dwHighDateTime=0x1d6076d)) [0275.230] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.261] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.261] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.261] GetCurrentThreadId () returned 0x704 [0275.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25e57a10, dwHighDateTime=0x1d6076d)) [0275.261] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.292] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.292] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.293] GetCurrentThreadId () returned 0x704 [0275.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25ea3cd0, dwHighDateTime=0x1d6076d)) [0275.293] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.324] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.324] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.324] GetCurrentThreadId () returned 0x704 [0275.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25eeff90, dwHighDateTime=0x1d6076d)) [0275.324] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.355] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.355] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.355] GetCurrentThreadId () returned 0x704 [0275.355] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25f3c250, dwHighDateTime=0x1d6076d)) [0275.355] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.386] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.386] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.386] GetCurrentThreadId () returned 0x704 [0275.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25f88510, dwHighDateTime=0x1d6076d)) [0275.386] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.417] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.417] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.417] GetCurrentThreadId () returned 0x704 [0275.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x25fd47d0, dwHighDateTime=0x1d6076d)) [0275.417] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.448] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.448] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.448] GetCurrentThreadId () returned 0x704 [0275.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26020a90, dwHighDateTime=0x1d6076d)) [0275.449] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.480] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.480] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.480] GetCurrentThreadId () returned 0x704 [0275.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2606cd50, dwHighDateTime=0x1d6076d)) [0275.480] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.511] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.511] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.511] GetCurrentThreadId () returned 0x704 [0275.511] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x260b9010, dwHighDateTime=0x1d6076d)) [0275.511] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.542] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.542] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.542] GetCurrentThreadId () returned 0x704 [0275.542] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x261052d0, dwHighDateTime=0x1d6076d)) [0275.542] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.573] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.573] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.573] GetCurrentThreadId () returned 0x704 [0275.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26151590, dwHighDateTime=0x1d6076d)) [0275.573] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.604] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.604] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.604] GetCurrentThreadId () returned 0x704 [0275.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2619d850, dwHighDateTime=0x1d6076d)) [0275.605] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.636] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.636] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.636] GetCurrentThreadId () returned 0x704 [0275.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x261e9b10, dwHighDateTime=0x1d6076d)) [0275.636] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.667] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.667] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.667] GetCurrentThreadId () returned 0x704 [0275.667] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26235dd0, dwHighDateTime=0x1d6076d)) [0275.667] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.698] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.698] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.698] GetCurrentThreadId () returned 0x704 [0275.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26282090, dwHighDateTime=0x1d6076d)) [0275.698] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.729] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.729] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.729] GetCurrentThreadId () returned 0x704 [0275.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x262ce350, dwHighDateTime=0x1d6076d)) [0275.729] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.762] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.762] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.762] GetCurrentThreadId () returned 0x704 [0275.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2631a610, dwHighDateTime=0x1d6076d)) [0275.762] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.792] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.792] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.792] GetCurrentThreadId () returned 0x704 [0275.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x263668d0, dwHighDateTime=0x1d6076d)) [0275.792] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.823] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.823] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.823] GetCurrentThreadId () returned 0x704 [0275.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x263b2b90, dwHighDateTime=0x1d6076d)) [0275.823] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.858] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.858] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.858] GetCurrentThreadId () returned 0x704 [0275.858] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x263fee50, dwHighDateTime=0x1d6076d)) [0275.859] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.885] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.885] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.885] GetCurrentThreadId () returned 0x704 [0275.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2644b110, dwHighDateTime=0x1d6076d)) [0275.886] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.916] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.916] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.916] GetCurrentThreadId () returned 0x704 [0275.916] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x264973d0, dwHighDateTime=0x1d6076d)) [0275.917] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.948] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.948] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.948] GetCurrentThreadId () returned 0x704 [0275.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x264e3690, dwHighDateTime=0x1d6076d)) [0275.948] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0275.979] TranslateMessage (lpMsg=0x40f83c) returned 0 [0275.979] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0275.979] GetCurrentThreadId () returned 0x704 [0275.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2652f950, dwHighDateTime=0x1d6076d)) [0275.979] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.039] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.039] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.039] GetCurrentThreadId () returned 0x704 [0276.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x265a1d70, dwHighDateTime=0x1d6076d)) [0276.040] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.057] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.057] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.057] GetCurrentThreadId () returned 0x704 [0276.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x265ee030, dwHighDateTime=0x1d6076d)) [0276.057] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.088] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.088] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.088] GetCurrentThreadId () returned 0x704 [0276.088] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2663a2f0, dwHighDateTime=0x1d6076d)) [0276.088] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.119] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.119] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.119] GetCurrentThreadId () returned 0x704 [0276.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x266865b0, dwHighDateTime=0x1d6076d)) [0276.119] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.150] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.150] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.150] GetCurrentThreadId () returned 0x704 [0276.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x266d2870, dwHighDateTime=0x1d6076d)) [0276.151] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.182] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.182] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.182] GetCurrentThreadId () returned 0x704 [0276.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2671eb30, dwHighDateTime=0x1d6076d)) [0276.182] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.213] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.213] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.213] GetCurrentThreadId () returned 0x704 [0276.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2676adf0, dwHighDateTime=0x1d6076d)) [0276.213] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.246] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.246] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.246] GetCurrentThreadId () returned 0x704 [0276.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x267b70b0, dwHighDateTime=0x1d6076d)) [0276.246] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.275] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.275] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.275] GetCurrentThreadId () returned 0x704 [0276.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26803370, dwHighDateTime=0x1d6076d)) [0276.275] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.306] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.306] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.306] GetCurrentThreadId () returned 0x704 [0276.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2684f630, dwHighDateTime=0x1d6076d)) [0276.306] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.338] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.338] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.338] GetCurrentThreadId () returned 0x704 [0276.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2689b8f0, dwHighDateTime=0x1d6076d)) [0276.338] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.369] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.369] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.369] GetCurrentThreadId () returned 0x704 [0276.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x268e7bb0, dwHighDateTime=0x1d6076d)) [0276.369] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.400] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.400] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.401] GetCurrentThreadId () returned 0x704 [0276.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26933e70, dwHighDateTime=0x1d6076d)) [0276.401] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.431] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.432] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.432] GetCurrentThreadId () returned 0x704 [0276.432] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26980130, dwHighDateTime=0x1d6076d)) [0276.432] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.462] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.462] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.462] GetCurrentThreadId () returned 0x704 [0276.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.463] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.494] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.494] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.494] GetCurrentThreadId () returned 0x704 [0276.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26a186b0, dwHighDateTime=0x1d6076d)) [0276.494] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.525] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.525] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.525] GetCurrentThreadId () returned 0x704 [0276.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26a64970, dwHighDateTime=0x1d6076d)) [0276.525] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.556] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.556] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.556] GetCurrentThreadId () returned 0x704 [0276.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26ab0c30, dwHighDateTime=0x1d6076d)) [0276.556] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.587] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.587] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.587] GetCurrentThreadId () returned 0x704 [0276.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26afcef0, dwHighDateTime=0x1d6076d)) [0276.587] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.618] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.618] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.618] GetCurrentThreadId () returned 0x704 [0276.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26b491b0, dwHighDateTime=0x1d6076d)) [0276.619] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.650] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.650] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.650] GetCurrentThreadId () returned 0x704 [0276.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26b95470, dwHighDateTime=0x1d6076d)) [0276.650] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.681] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.681] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.681] GetCurrentThreadId () returned 0x704 [0276.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26be1730, dwHighDateTime=0x1d6076d)) [0276.681] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.712] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.712] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.712] GetCurrentThreadId () returned 0x704 [0276.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26c2d9f0, dwHighDateTime=0x1d6076d)) [0276.712] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.743] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.743] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.743] GetCurrentThreadId () returned 0x704 [0276.743] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26c79cb0, dwHighDateTime=0x1d6076d)) [0276.743] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.774] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.774] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.774] GetCurrentThreadId () returned 0x704 [0276.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26cc5f70, dwHighDateTime=0x1d6076d)) [0276.774] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.806] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.806] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.806] GetCurrentThreadId () returned 0x704 [0276.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26d12230, dwHighDateTime=0x1d6076d)) [0276.806] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.837] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.837] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.837] GetCurrentThreadId () returned 0x704 [0276.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26d5e4f0, dwHighDateTime=0x1d6076d)) [0276.837] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.868] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.868] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.868] GetCurrentThreadId () returned 0x704 [0276.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26daa7b0, dwHighDateTime=0x1d6076d)) [0276.868] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.899] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.899] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.899] GetCurrentThreadId () returned 0x704 [0276.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26df6a70, dwHighDateTime=0x1d6076d)) [0276.900] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.930] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.930] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.931] GetCurrentThreadId () returned 0x704 [0276.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26e42d30, dwHighDateTime=0x1d6076d)) [0276.931] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.968] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.968] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.968] GetCurrentThreadId () returned 0x704 [0276.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26e8eff0, dwHighDateTime=0x1d6076d)) [0276.968] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0276.993] TranslateMessage (lpMsg=0x40f83c) returned 0 [0276.993] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0276.993] GetCurrentThreadId () returned 0x704 [0276.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26edb2b0, dwHighDateTime=0x1d6076d)) [0276.993] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.047] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.047] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.048] GetCurrentThreadId () returned 0x704 [0277.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26f4d6d0, dwHighDateTime=0x1d6076d)) [0277.048] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.071] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.071] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.071] GetCurrentThreadId () returned 0x704 [0277.071] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26f99990, dwHighDateTime=0x1d6076d)) [0277.071] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.102] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.102] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.102] GetCurrentThreadId () returned 0x704 [0277.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x26fe5c50, dwHighDateTime=0x1d6076d)) [0277.102] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.133] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.133] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.133] GetCurrentThreadId () returned 0x704 [0277.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27031f10, dwHighDateTime=0x1d6076d)) [0277.133] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.165] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.165] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.165] GetCurrentThreadId () returned 0x704 [0277.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2707e1d0, dwHighDateTime=0x1d6076d)) [0277.165] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.196] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.196] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.196] GetCurrentThreadId () returned 0x704 [0277.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x270ca490, dwHighDateTime=0x1d6076d)) [0277.196] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.227] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.227] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.227] GetCurrentThreadId () returned 0x704 [0277.227] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27116750, dwHighDateTime=0x1d6076d)) [0277.227] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.258] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.258] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.258] GetCurrentThreadId () returned 0x704 [0277.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27162a10, dwHighDateTime=0x1d6076d)) [0277.258] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.289] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.289] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.289] GetCurrentThreadId () returned 0x704 [0277.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x271aecd0, dwHighDateTime=0x1d6076d)) [0277.289] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.320] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.320] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.320] GetCurrentThreadId () returned 0x704 [0277.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x271faf90, dwHighDateTime=0x1d6076d)) [0277.320] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.352] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.352] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.352] GetCurrentThreadId () returned 0x704 [0277.352] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27247250, dwHighDateTime=0x1d6076d)) [0277.352] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.383] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.383] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.383] GetCurrentThreadId () returned 0x704 [0277.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27293510, dwHighDateTime=0x1d6076d)) [0277.383] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.417] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.417] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.417] GetCurrentThreadId () returned 0x704 [0277.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x272df7d0, dwHighDateTime=0x1d6076d)) [0277.417] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.445] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.445] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.445] GetCurrentThreadId () returned 0x704 [0277.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2732ba90, dwHighDateTime=0x1d6076d)) [0277.445] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.476] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.476] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.477] GetCurrentThreadId () returned 0x704 [0277.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27377d50, dwHighDateTime=0x1d6076d)) [0277.477] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.508] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.508] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.508] GetCurrentThreadId () returned 0x704 [0277.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x273c4010, dwHighDateTime=0x1d6076d)) [0277.508] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.539] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.539] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.539] GetCurrentThreadId () returned 0x704 [0277.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x274102d0, dwHighDateTime=0x1d6076d)) [0277.539] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.572] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.572] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.572] GetCurrentThreadId () returned 0x704 [0277.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2745c590, dwHighDateTime=0x1d6076d)) [0277.572] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.601] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.601] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.601] GetCurrentThreadId () returned 0x704 [0277.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x274a8850, dwHighDateTime=0x1d6076d)) [0277.601] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.633] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.633] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.633] GetCurrentThreadId () returned 0x704 [0277.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x274f4b10, dwHighDateTime=0x1d6076d)) [0277.633] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.664] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.664] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.664] GetCurrentThreadId () returned 0x704 [0277.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27540dd0, dwHighDateTime=0x1d6076d)) [0277.664] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.695] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.695] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.695] GetCurrentThreadId () returned 0x704 [0277.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2758d090, dwHighDateTime=0x1d6076d)) [0277.695] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.726] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.726] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.726] GetCurrentThreadId () returned 0x704 [0277.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x275d9350, dwHighDateTime=0x1d6076d)) [0277.726] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.757] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.757] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.757] GetCurrentThreadId () returned 0x704 [0277.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27625610, dwHighDateTime=0x1d6076d)) [0277.758] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.788] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.788] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.788] GetCurrentThreadId () returned 0x704 [0277.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x276718d0, dwHighDateTime=0x1d6076d)) [0277.788] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.820] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.820] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.820] GetCurrentThreadId () returned 0x704 [0277.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x276bdb90, dwHighDateTime=0x1d6076d)) [0277.820] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.851] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.851] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.851] GetCurrentThreadId () returned 0x704 [0277.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27709e50, dwHighDateTime=0x1d6076d)) [0277.851] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.890] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.890] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.891] GetCurrentThreadId () returned 0x704 [0277.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27756110, dwHighDateTime=0x1d6076d)) [0277.891] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.913] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.913] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.913] GetCurrentThreadId () returned 0x704 [0277.913] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x277a23d0, dwHighDateTime=0x1d6076d)) [0277.913] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.945] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.945] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.945] GetCurrentThreadId () returned 0x704 [0277.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x277ee690, dwHighDateTime=0x1d6076d)) [0277.946] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0277.976] TranslateMessage (lpMsg=0x40f83c) returned 0 [0277.976] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0277.976] GetCurrentThreadId () returned 0x704 [0277.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2783a950, dwHighDateTime=0x1d6076d)) [0277.976] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0278.007] TranslateMessage (lpMsg=0x40f83c) returned 0 [0278.007] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0278.007] GetCurrentThreadId () returned 0x704 [0278.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x27886c10, dwHighDateTime=0x1d6076d)) [0278.007] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0278.053] TranslateMessage (lpMsg=0x40f83c) returned 0 [0278.053] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0278.054] GetCurrentThreadId () returned 0x704 [0278.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x278f9030, dwHighDateTime=0x1d6076d)) [0278.054] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0278.072] TranslateMessage (lpMsg=0x40f83c) returned 0 [0278.072] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0278.072] GetCurrentThreadId () returned 0x704 [0278.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2791f190, dwHighDateTime=0x1d6076d)) [0278.072] GetMessageA (in: lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x40f83c) returned 1 [0278.101] TranslateMessage (lpMsg=0x40f83c) returned 0 [0278.101] DispatchMessageA (lpMsg=0x40f83c) returned 0x449c9b [0278.101] GetCurrentThreadId () returned 0x704 [0278.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x520feb0 | out: lpSystemTimeAsFileTime=0x520feb0*(dwLowDateTime=0x2796b450, dwHighDateTime=0x1d6076d)) [0278.101] GetMessageA (lpMsg=0x40f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 400 os_tid = 0x518 Thread: id = 401 os_tid = 0x314 Thread: id = 404 os_tid = 0x43c [0226.125] GetCurrentThreadId () returned 0x43c [0226.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff28 | out: lpSystemTimeAsFileTime=0x856ff28*(dwLowDateTime=0xb6a2e10, dwHighDateTime=0x1d6076d)) [0226.126] GetCurrentThreadId () returned 0x43c [0226.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff58 | out: lpSystemTimeAsFileTime=0x856ff58*(dwLowDateTime=0xb6a2e10, dwHighDateTime=0x1d6076d)) [0226.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff6c | out: lpSystemTimeAsFileTime=0x856ff6c*(dwLowDateTime=0xb6a2e10, dwHighDateTime=0x1d6076d)) [0226.126] GetCurrentThreadId () returned 0x43c [0226.126] gethostbyname (name="google.com") returned 0x1f14cf0*(h_name="google.com", h_aliases=0x1f14d00*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x1f14d04*=([0]="172.217.23.142")) [0226.173] socket (af=2, type=1, protocol=0) returned 0x1150 [0226.191] htons (hostshort=0x50) returned 0x5000 [0226.191] connect (s=0x1150, name=0x856ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0226.209] ioctlsocket (in: s=0x1150, cmd=-2147195266, argp=0x856ff28 | out: argp=0x856ff28) returned 0 [0226.209] GetCurrentThreadId () returned 0x43c [0226.209] send (s=0x1150, buf=0x40f0a6*, len=36, flags=0) returned 36 [0226.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0xb7614f0, dwHighDateTime=0x1d6076d)) [0226.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0xb7614f0, dwHighDateTime=0x1d6076d)) [0226.209] ioctlsocket (in: s=0x1150, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0226.209] Sleep (dwMilliseconds=0x32) [0226.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0xb7f9a70, dwHighDateTime=0x1d6076d)) [0226.275] ioctlsocket (in: s=0x1150, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0226.275] Sleep (dwMilliseconds=0x32) [0226.340] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0226.340] GetCurrentThreadId () returned 0x43c [0226.340] recv (in: s=0x1150, buf=0x4e50000, len=528, flags=0 | out: buf=0x4e50000*) returned 528 [0226.344] shutdown (s=0x856ff84, how=2) returned -1 [0226.344] closesocket (s=0x856ff84) returned -1 [0226.344] GetCurrentThreadId () returned 0x43c [0226.344] GetCurrentThreadId () returned 0x43c [0226.344] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.367] GetCurrentThreadId () returned 0x43c [0226.367] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0226.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff6c | out: lpSystemTimeAsFileTime=0x856ff6c*(dwLowDateTime=0xb8de2b0, dwHighDateTime=0x1d6076d)) [0226.367] ReleaseMutex (hMutex=0x158) returned 1 [0226.367] GetCurrentThreadId () returned 0x43c [0226.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff58 | out: lpSystemTimeAsFileTime=0x856ff58*(dwLowDateTime=0xb8de2b0, dwHighDateTime=0x1d6076d)) [0226.367] Sleep (dwMilliseconds=0x13481) [0236.437] GetCurrentThreadId () returned 0x43c [0236.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff58 | out: lpSystemTimeAsFileTime=0x856ff58*(dwLowDateTime=0x118ad830, dwHighDateTime=0x1d6076d)) [0236.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff6c | out: lpSystemTimeAsFileTime=0x856ff6c*(dwLowDateTime=0x118ad830, dwHighDateTime=0x1d6076d)) [0236.437] GetCurrentThreadId () returned 0x43c [0236.437] gethostbyname (name="google.com") returned 0x1f14cf0*(h_name="google.com", h_aliases=0x1f14d00*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x1f14d04*=([0]="172.217.23.142")) [0236.497] socket (af=2, type=1, protocol=0) returned 0x146c [0236.497] htons (hostshort=0x50) returned 0x5000 [0236.497] connect (s=0x146c, name=0x856ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0236.515] ioctlsocket (in: s=0x146c, cmd=-2147195266, argp=0x856ff28 | out: argp=0x856ff28) returned 0 [0236.515] GetCurrentThreadId () returned 0x43c [0236.515] send (s=0x146c, buf=0x40f0a6*, len=36, flags=0) returned 36 [0236.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0x1196bf10, dwHighDateTime=0x1d6076d)) [0236.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0x1196bf10, dwHighDateTime=0x1d6076d)) [0236.516] ioctlsocket (in: s=0x146c, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0236.516] Sleep (dwMilliseconds=0x32) [0236.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0x11a04490, dwHighDateTime=0x1d6076d)) [0236.573] ioctlsocket (in: s=0x146c, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0236.573] Sleep (dwMilliseconds=0x32) [0236.652] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x4e50000 [0236.652] GetCurrentThreadId () returned 0x43c [0236.652] recv (in: s=0x146c, buf=0x4e50000, len=528, flags=0 | out: buf=0x4e50000*) returned 528 [0236.653] shutdown (s=0x856ff84, how=2) returned -1 [0236.653] closesocket (s=0x856ff84) returned -1 [0236.653] GetCurrentThreadId () returned 0x43c [0236.653] GetCurrentThreadId () returned 0x43c [0236.653] VirtualFree (lpAddress=0x4e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0236.653] GetCurrentThreadId () returned 0x43c [0236.653] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0236.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff6c | out: lpSystemTimeAsFileTime=0x856ff6c*(dwLowDateTime=0x11ac2b70, dwHighDateTime=0x1d6076d)) [0236.654] ReleaseMutex (hMutex=0x158) returned 1 [0236.654] GetCurrentThreadId () returned 0x43c [0236.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff58 | out: lpSystemTimeAsFileTime=0x856ff58*(dwLowDateTime=0x11ac2b70, dwHighDateTime=0x1d6076d)) [0236.654] Sleep (dwMilliseconds=0x1b7b5) [0249.662] GetCurrentThreadId () returned 0x43c [0249.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff58 | out: lpSystemTimeAsFileTime=0x856ff58*(dwLowDateTime=0x17a45e30, dwHighDateTime=0x1d6076d)) [0249.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff6c | out: lpSystemTimeAsFileTime=0x856ff6c*(dwLowDateTime=0x17a45e30, dwHighDateTime=0x1d6076d)) [0249.662] GetCurrentThreadId () returned 0x43c [0249.662] gethostbyname (name="google.com") returned 0x1f14cf0*(h_name="google.com", h_aliases=0x1f14d00*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x1f14d04*=([0]="172.217.23.142")) [0249.663] socket (af=2, type=1, protocol=0) returned 0x14e0 [0249.663] htons (hostshort=0x50) returned 0x5000 [0249.663] connect (s=0x14e0, name=0x856ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) Thread: id = 407 os_tid = 0x694 [0249.687] GetCurrentThreadId () returned 0x694 [0249.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff28 | out: lpSystemTimeAsFileTime=0x856ff28*(dwLowDateTime=0x17a6bf90, dwHighDateTime=0x1d6076d)) [0249.687] GetCurrentThreadId () returned 0x694 [0249.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff58 | out: lpSystemTimeAsFileTime=0x856ff58*(dwLowDateTime=0x17a6bf90, dwHighDateTime=0x1d6076d)) [0249.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff6c | out: lpSystemTimeAsFileTime=0x856ff6c*(dwLowDateTime=0x17a6bf90, dwHighDateTime=0x1d6076d)) [0249.687] GetCurrentThreadId () returned 0x694 [0249.687] gethostbyname (name="google.com") returned 0x1f14dd0*(h_name="google.com", h_aliases=0x1f14de0*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x1f14de4*=([0]="172.217.23.142")) [0249.688] socket (af=2, type=1, protocol=0) returned 0x14fc [0249.688] htons (hostshort=0x50) returned 0x5000 [0249.688] connect (s=0x14fc, name=0x856ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0249.706] ioctlsocket (in: s=0x14fc, cmd=-2147195266, argp=0x856ff28 | out: argp=0x856ff28) returned 0 [0249.706] GetCurrentThreadId () returned 0x694 [0249.706] send (s=0x14fc, buf=0x40f0a6*, len=36, flags=0) returned 36 [0249.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0x17a920f0, dwHighDateTime=0x1d6076d)) [0249.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0x17ab8250, dwHighDateTime=0x1d6076d)) [0249.708] ioctlsocket (in: s=0x14fc, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0249.708] Sleep (dwMilliseconds=0x32) [0249.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0x17b507d0, dwHighDateTime=0x1d6076d)) [0249.771] ioctlsocket (in: s=0x14fc, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0249.771] Sleep (dwMilliseconds=0x32) [0249.833] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x4ec0000 [0249.833] GetCurrentThreadId () returned 0x694 [0249.833] recv (in: s=0x14fc, buf=0x4ec0000, len=528, flags=0 | out: buf=0x4ec0000*) returned 528 [0249.834] shutdown (s=0x856ff84, how=2) returned -1 [0249.834] closesocket (s=0x856ff84) returned -1 [0249.834] GetCurrentThreadId () returned 0x694 [0249.834] GetCurrentThreadId () returned 0x694 [0249.834] VirtualFree (lpAddress=0x4ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0249.834] GetCurrentThreadId () returned 0x694 [0249.834] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0249.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff6c | out: lpSystemTimeAsFileTime=0x856ff6c*(dwLowDateTime=0x17be8d50, dwHighDateTime=0x1d6076d)) [0249.834] ReleaseMutex (hMutex=0x158) returned 1 [0249.834] GetCurrentThreadId () returned 0x694 [0249.834] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff58 | out: lpSystemTimeAsFileTime=0x856ff58*(dwLowDateTime=0x17be8d50, dwHighDateTime=0x1d6076d)) [0249.834] Sleep (dwMilliseconds=0x13673) [0261.518] GetCurrentThreadId () returned 0x694 [0261.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff58 | out: lpSystemTimeAsFileTime=0x856ff58*(dwLowDateTime=0x1db6c010, dwHighDateTime=0x1d6076d)) [0261.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff6c | out: lpSystemTimeAsFileTime=0x856ff6c*(dwLowDateTime=0x1db6c010, dwHighDateTime=0x1d6076d)) [0261.518] GetCurrentThreadId () returned 0x694 [0261.518] gethostbyname (name="google.com") returned 0x1f14dd0*(h_name="google.com", h_aliases=0x1f14de0*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x1f14de4*=([0]="172.217.23.142")) [0261.519] socket (af=2, type=1, protocol=0) returned 0x364 [0261.519] htons (hostshort=0x50) returned 0x5000 [0261.520] connect (s=0x364, name=0x856ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0261.543] ioctlsocket (in: s=0x364, cmd=-2147195266, argp=0x856ff28 | out: argp=0x856ff28) returned 0 [0261.543] GetCurrentThreadId () returned 0x694 [0261.543] send (s=0x364, buf=0x40f0a6*, len=36, flags=0) returned 36 [0261.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0x1db92170, dwHighDateTime=0x1d6076d)) [0261.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0x1db92170, dwHighDateTime=0x1d6076d)) [0261.544] ioctlsocket (in: s=0x364, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0261.544] Sleep (dwMilliseconds=0x32) [0261.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x856ff44 | out: lpSystemTimeAsFileTime=0x856ff44*(dwLowDateTime=0x1dc2a6f0, dwHighDateTime=0x1d6076d)) [0261.596] ioctlsocket (in: s=0x364, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0261.596] Sleep (dwMilliseconds=0x32) Thread: id = 409 os_tid = 0x334 [0258.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fb1c | out: lpSystemTimeAsFileTime=0x8b8fb1c*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.823] InvalidateRect (hWnd=0x400fa, lpRect=0x8b8ff58, bErase=0) returned 1 [0258.824] GetSystemMetrics (nIndex=0) returned 1440 [0258.824] GetSystemMetrics (nIndex=1) returned 900 [0258.824] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0258.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1c567490, dwHighDateTime=0x1d6076d)) [0258.824] ReleaseMutex (hMutex=0x158) returned 1 [0258.824] InvalidateRect (hWnd=0x400fa, lpRect=0x8b8ff58, bErase=0) returned 1 [0258.824] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0258.824] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0258.824] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0258.824] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0258.824] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1518 [0258.826] Process32First (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.827] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0258.827] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0258.827] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.827] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0258.828] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.828] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0258.828] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0258.829] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0258.829] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0258.829] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.830] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.830] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.830] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.831] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.831] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0258.831] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.832] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.832] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0258.832] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.832] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0258.833] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0258.833] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0258.833] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.834] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0258.834] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0258.836] Process32Next (in: hSnapshot=0x1518, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0258.836] CloseHandle (hObject=0x1518) returned 1 [0258.836] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0258.836] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0258.836] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0258.836] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 1 [0258.837] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0258.837] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 1 [0258.841] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0258.841] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0258.841] GetForegroundWindow () returned 0x10058 [0258.841] FindWindowExA (hWndParent=0x10058, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0258.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c58d5f0, dwHighDateTime=0x1d6076d)) [0258.841] Sleep (dwMilliseconds=0x96) [0258.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c70a3b0, dwHighDateTime=0x1d6076d)) [0258.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c70a3b0, dwHighDateTime=0x1d6076d)) [0258.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c70a3b0, dwHighDateTime=0x1d6076d)) [0258.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c70a3b0, dwHighDateTime=0x1d6076d)) [0258.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1c70a3b0, dwHighDateTime=0x1d6076d)) [0258.991] GetSystemMetrics (nIndex=0) returned 1440 [0258.991] GetSystemMetrics (nIndex=1) returned 900 [0258.991] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0258.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1c70a3b0, dwHighDateTime=0x1d6076d)) [0258.991] ReleaseMutex (hMutex=0x158) returned 1 [0258.991] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0259.188] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0259.188] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0259.188] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0259.188] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1534 [0259.190] Process32First (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.191] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0259.191] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0259.191] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.191] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0259.192] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.192] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0259.192] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0259.193] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0259.193] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0259.193] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.194] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.194] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.194] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.195] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.195] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0259.195] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.196] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.196] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0259.196] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.197] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0259.197] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0259.197] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0259.198] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.198] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0259.198] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0259.199] Process32Next (in: hSnapshot=0x1534, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0259.199] CloseHandle (hObject=0x1534) returned 1 [0259.199] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0259.859] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0259.859] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0259.859] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0259.859] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0259.859] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0259.859] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0259.859] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0259.860] GetForegroundWindow () returned 0x400fa [0259.860] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0259.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1cb80cf0, dwHighDateTime=0x1d6076d)) [0259.860] Sleep (dwMilliseconds=0x96) [0260.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ccfdab0, dwHighDateTime=0x1d6076d)) [0260.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ccfdab0, dwHighDateTime=0x1d6076d)) [0260.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ccfdab0, dwHighDateTime=0x1d6076d)) [0260.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ccfdab0, dwHighDateTime=0x1d6076d)) [0260.004] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ccfdab0, dwHighDateTime=0x1d6076d)) [0260.004] GetSystemMetrics (nIndex=0) returned 1440 [0260.004] GetSystemMetrics (nIndex=1) returned 900 [0260.005] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0260.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1ccfdab0, dwHighDateTime=0x1d6076d)) [0260.005] ReleaseMutex (hMutex=0x158) returned 1 [0260.005] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0260.005] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0260.005] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0260.005] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0260.005] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0260.007] Process32First (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.008] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.008] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.008] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.009] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.009] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.010] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.010] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.011] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.011] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.011] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.012] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.012] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.013] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.013] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.014] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.014] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.014] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.015] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.015] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.016] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0260.016] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.017] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.017] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.017] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0260.018] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0260.018] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0260.019] CloseHandle (hObject=0x364) returned 1 [0260.019] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0260.019] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0260.019] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0260.019] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0260.019] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0260.019] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0260.019] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0260.022] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0260.022] GetForegroundWindow () returned 0x400fa [0260.022] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0260.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1cd23c10, dwHighDateTime=0x1d6076d)) [0260.022] Sleep (dwMilliseconds=0x96) [0260.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.183] InvalidateRect (hWnd=0x400fa, lpRect=0x8b8ff58, bErase=0) returned 1 [0260.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.183] GetSystemMetrics (nIndex=0) returned 1440 [0260.183] GetSystemMetrics (nIndex=1) returned 900 [0260.183] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0260.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1cea09d0, dwHighDateTime=0x1d6076d)) [0260.183] ReleaseMutex (hMutex=0x158) returned 1 [0260.183] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0260.183] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0260.183] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0260.183] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0260.184] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0260.186] Process32First (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.186] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.187] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.187] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.188] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.188] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.189] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.189] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.189] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.190] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.190] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.190] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.191] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.191] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.192] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.192] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.193] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.193] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.194] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.194] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.194] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0260.195] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.195] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.196] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.196] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0260.197] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0260.197] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0260.197] CloseHandle (hObject=0x364) returned 1 [0260.197] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0260.197] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0260.198] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0260.198] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0260.198] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0260.198] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0260.198] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0260.198] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0260.198] GetForegroundWindow () returned 0x400fa [0260.198] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0260.198] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1cec6b30, dwHighDateTime=0x1d6076d)) [0260.198] Sleep (dwMilliseconds=0x96) [0260.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d0438f0, dwHighDateTime=0x1d6076d)) [0260.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d0438f0, dwHighDateTime=0x1d6076d)) [0260.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d0438f0, dwHighDateTime=0x1d6076d)) [0260.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d0438f0, dwHighDateTime=0x1d6076d)) [0260.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d0438f0, dwHighDateTime=0x1d6076d)) [0260.348] GetSystemMetrics (nIndex=0) returned 1440 [0260.348] GetSystemMetrics (nIndex=1) returned 900 [0260.348] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0260.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1d0438f0, dwHighDateTime=0x1d6076d)) [0260.348] ReleaseMutex (hMutex=0x158) returned 1 [0260.348] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0260.348] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0260.348] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0260.348] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0260.348] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0260.350] Process32First (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.350] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.351] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.351] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.351] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.352] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.352] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.352] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.353] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.353] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.353] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.354] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.354] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.355] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.355] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.355] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.356] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.356] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.356] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.357] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.357] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0260.358] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.358] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.358] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.359] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0260.359] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0260.359] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0260.360] CloseHandle (hObject=0x364) returned 1 [0260.360] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0260.360] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0260.360] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0260.360] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0260.360] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0260.360] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0260.360] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0260.360] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0260.360] GetForegroundWindow () returned 0x400fa [0260.360] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0260.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d0438f0, dwHighDateTime=0x1d6076d)) [0260.360] Sleep (dwMilliseconds=0x96) [0260.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d1c06b0, dwHighDateTime=0x1d6076d)) [0260.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d1c06b0, dwHighDateTime=0x1d6076d)) [0260.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d1c06b0, dwHighDateTime=0x1d6076d)) [0260.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d1c06b0, dwHighDateTime=0x1d6076d)) [0260.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d1c06b0, dwHighDateTime=0x1d6076d)) [0260.504] GetSystemMetrics (nIndex=0) returned 1440 [0260.504] GetSystemMetrics (nIndex=1) returned 900 [0260.504] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0260.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1d1c06b0, dwHighDateTime=0x1d6076d)) [0260.504] ReleaseMutex (hMutex=0x158) returned 1 [0260.504] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0260.504] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0260.504] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0260.504] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0260.504] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0260.506] Process32First (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.507] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.507] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.508] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.508] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.508] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.509] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.509] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.509] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.510] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.510] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.510] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.511] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.511] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.511] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.512] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.513] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.513] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.513] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.514] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.514] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0260.514] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.515] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.515] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.515] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0260.516] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0260.516] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0260.517] CloseHandle (hObject=0x364) returned 1 [0260.517] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0260.517] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0260.517] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0260.517] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0260.517] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0260.517] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0260.517] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0260.517] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0260.517] GetForegroundWindow () returned 0x400fa [0260.517] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0260.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d1c06b0, dwHighDateTime=0x1d6076d)) [0260.517] Sleep (dwMilliseconds=0x96) [0260.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d33d470, dwHighDateTime=0x1d6076d)) [0260.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d33d470, dwHighDateTime=0x1d6076d)) [0260.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d33d470, dwHighDateTime=0x1d6076d)) [0260.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d33d470, dwHighDateTime=0x1d6076d)) [0260.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d33d470, dwHighDateTime=0x1d6076d)) [0260.660] GetSystemMetrics (nIndex=0) returned 1440 [0260.660] GetSystemMetrics (nIndex=1) returned 900 [0260.660] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0260.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1d33d470, dwHighDateTime=0x1d6076d)) [0260.660] ReleaseMutex (hMutex=0x158) returned 1 [0260.660] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0260.660] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0260.660] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0260.660] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0260.660] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0260.662] Process32First (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.663] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.663] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.664] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.664] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.664] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.665] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.665] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.666] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.666] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.666] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.667] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.667] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.667] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.668] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.668] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.669] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.669] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.669] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.670] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.670] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0260.670] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.671] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.671] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.672] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0260.672] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0260.672] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0260.673] CloseHandle (hObject=0x364) returned 1 [0260.673] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0260.673] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0260.673] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0260.673] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0260.673] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0260.673] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0260.673] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0260.673] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0260.673] GetForegroundWindow () returned 0x400fa [0260.673] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0260.673] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d33d470, dwHighDateTime=0x1d6076d)) [0260.674] Sleep (dwMilliseconds=0x96) [0260.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d4ba230, dwHighDateTime=0x1d6076d)) [0260.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d4ba230, dwHighDateTime=0x1d6076d)) [0260.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d4ba230, dwHighDateTime=0x1d6076d)) [0260.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d4ba230, dwHighDateTime=0x1d6076d)) [0260.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d4ba230, dwHighDateTime=0x1d6076d)) [0260.816] GetSystemMetrics (nIndex=0) returned 1440 [0260.816] GetSystemMetrics (nIndex=1) returned 900 [0260.816] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0260.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1d4ba230, dwHighDateTime=0x1d6076d)) [0260.816] ReleaseMutex (hMutex=0x158) returned 1 [0260.816] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0260.816] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0260.816] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0260.816] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0260.816] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0260.818] Process32First (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.818] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.819] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.819] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.819] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.819] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.820] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.820] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.821] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.821] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.821] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.821] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.822] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.822] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.822] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.823] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.823] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.823] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.824] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.824] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.824] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0260.825] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.825] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.825] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.826] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0260.826] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0260.826] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0260.827] CloseHandle (hObject=0x364) returned 1 [0260.827] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0260.827] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0260.827] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0260.827] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0260.827] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0260.827] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0260.827] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0260.827] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0260.827] GetForegroundWindow () returned 0x400fa [0260.827] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0260.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d4ba230, dwHighDateTime=0x1d6076d)) [0260.827] Sleep (dwMilliseconds=0x96) [0260.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d636ff0, dwHighDateTime=0x1d6076d)) [0260.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d636ff0, dwHighDateTime=0x1d6076d)) [0260.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d636ff0, dwHighDateTime=0x1d6076d)) [0260.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d636ff0, dwHighDateTime=0x1d6076d)) [0260.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d636ff0, dwHighDateTime=0x1d6076d)) [0260.972] GetSystemMetrics (nIndex=0) returned 1440 [0260.972] GetSystemMetrics (nIndex=1) returned 900 [0260.972] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0260.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1d636ff0, dwHighDateTime=0x1d6076d)) [0260.972] ReleaseMutex (hMutex=0x158) returned 1 [0260.972] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0260.972] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0260.972] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0260.972] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0260.972] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0260.974] Process32First (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.975] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.975] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.975] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.976] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.976] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.977] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.977] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.977] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.978] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.978] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.979] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.979] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.979] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.980] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.980] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.981] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.981] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.981] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.982] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.982] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0260.982] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.983] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.983] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.984] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0260.984] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0260.984] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0260.985] CloseHandle (hObject=0x364) returned 1 [0260.985] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0260.985] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0260.985] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0260.985] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0260.985] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0260.985] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0260.985] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0260.985] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0260.985] GetForegroundWindow () returned 0x400fa [0260.985] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0260.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d636ff0, dwHighDateTime=0x1d6076d)) [0260.986] Sleep (dwMilliseconds=0x96) [0261.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d7b3db0, dwHighDateTime=0x1d6076d)) [0261.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d7b3db0, dwHighDateTime=0x1d6076d)) [0261.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d7b3db0, dwHighDateTime=0x1d6076d)) [0261.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d7b3db0, dwHighDateTime=0x1d6076d)) [0261.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d7b3db0, dwHighDateTime=0x1d6076d)) [0261.128] GetSystemMetrics (nIndex=0) returned 1440 [0261.128] GetSystemMetrics (nIndex=1) returned 900 [0261.128] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0261.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1d7b3db0, dwHighDateTime=0x1d6076d)) [0261.128] ReleaseMutex (hMutex=0x158) returned 1 [0261.128] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0261.128] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0261.128] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0261.128] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0261.128] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0261.130] Process32First (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.131] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.131] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.131] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.132] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.132] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.133] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.133] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.133] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.134] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0261.134] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.134] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.135] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.135] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.138] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.138] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.139] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.139] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.139] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.140] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.140] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0261.141] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.141] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.141] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.142] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0261.142] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0261.143] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0261.143] CloseHandle (hObject=0x364) returned 1 [0261.143] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0261.143] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0261.144] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0261.144] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0261.144] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0261.144] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0261.144] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0261.144] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0261.144] GetForegroundWindow () returned 0x0 [0261.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d7d9f10, dwHighDateTime=0x1d6076d)) [0261.144] Sleep (dwMilliseconds=0x96) [0261.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d956cd0, dwHighDateTime=0x1d6076d)) [0261.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d956cd0, dwHighDateTime=0x1d6076d)) [0261.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d956cd0, dwHighDateTime=0x1d6076d)) [0261.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d956cd0, dwHighDateTime=0x1d6076d)) [0261.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d956cd0, dwHighDateTime=0x1d6076d)) [0261.300] GetSystemMetrics (nIndex=0) returned 1440 [0261.300] GetSystemMetrics (nIndex=1) returned 900 [0261.300] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0261.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1d956cd0, dwHighDateTime=0x1d6076d)) [0261.300] ReleaseMutex (hMutex=0x158) returned 1 [0261.300] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0261.300] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0261.300] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0261.300] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0261.300] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0261.302] Process32First (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.303] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.303] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.303] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.304] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.304] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.305] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.305] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.305] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.306] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0261.306] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.306] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.307] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.307] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.308] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.308] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.308] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.309] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.309] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.310] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.310] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0261.310] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.311] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.311] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.312] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0261.312] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0261.312] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0261.313] CloseHandle (hObject=0x364) returned 1 [0261.313] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0261.313] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0261.313] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0261.313] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0261.313] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0261.313] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0261.313] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0261.313] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0261.313] GetForegroundWindow () returned 0x400fa [0261.313] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0261.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1d956cd0, dwHighDateTime=0x1d6076d)) [0261.313] Sleep (dwMilliseconds=0x96) [0261.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.456] GetSystemMetrics (nIndex=0) returned 1440 [0261.456] GetSystemMetrics (nIndex=1) returned 900 [0261.456] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0261.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.456] ReleaseMutex (hMutex=0x158) returned 1 [0261.456] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0261.456] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0261.456] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0261.456] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0261.456] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0261.458] Process32First (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.458] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.459] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.459] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.459] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.460] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.460] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.460] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.461] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.461] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0261.461] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.462] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.462] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.462] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.463] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.463] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.464] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.464] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.464] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.465] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.465] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0261.466] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.466] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.466] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.466] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0261.467] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0261.467] Process32Next (in: hSnapshot=0x364, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0261.467] CloseHandle (hObject=0x364) returned 1 [0261.467] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0261.468] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0261.468] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0261.468] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0261.468] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0261.468] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0261.468] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0261.468] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0261.468] GetForegroundWindow () returned 0x400fa [0261.468] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0261.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dad3a90, dwHighDateTime=0x1d6076d)) [0261.468] Sleep (dwMilliseconds=0x96) [0261.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dc50850, dwHighDateTime=0x1d6076d)) [0261.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dc50850, dwHighDateTime=0x1d6076d)) [0261.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dc50850, dwHighDateTime=0x1d6076d)) [0261.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dc50850, dwHighDateTime=0x1d6076d)) [0261.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dc50850, dwHighDateTime=0x1d6076d)) [0261.612] GetSystemMetrics (nIndex=0) returned 1440 [0261.612] GetSystemMetrics (nIndex=1) returned 900 [0261.612] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0261.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1dc50850, dwHighDateTime=0x1d6076d)) [0261.612] ReleaseMutex (hMutex=0x158) returned 1 [0261.612] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0261.612] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0261.612] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0261.612] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0261.612] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x36c [0261.614] Process32First (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.614] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.614] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.615] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.615] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.615] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.616] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.616] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.616] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.616] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0261.617] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.617] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.617] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.618] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.618] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.619] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.619] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.619] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.620] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.620] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.621] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0261.621] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.621] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.622] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.622] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0261.622] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0261.623] Process32Next (in: hSnapshot=0x36c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0261.623] CloseHandle (hObject=0x36c) returned 1 [0261.623] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0261.623] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0261.623] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0261.623] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0261.623] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0261.624] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0261.624] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0261.624] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0261.624] GetForegroundWindow () returned 0x400fa [0261.624] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0261.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1dc50850, dwHighDateTime=0x1d6076d)) [0261.624] Sleep (dwMilliseconds=0x96) [0261.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ddcd610, dwHighDateTime=0x1d6076d)) [0261.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ddcd610, dwHighDateTime=0x1d6076d)) [0261.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ddcd610, dwHighDateTime=0x1d6076d)) [0261.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ddcd610, dwHighDateTime=0x1d6076d)) [0261.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ddcd610, dwHighDateTime=0x1d6076d)) [0261.768] GetSystemMetrics (nIndex=0) returned 1440 [0261.768] GetSystemMetrics (nIndex=1) returned 900 [0261.768] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0261.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1ddcd610, dwHighDateTime=0x1d6076d)) [0261.768] ReleaseMutex (hMutex=0x158) returned 1 [0261.768] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0261.768] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0261.768] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0261.768] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0261.768] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0261.770] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.771] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.771] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.771] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.772] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.772] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.772] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.773] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.773] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.773] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0261.774] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.774] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.775] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.775] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.775] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.776] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.776] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.776] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.777] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.777] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.778] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0261.778] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.778] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.779] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.779] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0261.779] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0261.780] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0261.780] CloseHandle (hObject=0x1564) returned 1 [0261.780] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0261.780] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0261.780] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0261.780] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0261.780] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0261.780] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0261.780] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0261.780] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0261.780] GetForegroundWindow () returned 0x400fa [0261.781] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0261.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ddcd610, dwHighDateTime=0x1d6076d)) [0261.781] Sleep (dwMilliseconds=0x96) [0261.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1df4a3d0, dwHighDateTime=0x1d6076d)) [0261.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1df4a3d0, dwHighDateTime=0x1d6076d)) [0261.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1df4a3d0, dwHighDateTime=0x1d6076d)) [0261.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1df4a3d0, dwHighDateTime=0x1d6076d)) [0261.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1df4a3d0, dwHighDateTime=0x1d6076d)) [0261.925] GetSystemMetrics (nIndex=0) returned 1440 [0261.926] GetSystemMetrics (nIndex=1) returned 900 [0261.926] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0261.926] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1df4a3d0, dwHighDateTime=0x1d6076d)) [0261.926] ReleaseMutex (hMutex=0x158) returned 1 [0261.926] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0261.926] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0261.926] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0261.926] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0261.926] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0261.928] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.929] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.929] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.930] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.930] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.930] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.931] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.931] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.931] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.932] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0261.933] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.933] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.934] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.934] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.934] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.935] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.935] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.936] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.936] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.937] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.937] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0261.938] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.938] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.938] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.939] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0261.940] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0261.940] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0261.941] CloseHandle (hObject=0x1564) returned 1 [0261.941] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0261.941] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0261.941] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0261.941] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0261.941] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0261.941] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0261.941] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0261.941] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0261.941] GetForegroundWindow () returned 0x0 [0261.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1df70530, dwHighDateTime=0x1d6076d)) [0261.941] Sleep (dwMilliseconds=0x96) [0262.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e0ed2f0, dwHighDateTime=0x1d6076d)) [0262.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e0ed2f0, dwHighDateTime=0x1d6076d)) [0262.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e0ed2f0, dwHighDateTime=0x1d6076d)) [0262.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e0ed2f0, dwHighDateTime=0x1d6076d)) [0262.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e0ed2f0, dwHighDateTime=0x1d6076d)) [0262.098] GetSystemMetrics (nIndex=0) returned 1440 [0262.098] GetSystemMetrics (nIndex=1) returned 900 [0262.098] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0262.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1e0ed2f0, dwHighDateTime=0x1d6076d)) [0262.098] ReleaseMutex (hMutex=0x158) returned 1 [0262.098] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0262.098] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0262.098] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0262.098] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0262.099] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0262.101] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.104] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.104] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.105] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.105] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.106] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.106] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0262.106] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.107] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.107] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.108] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.108] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.108] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0262.109] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.109] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.110] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.110] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.111] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0262.111] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0262.111] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0262.112] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.112] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0262.113] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0262.113] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0262.114] CloseHandle (hObject=0x1564) returned 1 [0262.114] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0262.114] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0262.114] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0262.114] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0262.114] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0262.114] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0262.114] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0262.114] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0262.114] GetForegroundWindow () returned 0x400fa [0262.114] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0262.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e113450, dwHighDateTime=0x1d6076d)) [0262.115] Sleep (dwMilliseconds=0x96) [0262.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e290210, dwHighDateTime=0x1d6076d)) [0262.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e290210, dwHighDateTime=0x1d6076d)) [0262.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e290210, dwHighDateTime=0x1d6076d)) [0262.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e290210, dwHighDateTime=0x1d6076d)) [0262.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e290210, dwHighDateTime=0x1d6076d)) [0262.267] GetSystemMetrics (nIndex=0) returned 1440 [0262.267] GetSystemMetrics (nIndex=1) returned 900 [0262.267] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0262.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1e290210, dwHighDateTime=0x1d6076d)) [0262.267] ReleaseMutex (hMutex=0x158) returned 1 [0262.267] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0262.267] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0262.267] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0262.267] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0262.267] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0262.270] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.271] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.271] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.272] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.272] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.272] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.273] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.273] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.274] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.274] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0262.274] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.275] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.275] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.275] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.276] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.276] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0262.277] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.277] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.277] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.277] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.278] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0262.278] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0262.278] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0262.279] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.279] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0262.280] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0262.280] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0262.280] CloseHandle (hObject=0x1564) returned 1 [0262.281] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0262.281] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0262.281] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0262.281] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0262.281] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0262.281] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0262.281] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0262.281] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0262.281] GetForegroundWindow () returned 0x400fa [0262.281] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0262.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e290210, dwHighDateTime=0x1d6076d)) [0262.281] Sleep (dwMilliseconds=0x96) [0262.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e40cfd0, dwHighDateTime=0x1d6076d)) [0262.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e40cfd0, dwHighDateTime=0x1d6076d)) [0262.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e40cfd0, dwHighDateTime=0x1d6076d)) [0262.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e40cfd0, dwHighDateTime=0x1d6076d)) [0262.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e40cfd0, dwHighDateTime=0x1d6076d)) [0262.423] GetSystemMetrics (nIndex=0) returned 1440 [0262.423] GetSystemMetrics (nIndex=1) returned 900 [0262.423] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0262.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1e40cfd0, dwHighDateTime=0x1d6076d)) [0262.423] ReleaseMutex (hMutex=0x158) returned 1 [0262.423] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0262.423] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0262.423] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0262.423] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0262.423] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0262.425] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.426] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.426] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.426] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.427] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.427] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.428] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.428] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.429] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.429] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0262.429] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.430] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.430] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.430] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.431] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.431] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0262.432] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.432] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.432] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.433] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.433] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0262.434] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0262.434] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0262.434] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.435] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0262.435] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0262.436] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0262.436] CloseHandle (hObject=0x1564) returned 1 [0262.436] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0262.436] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0262.436] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0262.436] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0262.436] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0262.436] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0262.436] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0262.436] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0262.436] GetForegroundWindow () returned 0x400fa [0262.436] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0262.436] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e40cfd0, dwHighDateTime=0x1d6076d)) [0262.436] Sleep (dwMilliseconds=0x96) [0262.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e589d90, dwHighDateTime=0x1d6076d)) [0262.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e589d90, dwHighDateTime=0x1d6076d)) [0262.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e589d90, dwHighDateTime=0x1d6076d)) [0262.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e589d90, dwHighDateTime=0x1d6076d)) [0262.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e589d90, dwHighDateTime=0x1d6076d)) [0262.579] GetSystemMetrics (nIndex=0) returned 1440 [0262.579] GetSystemMetrics (nIndex=1) returned 900 [0262.579] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0262.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1e589d90, dwHighDateTime=0x1d6076d)) [0262.579] ReleaseMutex (hMutex=0x158) returned 1 [0262.579] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0262.579] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0262.579] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0262.579] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0262.579] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0262.581] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.581] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.582] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.582] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.582] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.583] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.583] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.583] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.584] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.584] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0262.584] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.584] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.585] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.585] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.585] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.586] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0262.586] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.586] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.587] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.587] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.587] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0262.587] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0262.588] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0262.588] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.588] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0262.589] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0262.589] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0262.589] CloseHandle (hObject=0x1564) returned 1 [0262.589] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0262.590] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0262.590] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0262.590] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0262.590] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0262.590] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0262.590] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0262.590] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0262.590] GetForegroundWindow () returned 0x400fa [0262.590] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0262.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e589d90, dwHighDateTime=0x1d6076d)) [0262.590] Sleep (dwMilliseconds=0x96) [0262.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e706b50, dwHighDateTime=0x1d6076d)) [0262.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e706b50, dwHighDateTime=0x1d6076d)) [0262.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e706b50, dwHighDateTime=0x1d6076d)) [0262.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e706b50, dwHighDateTime=0x1d6076d)) [0262.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e706b50, dwHighDateTime=0x1d6076d)) [0262.735] GetSystemMetrics (nIndex=0) returned 1440 [0262.735] GetSystemMetrics (nIndex=1) returned 900 [0262.735] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0262.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1e706b50, dwHighDateTime=0x1d6076d)) [0262.735] ReleaseMutex (hMutex=0x158) returned 1 [0262.735] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0262.735] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0262.735] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0262.735] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0262.735] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0262.738] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.738] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.739] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.739] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.739] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.740] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.740] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.741] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.741] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.741] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0262.742] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.742] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.743] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.743] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.744] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.744] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0262.744] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.745] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.745] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.746] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.746] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0262.746] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0262.747] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0262.747] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.748] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0262.748] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0262.748] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0262.749] CloseHandle (hObject=0x1564) returned 1 [0262.749] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0262.749] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0262.749] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0262.749] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0262.749] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0262.749] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0262.749] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0262.749] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0262.749] GetForegroundWindow () returned 0x0 [0262.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e706b50, dwHighDateTime=0x1d6076d)) [0262.749] Sleep (dwMilliseconds=0x96) [0262.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e883910, dwHighDateTime=0x1d6076d)) [0262.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e883910, dwHighDateTime=0x1d6076d)) [0262.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e883910, dwHighDateTime=0x1d6076d)) [0262.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e883910, dwHighDateTime=0x1d6076d)) [0262.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e883910, dwHighDateTime=0x1d6076d)) [0262.890] GetSystemMetrics (nIndex=0) returned 1440 [0262.890] GetSystemMetrics (nIndex=1) returned 900 [0262.890] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0262.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae4 | out: lpSystemTimeAsFileTime=0x8b8fae4*(dwLowDateTime=0x1e883910, dwHighDateTime=0x1d6076d)) [0262.891] ReleaseMutex (hMutex=0x158) returned 1 [0262.891] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0262.891] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0262.891] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0262.891] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0262.891] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0262.893] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.893] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.893] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.894] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.894] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.895] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.895] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.895] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.896] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.896] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0262.897] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.897] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.898] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.898] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.898] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.899] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0262.899] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.899] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.900] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.900] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.900] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0262.903] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0262.903] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0262.903] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.904] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0262.904] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0262.904] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0262.905] CloseHandle (hObject=0x1564) returned 1 [0262.905] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0262.905] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0262.905] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0262.905] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0262.905] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0262.905] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0262.905] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0262.906] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0262.906] GetForegroundWindow () returned 0x400fa [0262.906] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0262.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1e883910, dwHighDateTime=0x1d6076d)) [0262.906] Sleep (dwMilliseconds=0x96) [0263.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf4 | out: lpSystemTimeAsFileTime=0x8b8faf4*(dwLowDateTime=0x1ea26830, dwHighDateTime=0x1d6076d)) [0263.062] InvalidateRect (hWnd=0x400fa, lpRect=0x0, bErase=0) returned 1 [0263.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ea72af0, dwHighDateTime=0x1d6076d)) [0263.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ea72af0, dwHighDateTime=0x1d6076d)) [0263.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ea72af0, dwHighDateTime=0x1d6076d)) [0263.095] SendMessageA (hWnd=0x400fa, Msg=0x312, wParam=0x1, lParam=0x0) returned 0x0 [0263.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ea72af0, dwHighDateTime=0x1d6076d)) [0263.096] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ea72af0, dwHighDateTime=0x1d6076d)) [0263.096] GetSystemMetrics (nIndex=0) returned 1440 [0263.096] GetSystemMetrics (nIndex=1) returned 900 [0263.096] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0263.096] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1ea72af0, dwHighDateTime=0x1d6076d)) [0263.096] ReleaseMutex (hMutex=0x158) returned 1 [0263.096] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0263.096] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0263.096] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0263.096] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0263.096] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0263.098] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.098] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.101] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.101] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.102] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.102] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.104] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0263.104] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.105] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.105] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.105] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.106] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.106] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.106] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.107] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.107] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.108] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.108] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0263.108] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.109] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.109] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.109] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0263.110] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0263.110] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0263.111] CloseHandle (hObject=0x1564) returned 1 [0263.111] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0263.111] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0263.111] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0263.111] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0263.111] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0263.111] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0263.111] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0263.111] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0263.111] GetForegroundWindow () returned 0x400fa [0263.111] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0263.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.111] Sleep (dwMilliseconds=0x96) [0263.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ec15a10, dwHighDateTime=0x1d6076d)) [0263.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ec15a10, dwHighDateTime=0x1d6076d)) [0263.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ec15a10, dwHighDateTime=0x1d6076d)) [0263.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ec15a10, dwHighDateTime=0x1d6076d)) [0263.265] GetSystemMetrics (nIndex=0) returned 1440 [0263.265] GetSystemMetrics (nIndex=1) returned 900 [0263.265] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0263.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1ec15a10, dwHighDateTime=0x1d6076d)) [0263.265] ReleaseMutex (hMutex=0x158) returned 1 [0263.265] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0263.265] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0263.265] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0263.265] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0263.266] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0263.268] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.269] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.269] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.270] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.270] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.270] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.271] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.271] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.271] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.272] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0263.272] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.273] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.273] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.273] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.274] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.274] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.275] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.282] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.282] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.282] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.283] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0263.283] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.283] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.284] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.284] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0263.285] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0263.285] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0263.285] CloseHandle (hObject=0x1564) returned 1 [0263.285] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0263.285] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0263.286] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0263.286] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0263.286] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0263.286] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0263.286] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0263.286] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0263.286] GetForegroundWindow () returned 0x400fa [0263.286] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0263.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ec3bb70, dwHighDateTime=0x1d6076d)) [0263.286] Sleep (dwMilliseconds=0x96) [0263.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1edb8930, dwHighDateTime=0x1d6076d)) [0263.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1edb8930, dwHighDateTime=0x1d6076d)) [0263.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1edb8930, dwHighDateTime=0x1d6076d)) [0263.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1edb8930, dwHighDateTime=0x1d6076d)) [0263.437] GetSystemMetrics (nIndex=0) returned 1440 [0263.437] GetSystemMetrics (nIndex=1) returned 900 [0263.437] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0263.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1edb8930, dwHighDateTime=0x1d6076d)) [0263.437] ReleaseMutex (hMutex=0x158) returned 1 [0263.437] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0263.437] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0263.437] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0263.437] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0263.437] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0263.440] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.440] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.440] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.441] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.441] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.441] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.442] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.442] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.442] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.443] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0263.443] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.443] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.444] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.444] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.445] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.445] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.445] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.446] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.446] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.446] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.447] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0263.447] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.447] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.448] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.448] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0263.448] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0263.449] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0263.449] CloseHandle (hObject=0x1564) returned 1 [0263.449] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0263.449] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0263.449] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0263.449] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0263.449] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0263.449] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0263.449] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0263.449] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0263.449] GetForegroundWindow () returned 0x400fa [0263.450] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0263.462] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1eddea90, dwHighDateTime=0x1d6076d)) [0263.462] Sleep (dwMilliseconds=0x96) [0263.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ef5b850, dwHighDateTime=0x1d6076d)) [0263.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ef5b850, dwHighDateTime=0x1d6076d)) [0263.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ef5b850, dwHighDateTime=0x1d6076d)) [0263.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ef5b850, dwHighDateTime=0x1d6076d)) [0263.608] GetSystemMetrics (nIndex=0) returned 1440 [0263.608] GetSystemMetrics (nIndex=1) returned 900 [0263.608] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0263.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1ef5b850, dwHighDateTime=0x1d6076d)) [0263.608] ReleaseMutex (hMutex=0x158) returned 1 [0263.608] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0263.609] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0263.609] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0263.609] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0263.609] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0263.611] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.612] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.612] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.612] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.613] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.613] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.614] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.614] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.615] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.615] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0263.615] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.616] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.616] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.617] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.617] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.617] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.618] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.618] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.619] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.619] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.620] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0263.620] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.620] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.621] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.621] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0263.622] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0263.622] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0263.623] CloseHandle (hObject=0x1564) returned 1 [0263.623] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0263.623] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0263.623] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0263.623] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0263.623] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0263.623] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0263.623] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0263.623] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0263.623] GetForegroundWindow () returned 0x0 [0263.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1ef5b850, dwHighDateTime=0x1d6076d)) [0263.623] Sleep (dwMilliseconds=0x96) [0263.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f0d8610, dwHighDateTime=0x1d6076d)) [0263.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f0d8610, dwHighDateTime=0x1d6076d)) [0263.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f0d8610, dwHighDateTime=0x1d6076d)) [0263.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f0d8610, dwHighDateTime=0x1d6076d)) [0263.765] GetSystemMetrics (nIndex=0) returned 1440 [0263.765] GetSystemMetrics (nIndex=1) returned 900 [0263.765] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0263.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1f0d8610, dwHighDateTime=0x1d6076d)) [0263.765] ReleaseMutex (hMutex=0x158) returned 1 [0263.765] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0263.765] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0263.765] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0263.765] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0263.765] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0263.768] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.768] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.769] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.769] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.769] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.770] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.770] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.771] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.771] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.772] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0263.772] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.772] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.773] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.773] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.773] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.774] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.774] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.775] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.775] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.775] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.776] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0263.776] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.777] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.777] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.777] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0263.778] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0263.778] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0263.779] CloseHandle (hObject=0x1564) returned 1 [0263.779] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0263.779] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0263.779] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0263.779] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0263.779] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0263.779] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0263.779] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0263.779] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0263.779] GetForegroundWindow () returned 0x400fa [0263.779] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0263.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f0d8610, dwHighDateTime=0x1d6076d)) [0263.780] Sleep (dwMilliseconds=0x96) [0263.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f27b530, dwHighDateTime=0x1d6076d)) [0263.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f27b530, dwHighDateTime=0x1d6076d)) [0263.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f27b530, dwHighDateTime=0x1d6076d)) [0263.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f27b530, dwHighDateTime=0x1d6076d)) [0263.936] GetSystemMetrics (nIndex=0) returned 1440 [0263.936] GetSystemMetrics (nIndex=1) returned 900 [0263.936] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0263.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1f27b530, dwHighDateTime=0x1d6076d)) [0263.936] ReleaseMutex (hMutex=0x158) returned 1 [0263.937] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0263.937] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0263.937] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0263.937] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0263.937] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0263.939] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.939] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.940] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.940] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.940] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.941] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.941] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.941] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.942] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.942] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0263.942] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.943] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.943] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.943] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.944] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.944] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.944] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.945] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.945] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.945] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.945] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0263.946] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.946] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.946] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.947] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0263.947] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0263.947] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0263.948] CloseHandle (hObject=0x1564) returned 1 [0263.948] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0263.948] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0263.948] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0263.948] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0263.948] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0263.948] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0263.948] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0263.948] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0263.948] GetForegroundWindow () returned 0x400fa [0263.948] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0263.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f27b530, dwHighDateTime=0x1d6076d)) [0263.948] Sleep (dwMilliseconds=0x96) [0264.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f3f82f0, dwHighDateTime=0x1d6076d)) [0264.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f3f82f0, dwHighDateTime=0x1d6076d)) [0264.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f3f82f0, dwHighDateTime=0x1d6076d)) [0264.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f3f82f0, dwHighDateTime=0x1d6076d)) [0264.092] GetSystemMetrics (nIndex=0) returned 1440 [0264.092] GetSystemMetrics (nIndex=1) returned 900 [0264.092] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0264.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1f3f82f0, dwHighDateTime=0x1d6076d)) [0264.092] ReleaseMutex (hMutex=0x158) returned 1 [0264.092] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0264.092] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0264.092] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0264.092] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0264.092] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0264.095] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.095] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0264.096] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0264.096] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.096] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0264.097] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.097] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0264.097] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0264.098] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0264.098] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0264.099] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.099] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.099] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.100] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.100] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.100] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0264.101] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.101] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0264.102] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0264.102] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.102] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0264.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0264.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0264.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.104] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0264.104] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0264.104] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0264.105] CloseHandle (hObject=0x1564) returned 1 [0264.105] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0264.105] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0264.105] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0264.105] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0264.105] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0264.105] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0264.105] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0264.105] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0264.105] GetForegroundWindow () returned 0x400fa [0264.105] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0264.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f3f82f0, dwHighDateTime=0x1d6076d)) [0264.105] Sleep (dwMilliseconds=0x96) [0264.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f5750b0, dwHighDateTime=0x1d6076d)) [0264.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f5750b0, dwHighDateTime=0x1d6076d)) [0264.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f5750b0, dwHighDateTime=0x1d6076d)) [0264.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f5750b0, dwHighDateTime=0x1d6076d)) [0264.248] GetSystemMetrics (nIndex=0) returned 1440 [0264.248] GetSystemMetrics (nIndex=1) returned 900 [0264.248] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0264.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1f5750b0, dwHighDateTime=0x1d6076d)) [0264.249] ReleaseMutex (hMutex=0x158) returned 1 [0264.249] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0264.249] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0264.249] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0264.249] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0264.249] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0264.251] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.251] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0264.252] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0264.252] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.253] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0264.253] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.253] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0264.254] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0264.254] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0264.255] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0264.255] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.255] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.256] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.256] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.257] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.257] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0264.257] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.258] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0264.258] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0264.259] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.259] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0264.259] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0264.260] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0264.260] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.261] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0264.261] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0264.261] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0264.262] CloseHandle (hObject=0x1564) returned 1 [0264.262] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0264.262] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0264.262] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0264.262] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0264.262] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0264.262] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0264.262] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0264.262] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0264.262] GetForegroundWindow () returned 0x400fa [0264.262] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0264.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f5750b0, dwHighDateTime=0x1d6076d)) [0264.262] Sleep (dwMilliseconds=0x96) [0264.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f6f1e70, dwHighDateTime=0x1d6076d)) [0264.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f6f1e70, dwHighDateTime=0x1d6076d)) [0264.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f6f1e70, dwHighDateTime=0x1d6076d)) [0264.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f6f1e70, dwHighDateTime=0x1d6076d)) [0264.404] GetSystemMetrics (nIndex=0) returned 1440 [0264.404] GetSystemMetrics (nIndex=1) returned 900 [0264.404] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0264.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1f6f1e70, dwHighDateTime=0x1d6076d)) [0264.404] ReleaseMutex (hMutex=0x158) returned 1 [0264.404] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0264.404] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0264.404] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0264.404] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0264.404] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0264.406] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.406] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0264.407] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0264.407] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.407] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0264.407] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.408] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0264.408] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0264.408] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0264.409] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0264.409] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.409] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.410] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.410] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.410] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.411] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0264.411] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.411] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0264.412] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0264.412] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.412] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0264.413] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0264.413] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0264.413] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.414] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0264.414] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0264.414] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0264.415] CloseHandle (hObject=0x1564) returned 1 [0264.415] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0264.415] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0264.415] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0264.415] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0264.415] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0264.415] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0264.415] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0264.415] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0264.415] GetForegroundWindow () returned 0x0 [0264.415] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f6f1e70, dwHighDateTime=0x1d6076d)) [0264.415] Sleep (dwMilliseconds=0x96) [0264.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f86ec30, dwHighDateTime=0x1d6076d)) [0264.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f86ec30, dwHighDateTime=0x1d6076d)) [0264.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f86ec30, dwHighDateTime=0x1d6076d)) [0264.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f86ec30, dwHighDateTime=0x1d6076d)) [0264.560] GetSystemMetrics (nIndex=0) returned 1440 [0264.560] GetSystemMetrics (nIndex=1) returned 900 [0264.560] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0264.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1f86ec30, dwHighDateTime=0x1d6076d)) [0264.560] ReleaseMutex (hMutex=0x158) returned 1 [0264.560] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0264.560] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0264.560] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0264.560] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0264.560] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0264.562] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.563] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0264.563] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0264.564] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.564] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0264.564] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.565] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0264.565] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0264.565] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0264.566] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0264.566] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.567] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.567] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.567] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.568] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.568] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0264.568] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.569] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0264.569] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0264.569] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.570] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0264.570] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0264.571] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0264.571] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.571] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0264.572] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0264.572] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0264.572] CloseHandle (hObject=0x1564) returned 1 [0264.572] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0264.572] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0264.572] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0264.573] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0264.573] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0264.573] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0264.573] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0264.573] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0264.573] GetForegroundWindow () returned 0x400fa [0264.573] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0264.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f86ec30, dwHighDateTime=0x1d6076d)) [0264.573] Sleep (dwMilliseconds=0x96) [0264.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f9eb9f0, dwHighDateTime=0x1d6076d)) [0264.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f9eb9f0, dwHighDateTime=0x1d6076d)) [0264.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f9eb9f0, dwHighDateTime=0x1d6076d)) [0264.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f9eb9f0, dwHighDateTime=0x1d6076d)) [0264.716] GetSystemMetrics (nIndex=0) returned 1440 [0264.716] GetSystemMetrics (nIndex=1) returned 900 [0264.716] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0264.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1f9eb9f0, dwHighDateTime=0x1d6076d)) [0264.716] ReleaseMutex (hMutex=0x158) returned 1 [0264.716] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0264.716] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0264.716] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0264.716] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0264.716] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0264.718] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.719] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0264.719] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0264.719] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.720] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0264.720] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.720] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0264.720] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0264.721] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0264.721] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0264.721] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.722] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.722] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.722] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.723] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.723] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0264.723] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.723] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0264.724] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0264.724] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.724] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0264.725] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0264.725] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0264.725] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.726] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0264.726] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0264.726] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0264.726] CloseHandle (hObject=0x1564) returned 1 [0264.726] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0264.727] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0264.727] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0264.727] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0264.727] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0264.727] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0264.727] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0264.727] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0264.727] GetForegroundWindow () returned 0x400fa [0264.727] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0264.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1f9eb9f0, dwHighDateTime=0x1d6076d)) [0264.727] Sleep (dwMilliseconds=0x96) [0264.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fb687b0, dwHighDateTime=0x1d6076d)) [0264.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fb687b0, dwHighDateTime=0x1d6076d)) [0264.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fb687b0, dwHighDateTime=0x1d6076d)) [0264.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fb687b0, dwHighDateTime=0x1d6076d)) [0264.872] GetSystemMetrics (nIndex=0) returned 1440 [0264.872] GetSystemMetrics (nIndex=1) returned 900 [0264.872] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0264.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1fb687b0, dwHighDateTime=0x1d6076d)) [0264.872] ReleaseMutex (hMutex=0x158) returned 1 [0264.872] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0264.872] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0264.872] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0264.872] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0264.872] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0264.874] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.874] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0264.875] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0264.875] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.875] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0264.876] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.876] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0264.876] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0264.877] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0264.877] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0264.877] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.878] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.878] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.878] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.879] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.879] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0264.879] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.880] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0264.880] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0264.881] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.881] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0264.882] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0264.882] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0264.882] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.883] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0264.883] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0264.883] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0264.884] CloseHandle (hObject=0x1564) returned 1 [0264.884] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0264.884] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0264.884] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0264.884] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0264.884] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0264.884] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0264.884] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0264.884] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0264.884] GetForegroundWindow () returned 0x400fa [0264.884] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0264.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fb687b0, dwHighDateTime=0x1d6076d)) [0264.884] Sleep (dwMilliseconds=0x96) [0265.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fce5570, dwHighDateTime=0x1d6076d)) [0265.041] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0265.042] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.045] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.045] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.045] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.046] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.046] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.047] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.047] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.047] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.048] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.048] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.049] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.049] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.049] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.050] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.050] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.050] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.050] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.051] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.051] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.051] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.052] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.052] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.052] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.053] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.053] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.053] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.054] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.054] CloseHandle (hObject=0x1564) returned 1 [0265.054] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.055] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.056] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.056] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.056] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.057] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.058] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.058] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.059] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.059] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.059] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.059] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.060] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.060] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.060] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.061] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.061] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.061] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.062] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.062] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.062] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.062] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.063] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.063] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.063] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.064] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.064] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.064] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.064] CloseHandle (hObject=0x1564) returned 1 [0265.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fd31830, dwHighDateTime=0x1d6076d)) [0265.065] GetSystemMetrics (nIndex=0) returned 1440 [0265.065] GetSystemMetrics (nIndex=1) returned 900 [0265.065] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0265.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1fd31830, dwHighDateTime=0x1d6076d)) [0265.065] ReleaseMutex (hMutex=0x158) returned 1 [0265.065] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0265.065] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0265.065] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0265.065] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0265.065] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.066] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.067] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.067] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.067] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.068] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.068] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.068] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.069] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.069] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.069] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.069] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.070] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.070] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.070] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.071] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.071] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.071] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.072] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.072] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.072] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.073] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.073] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.073] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.074] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.075] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.075] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.075] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.075] CloseHandle (hObject=0x1564) returned 1 [0265.076] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0265.076] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0265.076] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0265.076] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0265.076] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0265.076] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0265.076] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0265.076] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0265.076] GetForegroundWindow () returned 0x400fa [0265.076] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0265.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fd57990, dwHighDateTime=0x1d6076d)) [0265.076] Sleep (dwMilliseconds=0x96) [0265.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fed4750, dwHighDateTime=0x1d6076d)) [0265.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fed4750, dwHighDateTime=0x1d6076d)) [0265.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fed4750, dwHighDateTime=0x1d6076d)) [0265.231] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.233] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.233] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.234] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.234] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.234] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.235] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.235] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.236] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.236] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.236] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.237] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.237] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.238] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.238] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.238] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.239] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.239] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.239] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.240] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.240] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.241] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.241] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.241] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.242] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.242] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.242] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.243] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.243] CloseHandle (hObject=0x1564) returned 1 [0265.243] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fed4750, dwHighDateTime=0x1d6076d)) [0265.243] GetSystemMetrics (nIndex=0) returned 1440 [0265.244] GetSystemMetrics (nIndex=1) returned 900 [0265.244] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0265.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x1fed4750, dwHighDateTime=0x1d6076d)) [0265.244] ReleaseMutex (hMutex=0x158) returned 1 [0265.244] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0265.244] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0265.244] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0265.244] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0265.244] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.246] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.246] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.249] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.249] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.250] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.250] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.250] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.251] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.251] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.252] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.252] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.252] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.253] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.253] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.254] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.254] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.254] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.255] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.255] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.255] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.256] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.256] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.257] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.257] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.257] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.258] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.258] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.258] CloseHandle (hObject=0x1564) returned 1 [0265.258] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0265.259] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0265.259] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0265.259] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0265.259] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0265.259] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0265.259] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0265.259] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0265.259] GetForegroundWindow () returned 0x0 [0265.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x1fefa8b0, dwHighDateTime=0x1d6076d)) [0265.259] Sleep (dwMilliseconds=0x96) [0265.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20077670, dwHighDateTime=0x1d6076d)) [0265.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20077670, dwHighDateTime=0x1d6076d)) [0265.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20077670, dwHighDateTime=0x1d6076d)) [0265.402] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.404] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.405] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.405] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.405] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.406] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.406] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.407] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.407] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.407] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.408] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.408] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.409] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.409] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.409] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.410] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.410] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.410] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.411] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.411] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.412] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.413] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.413] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.413] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.414] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.414] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.415] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.415] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.415] CloseHandle (hObject=0x1564) returned 1 [0265.415] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20077670, dwHighDateTime=0x1d6076d)) [0265.415] GetSystemMetrics (nIndex=0) returned 1440 [0265.415] GetSystemMetrics (nIndex=1) returned 900 [0265.416] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0265.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x20077670, dwHighDateTime=0x1d6076d)) [0265.416] ReleaseMutex (hMutex=0x158) returned 1 [0265.416] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0265.416] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0265.416] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0265.416] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0265.416] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.418] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.419] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.419] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.419] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.420] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.420] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.420] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.421] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.421] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.422] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.422] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.422] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.423] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.423] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.424] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.424] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.424] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.425] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.425] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.426] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.426] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.426] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.427] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.427] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.427] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.428] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.428] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.429] CloseHandle (hObject=0x1564) returned 1 [0265.429] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0265.429] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0265.429] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0265.429] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0265.429] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0265.429] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0265.429] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0265.429] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0265.429] GetForegroundWindow () returned 0x400fa [0265.429] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0265.429] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2009d7d0, dwHighDateTime=0x1d6076d)) [0265.429] Sleep (dwMilliseconds=0x96) [0265.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2021a590, dwHighDateTime=0x1d6076d)) [0265.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2021a590, dwHighDateTime=0x1d6076d)) [0265.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2021a590, dwHighDateTime=0x1d6076d)) [0265.574] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.576] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.576] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.576] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.577] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.577] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.577] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.577] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.578] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.578] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.578] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.579] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.579] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.579] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.579] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.580] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.580] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.580] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.581] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.581] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.581] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.581] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.582] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.582] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.582] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.583] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.583] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.583] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.584] CloseHandle (hObject=0x1564) returned 1 [0265.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2021a590, dwHighDateTime=0x1d6076d)) [0265.584] GetSystemMetrics (nIndex=0) returned 1440 [0265.584] GetSystemMetrics (nIndex=1) returned 900 [0265.584] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0265.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x2021a590, dwHighDateTime=0x1d6076d)) [0265.584] ReleaseMutex (hMutex=0x158) returned 1 [0265.584] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0265.584] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0265.584] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0265.584] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0265.584] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.586] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.586] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.586] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.587] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.587] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.587] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.587] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.588] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.588] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.588] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.589] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.589] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.589] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.590] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.590] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.590] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.590] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.591] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.591] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.592] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.592] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.592] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.593] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.593] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.593] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.593] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.594] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.594] CloseHandle (hObject=0x1564) returned 1 [0265.594] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0265.594] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0265.594] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0265.594] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0265.594] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0265.594] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0265.594] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0265.594] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0265.594] GetForegroundWindow () returned 0x400fa [0265.595] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0265.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x202406f0, dwHighDateTime=0x1d6076d)) [0265.595] Sleep (dwMilliseconds=0x96) [0265.745] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x203bd4b0, dwHighDateTime=0x1d6076d)) [0265.745] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x203bd4b0, dwHighDateTime=0x1d6076d)) [0265.745] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x203bd4b0, dwHighDateTime=0x1d6076d)) [0265.745] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.747] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.747] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.748] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.748] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.748] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.749] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.749] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.749] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.750] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.750] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.750] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.750] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.751] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.751] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.751] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2b, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.752] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.752] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.752] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.753] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.753] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.753] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.753] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.754] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.754] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.754] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.755] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.755] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.755] CloseHandle (hObject=0x1564) returned 1 [0265.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x203bd4b0, dwHighDateTime=0x1d6076d)) [0265.755] GetSystemMetrics (nIndex=0) returned 1440 [0265.755] GetSystemMetrics (nIndex=1) returned 900 [0265.755] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0265.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x203bd4b0, dwHighDateTime=0x1d6076d)) [0265.756] ReleaseMutex (hMutex=0x158) returned 1 [0265.756] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0265.756] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0265.756] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0265.756] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0265.756] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.757] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.758] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.758] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.758] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.759] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.759] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.759] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.760] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.760] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.760] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.761] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.761] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.762] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.762] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.762] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2b, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.763] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.763] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.763] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.764] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.764] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.764] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.765] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.765] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.765] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.765] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.766] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.766] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.766] CloseHandle (hObject=0x1564) returned 1 [0265.766] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0265.766] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0265.766] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0265.766] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0265.766] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0265.767] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0265.767] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0265.767] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0265.767] GetForegroundWindow () returned 0x400fa [0265.767] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0265.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x203e3610, dwHighDateTime=0x1d6076d)) [0265.767] Sleep (dwMilliseconds=0x96) [0265.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x205603d0, dwHighDateTime=0x1d6076d)) [0265.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x205603d0, dwHighDateTime=0x1d6076d)) [0265.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x205603d0, dwHighDateTime=0x1d6076d)) [0265.930] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.932] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.933] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.933] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.933] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.934] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.934] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.934] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.934] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.935] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.935] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.935] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.936] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.936] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.936] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.937] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2b, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.937] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.937] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.938] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.938] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.938] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.939] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.939] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.939] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.940] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.940] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.940] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.941] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.941] CloseHandle (hObject=0x1564) returned 1 [0265.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20586530, dwHighDateTime=0x1d6076d)) [0265.941] GetSystemMetrics (nIndex=0) returned 1440 [0265.941] GetSystemMetrics (nIndex=1) returned 900 [0265.941] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0265.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x20586530, dwHighDateTime=0x1d6076d)) [0265.941] ReleaseMutex (hMutex=0x158) returned 1 [0265.941] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0265.941] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0265.941] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0265.942] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0265.942] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0265.944] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.944] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.945] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.945] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.945] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.946] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.946] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.946] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.947] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.947] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0265.947] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.947] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.960] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.961] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.961] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2b, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.961] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.961] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.962] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.962] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.962] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.963] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0265.963] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.963] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0265.964] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.964] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0265.964] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0265.964] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0265.965] CloseHandle (hObject=0x1564) returned 1 [0265.965] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0265.965] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0265.965] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0265.965] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0265.965] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0265.965] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0265.965] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0265.965] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0265.965] GetForegroundWindow () returned 0x400fa [0265.965] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0265.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.965] Sleep (dwMilliseconds=0x96) [0266.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2074f5b0, dwHighDateTime=0x1d6076d)) [0266.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2074f5b0, dwHighDateTime=0x1d6076d)) [0266.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2074f5b0, dwHighDateTime=0x1d6076d)) [0266.120] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.121] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.122] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.124] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.125] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.125] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.125] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.126] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.126] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.126] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.126] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.127] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.127] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.127] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.128] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.128] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.129] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.129] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.129] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.130] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.130] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.130] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.131] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.131] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.132] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.132] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.132] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.133] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.133] CloseHandle (hObject=0x1564) returned 1 [0266.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2074f5b0, dwHighDateTime=0x1d6076d)) [0266.133] GetSystemMetrics (nIndex=0) returned 1440 [0266.133] GetSystemMetrics (nIndex=1) returned 900 [0266.133] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0266.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x2074f5b0, dwHighDateTime=0x1d6076d)) [0266.133] ReleaseMutex (hMutex=0x158) returned 1 [0266.133] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0266.133] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0266.133] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0266.133] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0266.134] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.136] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.136] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.136] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.137] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.137] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.137] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.137] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.138] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.138] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.138] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.139] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.139] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.139] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.139] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.140] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.140] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.140] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.141] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.141] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.141] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.142] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.142] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.142] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.143] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.143] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.143] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.143] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.144] CloseHandle (hObject=0x1564) returned 1 [0266.144] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0266.144] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0266.144] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0266.144] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0266.144] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0266.144] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0266.144] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0266.144] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0266.144] GetForegroundWindow () returned 0x0 [0266.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20775710, dwHighDateTime=0x1d6076d)) [0266.144] Sleep (dwMilliseconds=0x96) [0266.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x208f24d0, dwHighDateTime=0x1d6076d)) [0266.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x208f24d0, dwHighDateTime=0x1d6076d)) [0266.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x208f24d0, dwHighDateTime=0x1d6076d)) [0266.292] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.294] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.294] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.294] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.295] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.295] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.296] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.296] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.296] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.297] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.297] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.297] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.298] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.298] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.298] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.299] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.299] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.300] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.300] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.300] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.301] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.301] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.301] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.302] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.302] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.302] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.303] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.303] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.303] CloseHandle (hObject=0x1564) returned 1 [0266.303] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x208f24d0, dwHighDateTime=0x1d6076d)) [0266.303] GetSystemMetrics (nIndex=0) returned 1440 [0266.304] GetSystemMetrics (nIndex=1) returned 900 [0266.304] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0266.304] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x208f24d0, dwHighDateTime=0x1d6076d)) [0266.304] ReleaseMutex (hMutex=0x158) returned 1 [0266.304] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0266.304] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0266.304] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0266.304] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0266.304] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.306] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.306] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.307] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.307] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.307] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.308] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.308] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.309] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.309] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.309] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.310] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.310] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.310] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.311] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.311] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.312] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.312] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.312] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.313] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.313] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.313] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.314] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.314] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.314] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.315] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.315] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.316] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.316] CloseHandle (hObject=0x1564) returned 1 [0266.316] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0266.316] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0266.316] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0266.316] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0266.316] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0266.316] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0266.316] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0266.316] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0266.316] GetForegroundWindow () returned 0x400fa [0266.317] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0266.317] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20918630, dwHighDateTime=0x1d6076d)) [0266.317] Sleep (dwMilliseconds=0x96) [0266.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20a953f0, dwHighDateTime=0x1d6076d)) [0266.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20a953f0, dwHighDateTime=0x1d6076d)) [0266.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20a953f0, dwHighDateTime=0x1d6076d)) [0266.463] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.465] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.466] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.466] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.466] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.467] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.467] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.467] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.468] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.468] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.469] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.469] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.469] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.470] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.470] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.470] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.471] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.471] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.472] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.472] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.472] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.473] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.473] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.473] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.474] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.474] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.475] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.475] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.475] CloseHandle (hObject=0x1564) returned 1 [0266.475] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20a953f0, dwHighDateTime=0x1d6076d)) [0266.475] GetSystemMetrics (nIndex=0) returned 1440 [0266.475] GetSystemMetrics (nIndex=1) returned 900 [0266.475] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0266.475] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x20a953f0, dwHighDateTime=0x1d6076d)) [0266.476] ReleaseMutex (hMutex=0x158) returned 1 [0266.476] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0266.476] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0266.476] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0266.476] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0266.476] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.478] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.479] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.479] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.479] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.480] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.480] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.481] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.481] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.481] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.482] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.482] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.482] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.483] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.483] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.484] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.484] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.484] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.485] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.485] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.485] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.486] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.486] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.487] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.487] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.487] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.488] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.488] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.488] CloseHandle (hObject=0x1564) returned 1 [0266.489] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0266.489] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0266.489] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0266.489] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0266.489] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0266.489] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0266.489] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0266.489] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0266.489] GetForegroundWindow () returned 0x400fa [0266.489] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0266.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20abb550, dwHighDateTime=0x1d6076d)) [0266.489] Sleep (dwMilliseconds=0x96) [0266.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20c38310, dwHighDateTime=0x1d6076d)) [0266.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20c38310, dwHighDateTime=0x1d6076d)) [0266.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20c38310, dwHighDateTime=0x1d6076d)) [0266.636] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.638] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.638] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.638] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.639] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.639] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.639] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.640] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.640] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.640] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.641] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.641] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.641] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.642] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.642] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.642] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.642] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.643] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.643] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.643] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.644] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.644] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.644] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.645] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.645] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.645] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.645] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.646] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.646] CloseHandle (hObject=0x1564) returned 1 [0266.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20c38310, dwHighDateTime=0x1d6076d)) [0266.646] GetSystemMetrics (nIndex=0) returned 1440 [0266.646] GetSystemMetrics (nIndex=1) returned 900 [0266.646] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0266.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x20c38310, dwHighDateTime=0x1d6076d)) [0266.646] ReleaseMutex (hMutex=0x158) returned 1 [0266.646] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0266.646] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0266.646] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0266.646] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0266.646] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.648] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.649] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.649] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.649] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.650] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.651] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.651] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.651] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.652] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.652] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.652] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.652] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.653] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.653] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.653] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.654] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.654] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.654] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.654] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.655] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.655] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.655] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.656] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.656] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.656] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.657] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.657] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.657] CloseHandle (hObject=0x1564) returned 1 [0266.657] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0266.657] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0266.657] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0266.657] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0266.658] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0266.658] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0266.658] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0266.658] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0266.658] GetForegroundWindow () returned 0x400fa [0266.658] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0266.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20c5e470, dwHighDateTime=0x1d6076d)) [0266.658] Sleep (dwMilliseconds=0x96) [0266.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20ddb230, dwHighDateTime=0x1d6076d)) [0266.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20ddb230, dwHighDateTime=0x1d6076d)) [0266.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20ddb230, dwHighDateTime=0x1d6076d)) [0266.806] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.808] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.809] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.809] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.809] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.810] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.810] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.810] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.811] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.811] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.812] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.812] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.812] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.813] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.813] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.813] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.814] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.814] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.814] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.815] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.815] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.816] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.816] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.816] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.816] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.817] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.817] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.817] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.818] CloseHandle (hObject=0x1564) returned 1 [0266.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20ddb230, dwHighDateTime=0x1d6076d)) [0266.818] GetSystemMetrics (nIndex=0) returned 1440 [0266.818] GetSystemMetrics (nIndex=1) returned 900 [0266.818] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0266.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x20ddb230, dwHighDateTime=0x1d6076d)) [0266.818] ReleaseMutex (hMutex=0x158) returned 1 [0266.818] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0266.818] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0266.818] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0266.818] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0266.818] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.820] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.820] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.821] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.821] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.822] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.822] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.822] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.823] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.823] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.823] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.824] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.824] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.824] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.824] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.825] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.825] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.825] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.826] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.826] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.826] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.826] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.827] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.827] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.827] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.828] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.828] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.828] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.828] CloseHandle (hObject=0x1564) returned 1 [0266.829] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0266.829] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0266.829] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0266.829] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0266.829] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0266.829] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0266.829] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0266.829] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0266.829] GetForegroundWindow () returned 0x400fa [0266.829] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0266.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20e01390, dwHighDateTime=0x1d6076d)) [0266.829] Sleep (dwMilliseconds=0x96) [0266.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20f7e150, dwHighDateTime=0x1d6076d)) [0266.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20f7e150, dwHighDateTime=0x1d6076d)) [0266.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20f7e150, dwHighDateTime=0x1d6076d)) [0266.978] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.980] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.981] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.981] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.981] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.982] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.982] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.983] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.983] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.983] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.984] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.984] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.984] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.985] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.985] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.986] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.986] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.986] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.987] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.987] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.988] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.988] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0266.988] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.988] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0266.989] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.989] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0266.989] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0266.990] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0266.990] CloseHandle (hObject=0x1564) returned 1 [0266.990] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20f7e150, dwHighDateTime=0x1d6076d)) [0266.990] GetSystemMetrics (nIndex=0) returned 1440 [0266.990] GetSystemMetrics (nIndex=1) returned 900 [0266.990] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0266.990] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x20f7e150, dwHighDateTime=0x1d6076d)) [0266.990] ReleaseMutex (hMutex=0x158) returned 1 [0266.990] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0266.991] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0266.991] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0266.991] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0266.991] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0266.993] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.993] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.993] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.994] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.994] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.994] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.995] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.995] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.995] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.996] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0266.996] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.996] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.997] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.997] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.997] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.998] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.998] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.998] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.999] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.999] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.999] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.000] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.000] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.000] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.001] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.001] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.001] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.001] CloseHandle (hObject=0x1564) returned 1 [0267.002] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0267.002] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0267.002] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0267.002] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0267.002] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0267.002] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0267.002] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0267.002] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0267.002] GetForegroundWindow () returned 0x0 [0267.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x20fa42b0, dwHighDateTime=0x1d6076d)) [0267.002] Sleep (dwMilliseconds=0x96) [0267.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21121070, dwHighDateTime=0x1d6076d)) [0267.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21121070, dwHighDateTime=0x1d6076d)) [0267.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21121070, dwHighDateTime=0x1d6076d)) [0267.150] SendMessageA (hWnd=0x400fa, Msg=0x312, wParam=0x1, lParam=0x0) returned 0x0 [0267.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21121070, dwHighDateTime=0x1d6076d)) [0267.150] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0267.152] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.153] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.153] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.153] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.154] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.154] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.155] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.155] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.156] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.156] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0267.156] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.157] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.157] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.157] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.158] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.158] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.159] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.159] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.159] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.160] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.160] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.160] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.161] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.161] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.162] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.162] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.162] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.163] CloseHandle (hObject=0x1564) returned 1 [0267.163] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21121070, dwHighDateTime=0x1d6076d)) [0267.163] GetSystemMetrics (nIndex=0) returned 1440 [0267.163] GetSystemMetrics (nIndex=1) returned 900 [0267.163] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0267.163] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x21121070, dwHighDateTime=0x1d6076d)) [0267.163] ReleaseMutex (hMutex=0x158) returned 1 [0267.163] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0267.163] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0267.163] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0267.163] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0267.163] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0267.166] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.166] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.167] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.167] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.167] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.168] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.168] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.169] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.169] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.169] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0267.170] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.170] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.170] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.171] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.171] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.172] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.172] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.172] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.173] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.173] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.174] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.174] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.174] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.175] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.175] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.176] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.176] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.176] CloseHandle (hObject=0x1564) returned 1 [0267.176] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0267.176] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0267.176] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0267.177] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0267.177] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0267.177] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0267.177] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0267.177] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0267.177] GetForegroundWindow () returned 0x400fa [0267.177] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0267.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x211471d0, dwHighDateTime=0x1d6076d)) [0267.177] Sleep (dwMilliseconds=0x96) [0267.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x212c3f90, dwHighDateTime=0x1d6076d)) [0267.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x212c3f90, dwHighDateTime=0x1d6076d)) [0267.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x212c3f90, dwHighDateTime=0x1d6076d)) [0267.321] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0267.323] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.324] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.324] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.324] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.325] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.325] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.326] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.326] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.326] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.327] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0267.327] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.327] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.328] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.328] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.329] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.329] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.329] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.330] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.330] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.330] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.331] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.331] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.331] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.332] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.332] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.332] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.333] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.333] CloseHandle (hObject=0x1564) returned 1 [0267.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x212c3f90, dwHighDateTime=0x1d6076d)) [0267.333] GetSystemMetrics (nIndex=0) returned 1440 [0267.333] GetSystemMetrics (nIndex=1) returned 900 [0267.333] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0267.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x212c3f90, dwHighDateTime=0x1d6076d)) [0267.333] ReleaseMutex (hMutex=0x158) returned 1 [0267.333] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0267.334] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0267.334] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0267.334] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0267.334] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0267.336] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.336] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.336] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.337] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.337] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.337] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.338] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.338] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.338] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.339] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0267.339] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.339] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.340] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.340] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.340] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.341] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.341] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.341] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.342] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.342] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.342] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.343] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.343] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.343] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.344] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.344] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.344] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.344] CloseHandle (hObject=0x1564) returned 1 [0267.345] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0267.345] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0267.345] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0267.345] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0267.345] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0267.345] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0267.345] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0267.345] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0267.345] GetForegroundWindow () returned 0x400fa [0267.345] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0267.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x212ea0f0, dwHighDateTime=0x1d6076d)) [0267.345] Sleep (dwMilliseconds=0x96) [0267.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21466eb0, dwHighDateTime=0x1d6076d)) [0267.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21466eb0, dwHighDateTime=0x1d6076d)) [0267.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21466eb0, dwHighDateTime=0x1d6076d)) [0267.492] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0267.494] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.495] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.495] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.495] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.496] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.496] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.496] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.497] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.497] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.498] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0267.498] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.499] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.499] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.499] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.500] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.500] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.501] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.501] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.502] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.502] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.502] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.503] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.503] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.504] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.504] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.504] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.505] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.505] CloseHandle (hObject=0x1564) returned 1 [0267.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21466eb0, dwHighDateTime=0x1d6076d)) [0267.505] GetSystemMetrics (nIndex=0) returned 1440 [0267.506] GetSystemMetrics (nIndex=1) returned 900 [0267.506] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0267.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x21466eb0, dwHighDateTime=0x1d6076d)) [0267.506] ReleaseMutex (hMutex=0x158) returned 1 [0267.506] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0267.506] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0267.506] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0267.506] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0267.506] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0267.509] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.509] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.510] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.510] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.511] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.511] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.512] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.512] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.512] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.513] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0267.513] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.514] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.514] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.514] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.515] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.516] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.516] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.517] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.517] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.517] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.518] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.518] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.519] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.519] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.519] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.520] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.520] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.521] CloseHandle (hObject=0x1564) returned 1 [0267.521] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0267.521] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0267.521] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0267.521] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0267.521] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0267.521] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0267.521] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0267.521] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0267.521] GetForegroundWindow () returned 0x400fa [0267.521] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0267.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2148d010, dwHighDateTime=0x1d6076d)) [0267.521] Sleep (dwMilliseconds=0x96) [0267.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21609dd0, dwHighDateTime=0x1d6076d)) [0267.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21609dd0, dwHighDateTime=0x1d6076d)) [0267.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21609dd0, dwHighDateTime=0x1d6076d)) [0267.664] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0267.667] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.667] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.667] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.668] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.668] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.669] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.669] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.669] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.670] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.670] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0267.671] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.671] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.671] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.672] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.672] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.672] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.673] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.673] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.674] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.674] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.674] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.675] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.675] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.675] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.676] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.676] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.676] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.676] CloseHandle (hObject=0x1564) returned 1 [0267.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21609dd0, dwHighDateTime=0x1d6076d)) [0267.677] GetSystemMetrics (nIndex=0) returned 1440 [0267.677] GetSystemMetrics (nIndex=1) returned 900 [0267.677] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0267.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x21609dd0, dwHighDateTime=0x1d6076d)) [0267.677] ReleaseMutex (hMutex=0x158) returned 1 [0267.677] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0267.677] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0267.677] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0267.677] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0267.677] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0267.679] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.679] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.679] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.680] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.680] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.680] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.681] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.681] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.682] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.682] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0267.682] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.683] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.683] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.684] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.684] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.684] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.684] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.685] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.685] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.685] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.686] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.686] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.686] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.686] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.687] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.687] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.687] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.688] CloseHandle (hObject=0x1564) returned 1 [0267.688] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0267.688] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0267.688] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0267.688] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0267.688] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0267.688] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0267.688] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0267.688] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0267.688] GetForegroundWindow () returned 0x400fa [0267.688] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0267.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2162ff30, dwHighDateTime=0x1d6076d)) [0267.688] Sleep (dwMilliseconds=0x96) [0267.836] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x217accf0, dwHighDateTime=0x1d6076d)) [0267.836] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x217accf0, dwHighDateTime=0x1d6076d)) [0267.836] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x217accf0, dwHighDateTime=0x1d6076d)) [0267.836] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0267.838] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.838] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.839] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.839] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.839] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.840] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.840] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.841] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.841] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.841] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0267.842] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.842] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.843] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.843] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.843] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.844] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.844] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.844] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.845] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.845] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.846] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.846] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.846] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.847] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.847] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.848] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.848] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.848] CloseHandle (hObject=0x1564) returned 1 [0267.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x217accf0, dwHighDateTime=0x1d6076d)) [0267.849] GetSystemMetrics (nIndex=0) returned 1440 [0267.849] GetSystemMetrics (nIndex=1) returned 900 [0267.849] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0267.849] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x217accf0, dwHighDateTime=0x1d6076d)) [0267.849] ReleaseMutex (hMutex=0x158) returned 1 [0267.849] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0267.849] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0267.849] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0267.849] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0267.849] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0267.851] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.852] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.852] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.853] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.853] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.853] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.854] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.854] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.854] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.855] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0267.855] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.855] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.856] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.856] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.857] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.857] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.857] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.858] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.858] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.859] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.859] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0267.860] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.860] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0267.860] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.861] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0267.861] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0267.862] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0267.862] CloseHandle (hObject=0x1564) returned 1 [0267.862] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0267.862] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0267.862] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0267.862] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0267.862] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0267.862] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0267.862] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0267.862] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0267.862] GetForegroundWindow () returned 0x0 [0267.863] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x217d2e50, dwHighDateTime=0x1d6076d)) [0267.863] Sleep (dwMilliseconds=0x96) [0268.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2194fc10, dwHighDateTime=0x1d6076d)) [0268.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2194fc10, dwHighDateTime=0x1d6076d)) [0268.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2194fc10, dwHighDateTime=0x1d6076d)) [0268.007] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.009] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.009] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.010] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.010] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.010] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.011] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.011] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.011] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.011] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.012] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.012] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.012] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.013] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.013] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.013] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.014] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.014] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.014] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.014] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.015] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.015] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.015] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.016] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.016] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.016] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.017] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.017] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.017] CloseHandle (hObject=0x1564) returned 1 [0268.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2194fc10, dwHighDateTime=0x1d6076d)) [0268.017] GetSystemMetrics (nIndex=0) returned 1440 [0268.017] GetSystemMetrics (nIndex=1) returned 900 [0268.017] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0268.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x2194fc10, dwHighDateTime=0x1d6076d)) [0268.017] ReleaseMutex (hMutex=0x158) returned 1 [0268.017] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0268.017] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0268.017] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0268.017] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0268.018] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.019] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.020] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.020] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.020] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.021] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.021] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.021] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.021] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.022] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.022] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.022] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.023] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.023] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.024] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.024] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.024] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.025] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.025] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.025] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.025] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.026] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.026] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.026] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.027] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.027] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.027] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.028] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.028] CloseHandle (hObject=0x1564) returned 1 [0268.028] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0268.028] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0268.028] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0268.028] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0268.028] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0268.029] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0268.029] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0268.029] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0268.029] GetForegroundWindow () returned 0x400fa [0268.029] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0268.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21975d70, dwHighDateTime=0x1d6076d)) [0268.029] Sleep (dwMilliseconds=0x96) [0268.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21af2b30, dwHighDateTime=0x1d6076d)) [0268.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21af2b30, dwHighDateTime=0x1d6076d)) [0268.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21af2b30, dwHighDateTime=0x1d6076d)) [0268.179] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.182] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.182] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.182] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.183] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.183] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.183] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.184] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.184] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.184] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.185] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.185] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.186] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.186] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.186] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.187] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.187] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.187] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.188] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.188] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.188] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.189] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.189] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.190] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.190] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.190] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.194] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.194] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.195] CloseHandle (hObject=0x1564) returned 1 [0268.195] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21b18c90, dwHighDateTime=0x1d6076d)) [0268.195] GetSystemMetrics (nIndex=0) returned 1440 [0268.195] GetSystemMetrics (nIndex=1) returned 900 [0268.195] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0268.195] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x21b18c90, dwHighDateTime=0x1d6076d)) [0268.195] ReleaseMutex (hMutex=0x158) returned 1 [0268.195] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0268.195] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0268.195] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0268.195] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0268.195] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.198] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.198] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.199] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.199] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.199] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.200] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.200] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.201] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.201] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.201] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.202] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.202] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.202] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.203] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.203] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.203] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.204] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.204] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.205] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.205] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.205] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.206] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.206] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.206] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.207] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.207] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.208] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.208] CloseHandle (hObject=0x1564) returned 1 [0268.208] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0268.208] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0268.208] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0268.208] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0268.208] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0268.208] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0268.208] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0268.208] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0268.208] GetForegroundWindow () returned 0x400fa [0268.208] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0268.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21b18c90, dwHighDateTime=0x1d6076d)) [0268.209] Sleep (dwMilliseconds=0x96) [0268.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21c95a50, dwHighDateTime=0x1d6076d)) [0268.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21c95a50, dwHighDateTime=0x1d6076d)) [0268.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21c95a50, dwHighDateTime=0x1d6076d)) [0268.350] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.353] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.353] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.353] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.354] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.354] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.354] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.355] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.355] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.356] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.356] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.356] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.357] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.357] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.357] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.358] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.358] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.359] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.359] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.359] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.360] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.360] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.360] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.361] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.361] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.362] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.362] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.362] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.363] CloseHandle (hObject=0x1564) returned 1 [0268.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21c95a50, dwHighDateTime=0x1d6076d)) [0268.363] GetSystemMetrics (nIndex=0) returned 1440 [0268.363] GetSystemMetrics (nIndex=1) returned 900 [0268.363] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0268.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x21c95a50, dwHighDateTime=0x1d6076d)) [0268.363] ReleaseMutex (hMutex=0x158) returned 1 [0268.363] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0268.363] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0268.363] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0268.363] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0268.363] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.365] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.366] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.366] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.367] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.367] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.368] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.368] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.368] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.369] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.369] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.369] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.370] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.370] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.371] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.371] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.371] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.372] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.372] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.372] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.373] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.373] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.374] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.374] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.374] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.375] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.375] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.375] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.376] CloseHandle (hObject=0x1564) returned 1 [0268.376] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0268.376] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0268.376] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0268.376] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0268.376] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0268.376] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0268.376] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0268.376] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0268.376] GetForegroundWindow () returned 0x400fa [0268.376] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0268.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21cbbbb0, dwHighDateTime=0x1d6076d)) [0268.376] Sleep (dwMilliseconds=0x96) [0268.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21e38970, dwHighDateTime=0x1d6076d)) [0268.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21e38970, dwHighDateTime=0x1d6076d)) [0268.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21e38970, dwHighDateTime=0x1d6076d)) [0268.522] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.525] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.525] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.526] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.526] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.527] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.527] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.527] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.528] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.528] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.529] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.529] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.529] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.530] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.530] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.531] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.531] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.531] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.532] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.532] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.533] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.533] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.533] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.534] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.534] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.535] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.535] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.535] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.536] CloseHandle (hObject=0x1564) returned 1 [0268.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21e38970, dwHighDateTime=0x1d6076d)) [0268.536] GetSystemMetrics (nIndex=0) returned 1440 [0268.536] GetSystemMetrics (nIndex=1) returned 900 [0268.536] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0268.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x21e38970, dwHighDateTime=0x1d6076d)) [0268.536] ReleaseMutex (hMutex=0x158) returned 1 [0268.536] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0268.536] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0268.536] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0268.536] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0268.536] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.538] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.539] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.539] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.540] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.540] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.541] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.541] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.541] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.542] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.542] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.543] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.543] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.543] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.544] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.544] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.545] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.545] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.545] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.546] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.546] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.546] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.547] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.547] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.548] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.548] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.549] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.549] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.549] CloseHandle (hObject=0x1564) returned 1 [0268.549] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0268.550] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0268.550] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0268.550] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0268.550] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0268.550] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0268.550] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0268.550] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0268.550] GetForegroundWindow () returned 0x400fa [0268.550] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0268.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21e5ead0, dwHighDateTime=0x1d6076d)) [0268.550] Sleep (dwMilliseconds=0x96) [0268.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21fdb890, dwHighDateTime=0x1d6076d)) [0268.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21fdb890, dwHighDateTime=0x1d6076d)) [0268.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21fdb890, dwHighDateTime=0x1d6076d)) [0268.694] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.696] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.696] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.697] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.697] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.697] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.698] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.698] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.699] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.699] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.699] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.700] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.700] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.701] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.701] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.701] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.702] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.702] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.703] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.703] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.703] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.704] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.704] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.704] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.705] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.705] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.706] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.706] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.707] CloseHandle (hObject=0x1564) returned 1 [0268.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x21fdb890, dwHighDateTime=0x1d6076d)) [0268.708] GetSystemMetrics (nIndex=0) returned 1440 [0268.708] GetSystemMetrics (nIndex=1) returned 900 [0268.708] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0268.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x21fdb890, dwHighDateTime=0x1d6076d)) [0268.708] ReleaseMutex (hMutex=0x158) returned 1 [0268.708] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0268.708] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0268.708] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0268.708] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0268.708] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.711] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.711] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.711] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.712] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.712] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.713] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.713] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.713] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.714] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.714] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.715] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.715] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.715] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.716] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.716] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.716] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.717] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.717] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.718] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.718] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.718] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.719] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.719] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.719] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.720] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.720] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.721] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.721] CloseHandle (hObject=0x1564) returned 1 [0268.721] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0268.721] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0268.721] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0268.721] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0268.721] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0268.721] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0268.721] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0268.721] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0268.722] GetForegroundWindow () returned 0x0 [0268.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x220019f0, dwHighDateTime=0x1d6076d)) [0268.722] Sleep (dwMilliseconds=0x96) [0268.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2217e7b0, dwHighDateTime=0x1d6076d)) [0268.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2217e7b0, dwHighDateTime=0x1d6076d)) [0268.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2217e7b0, dwHighDateTime=0x1d6076d)) [0268.866] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.868] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.868] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.869] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.869] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.869] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.870] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.870] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.871] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.871] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.871] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.872] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.872] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.873] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.873] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.873] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.874] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.874] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.874] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.875] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.875] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.876] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.876] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.876] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.877] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.877] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.878] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.878] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.878] CloseHandle (hObject=0x1564) returned 1 [0268.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2217e7b0, dwHighDateTime=0x1d6076d)) [0268.878] GetSystemMetrics (nIndex=0) returned 1440 [0268.879] GetSystemMetrics (nIndex=1) returned 900 [0268.879] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0268.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x2217e7b0, dwHighDateTime=0x1d6076d)) [0268.879] ReleaseMutex (hMutex=0x158) returned 1 [0268.879] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0268.879] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0268.879] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0268.879] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0268.879] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0268.881] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.881] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.882] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.882] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.882] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.883] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.883] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.884] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.884] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.884] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0268.885] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.885] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.886] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.886] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.886] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.887] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.887] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.888] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.888] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.888] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.889] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0268.889] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.889] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0268.890] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.890] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0268.890] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0268.891] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0268.891] CloseHandle (hObject=0x1564) returned 1 [0268.891] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0268.891] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0268.891] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0268.891] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0268.891] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0268.892] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0268.892] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0268.892] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0268.892] GetForegroundWindow () returned 0x400fa [0268.892] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0268.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x221a4910, dwHighDateTime=0x1d6076d)) [0268.892] Sleep (dwMilliseconds=0x96) [0269.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x223216d0, dwHighDateTime=0x1d6076d)) [0269.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x223216d0, dwHighDateTime=0x1d6076d)) [0269.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x223216d0, dwHighDateTime=0x1d6076d)) [0269.037] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.039] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.040] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.040] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.041] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.041] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.041] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.042] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.042] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.042] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.043] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.043] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.044] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.044] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.044] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.045] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.045] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.045] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.046] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.046] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.047] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.047] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.047] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.048] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.048] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.048] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.049] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.049] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.050] CloseHandle (hObject=0x1564) returned 1 [0269.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x223216d0, dwHighDateTime=0x1d6076d)) [0269.050] GetSystemMetrics (nIndex=0) returned 1440 [0269.050] GetSystemMetrics (nIndex=1) returned 900 [0269.050] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0269.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x223216d0, dwHighDateTime=0x1d6076d)) [0269.050] ReleaseMutex (hMutex=0x158) returned 1 [0269.050] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0269.050] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0269.050] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0269.050] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0269.050] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.052] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.052] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.053] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.053] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.053] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.054] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.054] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.055] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.055] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.055] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.056] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.056] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.056] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.057] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.057] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.058] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.058] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.058] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.059] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.059] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.059] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.060] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.060] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.061] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.061] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.061] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.062] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.062] CloseHandle (hObject=0x1564) returned 1 [0269.062] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0269.062] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0269.062] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0269.062] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0269.062] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0269.062] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0269.062] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0269.063] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0269.063] GetForegroundWindow () returned 0x400fa [0269.063] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0269.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22347830, dwHighDateTime=0x1d6076d)) [0269.063] Sleep (dwMilliseconds=0x96) [0269.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x224c45f0, dwHighDateTime=0x1d6076d)) [0269.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x224c45f0, dwHighDateTime=0x1d6076d)) [0269.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x224c45f0, dwHighDateTime=0x1d6076d)) [0269.208] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.210] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.211] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.211] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.211] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.212] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.212] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.212] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.212] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.213] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.213] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.213] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.214] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.214] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.214] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.214] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.215] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.215] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.215] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.216] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.216] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.216] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.217] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.217] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.217] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.217] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.218] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.218] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.218] CloseHandle (hObject=0x1564) returned 1 [0269.218] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x224c45f0, dwHighDateTime=0x1d6076d)) [0269.218] GetSystemMetrics (nIndex=0) returned 1440 [0269.218] GetSystemMetrics (nIndex=1) returned 900 [0269.218] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0269.218] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x224c45f0, dwHighDateTime=0x1d6076d)) [0269.219] ReleaseMutex (hMutex=0x158) returned 1 [0269.219] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0269.219] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0269.219] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0269.219] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0269.219] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.220] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.221] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.221] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.221] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.222] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.222] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.222] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.223] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.223] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.223] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.223] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.224] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.225] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.225] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.225] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.225] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.226] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.226] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.226] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.227] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.227] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.227] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.228] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.228] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.228] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.229] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.229] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.229] CloseHandle (hObject=0x1564) returned 1 [0269.229] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0269.229] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0269.229] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0269.229] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0269.229] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0269.229] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0269.230] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0269.230] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0269.230] GetForegroundWindow () returned 0x400fa [0269.230] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0269.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x224ea750, dwHighDateTime=0x1d6076d)) [0269.230] Sleep (dwMilliseconds=0x96) [0269.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22667510, dwHighDateTime=0x1d6076d)) [0269.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22667510, dwHighDateTime=0x1d6076d)) [0269.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22667510, dwHighDateTime=0x1d6076d)) [0269.386] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.388] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.388] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.389] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.389] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.389] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.390] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.390] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.390] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.391] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.391] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.392] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.392] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.392] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.393] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.393] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.394] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.394] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.395] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.395] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.396] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.397] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.397] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.398] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.399] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.399] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.400] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.400] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.400] CloseHandle (hObject=0x1564) returned 1 [0269.400] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2268d670, dwHighDateTime=0x1d6076d)) [0269.400] GetSystemMetrics (nIndex=0) returned 1440 [0269.400] GetSystemMetrics (nIndex=1) returned 900 [0269.400] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0269.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x2268d670, dwHighDateTime=0x1d6076d)) [0269.401] ReleaseMutex (hMutex=0x158) returned 1 [0269.401] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0269.401] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0269.401] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0269.401] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0269.401] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.403] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.404] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.404] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.404] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.405] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.405] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.406] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.406] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.406] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.407] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.407] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.408] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.408] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.408] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.409] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.409] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.410] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.410] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.410] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.411] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.412] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.412] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.413] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.413] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.413] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.414] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.414] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.414] CloseHandle (hObject=0x1564) returned 1 [0269.415] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0269.415] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0269.415] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0269.415] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0269.415] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0269.415] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0269.415] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0269.415] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0269.415] GetForegroundWindow () returned 0x400fa [0269.415] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0269.415] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x226b37d0, dwHighDateTime=0x1d6076d)) [0269.415] Sleep (dwMilliseconds=0x96) [0269.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22830590, dwHighDateTime=0x1d6076d)) [0269.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22830590, dwHighDateTime=0x1d6076d)) [0269.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22830590, dwHighDateTime=0x1d6076d)) [0269.568] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.570] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.570] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.571] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.571] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.571] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.572] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.572] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.573] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.573] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.573] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.574] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.574] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.575] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.575] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.575] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.576] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.576] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.577] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.577] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.577] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.578] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.578] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.579] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.579] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.579] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.580] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.580] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.580] CloseHandle (hObject=0x1564) returned 1 [0269.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22830590, dwHighDateTime=0x1d6076d)) [0269.581] GetSystemMetrics (nIndex=0) returned 1440 [0269.581] GetSystemMetrics (nIndex=1) returned 900 [0269.581] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0269.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x22830590, dwHighDateTime=0x1d6076d)) [0269.581] ReleaseMutex (hMutex=0x158) returned 1 [0269.581] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0269.581] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0269.581] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0269.581] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0269.581] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.583] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.584] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.584] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.584] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.585] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.585] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.586] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.586] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.586] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.587] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.587] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.588] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.588] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.588] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.589] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.589] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.590] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.590] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.590] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.591] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.591] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.592] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.592] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.592] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.593] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.593] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.594] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.594] CloseHandle (hObject=0x1564) returned 1 [0269.594] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0269.594] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0269.594] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0269.594] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0269.594] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0269.594] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0269.594] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0269.594] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0269.594] GetForegroundWindow () returned 0x0 [0269.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x228566f0, dwHighDateTime=0x1d6076d)) [0269.595] Sleep (dwMilliseconds=0x96) [0269.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x229d34b0, dwHighDateTime=0x1d6076d)) [0269.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x229d34b0, dwHighDateTime=0x1d6076d)) [0269.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x229d34b0, dwHighDateTime=0x1d6076d)) [0269.739] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.740] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.741] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.741] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.741] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.742] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.742] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.742] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.743] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.743] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.743] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.743] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.744] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.744] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.744] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.745] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.745] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.745] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.746] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.746] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.746] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.746] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.747] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.747] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.747] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.748] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.748] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.748] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.748] CloseHandle (hObject=0x1564) returned 1 [0269.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x229d34b0, dwHighDateTime=0x1d6076d)) [0269.749] GetSystemMetrics (nIndex=0) returned 1440 [0269.749] GetSystemMetrics (nIndex=1) returned 900 [0269.749] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0269.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x229d34b0, dwHighDateTime=0x1d6076d)) [0269.749] ReleaseMutex (hMutex=0x158) returned 1 [0269.749] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0269.749] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0269.749] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0269.749] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0269.749] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.750] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.751] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.751] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.751] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.752] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.752] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.753] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.753] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.753] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.754] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.754] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.755] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.755] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.755] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.755] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.756] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.756] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.756] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.757] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.757] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.757] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.758] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.758] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.758] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.758] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.759] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.759] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.759] CloseHandle (hObject=0x1564) returned 1 [0269.759] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0269.760] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0269.760] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0269.760] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0269.760] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0269.760] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0269.760] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0269.760] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0269.760] GetForegroundWindow () returned 0x400fa [0269.760] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0269.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x229f9610, dwHighDateTime=0x1d6076d)) [0269.760] Sleep (dwMilliseconds=0x96) [0269.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22b763d0, dwHighDateTime=0x1d6076d)) [0269.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22b763d0, dwHighDateTime=0x1d6076d)) [0269.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22b763d0, dwHighDateTime=0x1d6076d)) [0269.911] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.912] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.913] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.913] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.913] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.914] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.914] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.914] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.914] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.915] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.915] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.915] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.916] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.916] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.916] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.917] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.917] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.917] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.917] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.918] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.918] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.918] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.919] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.919] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.919] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.919] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.920] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.920] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.920] CloseHandle (hObject=0x1564) returned 1 [0269.920] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22b763d0, dwHighDateTime=0x1d6076d)) [0269.920] GetSystemMetrics (nIndex=0) returned 1440 [0269.920] GetSystemMetrics (nIndex=1) returned 900 [0269.920] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0269.920] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x22b763d0, dwHighDateTime=0x1d6076d)) [0269.921] ReleaseMutex (hMutex=0x158) returned 1 [0269.921] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0269.921] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0269.921] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0269.921] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0269.921] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0269.922] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.923] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0269.923] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0269.923] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.924] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0269.924] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0269.924] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0269.924] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0269.925] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0269.925] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0269.925] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.926] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.926] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.926] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.927] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.927] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.927] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.928] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0269.928] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0269.928] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.928] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0269.929] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0269.929] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0269.929] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0269.930] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0269.930] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0269.930] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0269.930] CloseHandle (hObject=0x1564) returned 1 [0269.931] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0269.931] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0269.931] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0269.931] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0269.931] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0269.931] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0269.931] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0269.931] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0269.931] GetForegroundWindow () returned 0x400fa [0269.931] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0269.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22b9c530, dwHighDateTime=0x1d6076d)) [0269.931] Sleep (dwMilliseconds=0x96) [0270.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22d192f0, dwHighDateTime=0x1d6076d)) [0270.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22d192f0, dwHighDateTime=0x1d6076d)) [0270.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22d192f0, dwHighDateTime=0x1d6076d)) [0270.082] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.084] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.085] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.085] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.085] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.086] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.086] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.086] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.087] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.087] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.088] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.088] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.088] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.089] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.089] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.089] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.090] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.090] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.091] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.091] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.091] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.092] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.092] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.092] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.093] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.093] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.093] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.094] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.094] CloseHandle (hObject=0x1564) returned 1 [0270.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22d192f0, dwHighDateTime=0x1d6076d)) [0270.094] GetSystemMetrics (nIndex=0) returned 1440 [0270.094] GetSystemMetrics (nIndex=1) returned 900 [0270.094] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0270.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x22d192f0, dwHighDateTime=0x1d6076d)) [0270.095] ReleaseMutex (hMutex=0x158) returned 1 [0270.095] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0270.095] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0270.095] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0270.095] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0270.095] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.097] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.097] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.098] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.098] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.099] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.099] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.100] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.100] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.100] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.101] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.101] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.101] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.102] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.102] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.103] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.104] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.104] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.104] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.105] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.105] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.105] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.106] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.106] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.107] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.107] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.107] CloseHandle (hObject=0x1564) returned 1 [0270.107] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0270.107] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0270.108] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0270.108] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0270.108] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0270.108] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0270.108] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0270.108] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0270.108] GetForegroundWindow () returned 0x400fa [0270.108] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0270.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22d3f450, dwHighDateTime=0x1d6076d)) [0270.108] Sleep (dwMilliseconds=0x96) [0270.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22ebc210, dwHighDateTime=0x1d6076d)) [0270.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22ebc210, dwHighDateTime=0x1d6076d)) [0270.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22ebc210, dwHighDateTime=0x1d6076d)) [0270.254] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.256] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.256] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.257] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.257] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.257] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.258] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.258] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.259] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.259] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.259] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.260] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.260] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.261] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.261] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.262] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.262] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.262] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.263] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.263] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.263] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.264] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.264] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.265] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.265] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.265] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.266] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.266] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.267] CloseHandle (hObject=0x1564) returned 1 [0270.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22ebc210, dwHighDateTime=0x1d6076d)) [0270.267] GetSystemMetrics (nIndex=0) returned 1440 [0270.267] GetSystemMetrics (nIndex=1) returned 900 [0270.267] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0270.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x22ebc210, dwHighDateTime=0x1d6076d)) [0270.267] ReleaseMutex (hMutex=0x158) returned 1 [0270.267] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0270.267] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0270.267] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0270.267] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0270.267] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.269] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.270] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.270] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.270] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.271] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.271] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.272] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.272] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.272] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.273] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.273] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.273] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.274] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.274] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.275] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.275] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.275] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.276] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.276] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.277] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.277] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.277] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.278] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.278] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.279] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.279] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.279] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.280] CloseHandle (hObject=0x1564) returned 1 [0270.280] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0270.280] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0270.280] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0270.280] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0270.280] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0270.280] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0270.280] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0270.280] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0270.280] GetForegroundWindow () returned 0x400fa [0270.280] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0270.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x22ee2370, dwHighDateTime=0x1d6076d)) [0270.280] Sleep (dwMilliseconds=0x96) [0270.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2305f130, dwHighDateTime=0x1d6076d)) [0270.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2305f130, dwHighDateTime=0x1d6076d)) [0270.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2305f130, dwHighDateTime=0x1d6076d)) [0270.427] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.429] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.429] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.429] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.430] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.430] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.430] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.431] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.431] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.431] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.432] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.432] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.432] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.432] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.433] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.433] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.433] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.434] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.434] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.434] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.435] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.435] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.435] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.436] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.436] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.437] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.437] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.437] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.438] CloseHandle (hObject=0x1564) returned 1 [0270.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2305f130, dwHighDateTime=0x1d6076d)) [0270.438] GetSystemMetrics (nIndex=0) returned 1440 [0270.438] GetSystemMetrics (nIndex=1) returned 900 [0270.438] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0270.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x2305f130, dwHighDateTime=0x1d6076d)) [0270.438] ReleaseMutex (hMutex=0x158) returned 1 [0270.438] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0270.438] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0270.438] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0270.438] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0270.438] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.440] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.441] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.441] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.442] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.442] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.442] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.442] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.443] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.443] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.443] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.444] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.444] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.445] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.445] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.445] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.446] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.446] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.446] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.447] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.447] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.447] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.448] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.448] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.448] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.449] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.449] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.449] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.449] CloseHandle (hObject=0x1564) returned 1 [0270.450] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0270.450] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0270.450] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0270.450] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0270.450] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0270.450] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0270.450] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0270.450] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0270.450] GetForegroundWindow () returned 0x0 [0270.450] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23085290, dwHighDateTime=0x1d6076d)) [0270.450] Sleep (dwMilliseconds=0x96) [0270.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23202050, dwHighDateTime=0x1d6076d)) [0270.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23202050, dwHighDateTime=0x1d6076d)) [0270.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23202050, dwHighDateTime=0x1d6076d)) [0270.597] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.600] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.600] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.601] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.601] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.602] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.602] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.602] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.603] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.603] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.604] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.604] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.605] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.605] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.605] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.606] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.606] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.607] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.607] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.608] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.608] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.609] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.609] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.609] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.610] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.610] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.611] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.611] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.612] CloseHandle (hObject=0x1564) returned 1 [0270.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23202050, dwHighDateTime=0x1d6076d)) [0270.612] GetSystemMetrics (nIndex=0) returned 1440 [0270.612] GetSystemMetrics (nIndex=1) returned 900 [0270.612] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0270.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x23202050, dwHighDateTime=0x1d6076d)) [0270.612] ReleaseMutex (hMutex=0x158) returned 1 [0270.612] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0270.612] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0270.612] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0270.612] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0270.612] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.614] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.615] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.615] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.616] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.616] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.617] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.617] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.618] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.618] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.618] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.619] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.619] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.620] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.620] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.621] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.621] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.621] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.622] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.622] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.623] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.623] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.624] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.624] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.625] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.625] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.625] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.626] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.626] CloseHandle (hObject=0x1564) returned 1 [0270.626] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0270.626] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0270.626] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0270.626] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0270.626] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0270.627] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0270.627] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0270.627] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0270.627] GetForegroundWindow () returned 0x400fa [0270.627] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0270.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x232281b0, dwHighDateTime=0x1d6076d)) [0270.627] Sleep (dwMilliseconds=0x96) [0270.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x233a4f70, dwHighDateTime=0x1d6076d)) [0270.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x233a4f70, dwHighDateTime=0x1d6076d)) [0270.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x233a4f70, dwHighDateTime=0x1d6076d)) [0270.768] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.770] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.771] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.771] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.771] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.772] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.772] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.772] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.772] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.773] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.773] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.773] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.774] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.774] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.774] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.775] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.775] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.775] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.775] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.776] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.776] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.776] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.777] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.777] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.777] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.777] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.778] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.778] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.778] CloseHandle (hObject=0x1564) returned 1 [0270.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x233a4f70, dwHighDateTime=0x1d6076d)) [0270.778] GetSystemMetrics (nIndex=0) returned 1440 [0270.778] GetSystemMetrics (nIndex=1) returned 900 [0270.779] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0270.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x233a4f70, dwHighDateTime=0x1d6076d)) [0270.779] ReleaseMutex (hMutex=0x158) returned 1 [0270.779] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0270.779] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0270.779] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0270.779] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0270.779] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.781] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.781] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.781] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.782] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.782] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.782] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.783] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.783] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.783] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.783] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.784] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.784] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.784] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.785] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.785] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.785] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.787] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.787] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.787] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.788] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.788] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.788] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.789] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.789] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.790] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.790] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.790] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.791] CloseHandle (hObject=0x1564) returned 1 [0270.791] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0270.791] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0270.791] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0270.791] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0270.791] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0270.791] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0270.792] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0270.792] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0270.792] GetForegroundWindow () returned 0x400fa [0270.792] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0270.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x233cb0d0, dwHighDateTime=0x1d6076d)) [0270.792] Sleep (dwMilliseconds=0x96) [0270.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23547e90, dwHighDateTime=0x1d6076d)) [0270.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23547e90, dwHighDateTime=0x1d6076d)) [0270.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23547e90, dwHighDateTime=0x1d6076d)) [0270.940] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.942] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.943] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.943] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.944] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.944] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.945] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.945] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.945] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.946] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.946] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.947] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.947] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.947] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.948] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.948] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.949] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.949] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.950] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.950] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.950] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.951] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.951] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.952] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.952] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.952] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.953] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.953] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.953] CloseHandle (hObject=0x1564) returned 1 [0270.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23547e90, dwHighDateTime=0x1d6076d)) [0270.954] GetSystemMetrics (nIndex=0) returned 1440 [0270.954] GetSystemMetrics (nIndex=1) returned 900 [0270.954] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0270.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x23547e90, dwHighDateTime=0x1d6076d)) [0270.954] ReleaseMutex (hMutex=0x158) returned 1 [0270.954] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0270.954] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0270.954] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0270.954] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0270.954] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0270.960] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.960] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.961] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.961] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.961] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.962] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.962] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.963] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.963] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.963] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0270.964] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.964] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.964] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.965] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.965] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.966] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0270.966] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.966] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.967] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.967] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.967] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0270.968] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.968] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0270.969] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.969] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0270.969] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0270.970] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0270.970] CloseHandle (hObject=0x1564) returned 1 [0270.970] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0270.970] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0270.970] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0270.970] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0270.970] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0270.970] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0270.970] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0270.970] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0270.971] GetForegroundWindow () returned 0x400fa [0270.971] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0270.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2356dff0, dwHighDateTime=0x1d6076d)) [0270.971] Sleep (dwMilliseconds=0x96) [0271.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x236eadb0, dwHighDateTime=0x1d6076d)) [0271.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x236eadb0, dwHighDateTime=0x1d6076d)) [0271.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x236eadb0, dwHighDateTime=0x1d6076d)) [0271.127] SendMessageA (hWnd=0x400fa, Msg=0x312, wParam=0x1, lParam=0x0) returned 0x0 [0271.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x236eadb0, dwHighDateTime=0x1d6076d)) [0271.128] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0271.130] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.130] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.130] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.131] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.131] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.131] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.132] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.132] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.132] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.132] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0271.133] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.133] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.133] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.134] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.134] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.134] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.135] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.135] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.135] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.136] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.136] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0271.136] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.137] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0271.137] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.137] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0271.138] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0271.138] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0271.138] CloseHandle (hObject=0x1564) returned 1 [0271.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x236eadb0, dwHighDateTime=0x1d6076d)) [0271.138] GetSystemMetrics (nIndex=0) returned 1440 [0271.138] GetSystemMetrics (nIndex=1) returned 900 [0271.138] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0271.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x236eadb0, dwHighDateTime=0x1d6076d)) [0271.138] ReleaseMutex (hMutex=0x158) returned 1 [0271.139] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0271.139] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0271.139] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0271.139] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0271.139] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0271.141] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.141] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.141] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.142] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.142] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.142] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.143] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.143] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.144] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.144] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0271.144] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.145] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.145] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.145] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.146] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.146] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.146] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.146] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.147] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.147] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.147] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0271.148] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.148] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0271.148] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.149] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0271.149] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0271.149] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0271.150] CloseHandle (hObject=0x1564) returned 1 [0271.150] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0271.150] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0271.150] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0271.150] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0271.150] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0271.150] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0271.150] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0271.150] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0271.150] GetForegroundWindow () returned 0x400fa [0271.150] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0271.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23710f10, dwHighDateTime=0x1d6076d)) [0271.150] Sleep (dwMilliseconds=0x96) [0271.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2388dcd0, dwHighDateTime=0x1d6076d)) [0271.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2388dcd0, dwHighDateTime=0x1d6076d)) [0271.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2388dcd0, dwHighDateTime=0x1d6076d)) [0271.299] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0271.301] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.302] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.302] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.303] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.303] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.303] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.304] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.304] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.305] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.305] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0271.305] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.306] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.306] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.307] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.307] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.307] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.308] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.308] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.308] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.309] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.309] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0271.310] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.310] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0271.310] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.311] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0271.311] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0271.311] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0271.312] CloseHandle (hObject=0x1564) returned 1 [0271.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2388dcd0, dwHighDateTime=0x1d6076d)) [0271.312] GetSystemMetrics (nIndex=0) returned 1440 [0271.312] GetSystemMetrics (nIndex=1) returned 900 [0271.312] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0271.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x2388dcd0, dwHighDateTime=0x1d6076d)) [0271.312] ReleaseMutex (hMutex=0x158) returned 1 [0271.312] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0271.312] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0271.312] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0271.312] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0271.312] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0271.314] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.315] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.315] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.315] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.316] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.316] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.317] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.317] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.317] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.318] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0271.318] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.318] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.319] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.319] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.320] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.320] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.320] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.321] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.321] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.321] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.322] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0271.322] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.323] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0271.323] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.323] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0271.324] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0271.324] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0271.324] CloseHandle (hObject=0x1564) returned 1 [0271.325] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0271.325] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0271.325] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0271.325] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0271.325] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0271.325] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0271.325] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0271.325] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0271.325] GetForegroundWindow () returned 0x0 [0271.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x238b3e30, dwHighDateTime=0x1d6076d)) [0271.325] Sleep (dwMilliseconds=0x96) [0271.470] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23a30bf0, dwHighDateTime=0x1d6076d)) [0271.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23a30bf0, dwHighDateTime=0x1d6076d)) [0271.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23a30bf0, dwHighDateTime=0x1d6076d)) [0271.471] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0271.476] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.477] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.477] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.478] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.478] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.478] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.479] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.479] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.479] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.480] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0271.480] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.481] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.481] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.481] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.482] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.482] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.482] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.483] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.483] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.483] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.484] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0271.484] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.484] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0271.485] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.485] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0271.486] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0271.487] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0271.487] CloseHandle (hObject=0x1564) returned 1 [0271.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23a56d50, dwHighDateTime=0x1d6076d)) [0271.487] GetSystemMetrics (nIndex=0) returned 1440 [0271.487] GetSystemMetrics (nIndex=1) returned 900 [0271.487] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0271.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x23a56d50, dwHighDateTime=0x1d6076d)) [0271.487] ReleaseMutex (hMutex=0x158) returned 1 [0271.487] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0271.487] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0271.488] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0271.488] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0271.488] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0271.490] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.490] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.490] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.491] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.491] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.491] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.492] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.492] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.493] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.493] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0271.493] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.494] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.494] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.494] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.495] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.495] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.495] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.496] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.498] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.499] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.499] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0271.499] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.500] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0271.500] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.501] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0271.501] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0271.501] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0271.502] CloseHandle (hObject=0x1564) returned 1 [0271.502] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0271.502] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0271.502] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0271.502] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0271.502] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0271.502] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0271.502] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0271.502] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0271.502] GetForegroundWindow () returned 0x400fa [0271.503] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0271.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23a7ceb0, dwHighDateTime=0x1d6076d)) [0271.503] Sleep (dwMilliseconds=0x96) [0271.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23bf9c70, dwHighDateTime=0x1d6076d)) [0271.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23bf9c70, dwHighDateTime=0x1d6076d)) [0271.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23bf9c70, dwHighDateTime=0x1d6076d)) [0271.658] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0271.660] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.660] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.660] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.661] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.661] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.661] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.661] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.662] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.662] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.662] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0271.663] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.663] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.663] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.664] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.664] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.664] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.665] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.665] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.665] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.666] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.666] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0271.666] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.667] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0271.667] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.667] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0271.668] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0271.668] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0271.668] CloseHandle (hObject=0x1564) returned 1 [0271.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23bf9c70, dwHighDateTime=0x1d6076d)) [0271.669] GetSystemMetrics (nIndex=0) returned 1440 [0271.669] GetSystemMetrics (nIndex=1) returned 900 [0271.669] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0271.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x23bf9c70, dwHighDateTime=0x1d6076d)) [0271.669] ReleaseMutex (hMutex=0x158) returned 1 [0271.669] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0271.669] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0271.669] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0271.669] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0271.669] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0271.671] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.671] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.672] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.672] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.672] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.673] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.674] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.674] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.675] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.675] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0271.675] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.676] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.676] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.676] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.677] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.677] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.677] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.677] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.678] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.678] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.678] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0271.679] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.679] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0271.679] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.679] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0271.680] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0271.680] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0271.680] CloseHandle (hObject=0x1564) returned 1 [0271.681] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0271.681] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0271.681] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0271.681] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0271.681] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0271.681] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0271.681] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0271.681] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0271.681] GetForegroundWindow () returned 0x400fa [0271.681] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0271.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23c1fdd0, dwHighDateTime=0x1d6076d)) [0271.681] Sleep (dwMilliseconds=0x96) [0271.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23d9cb90, dwHighDateTime=0x1d6076d)) [0271.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23d9cb90, dwHighDateTime=0x1d6076d)) [0271.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23d9cb90, dwHighDateTime=0x1d6076d)) [0271.830] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0271.832] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.832] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.833] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.833] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.833] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.834] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.834] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.834] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.835] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.835] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0271.836] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.836] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.836] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.837] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.837] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.837] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.838] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.838] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.839] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.839] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.839] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0271.840] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.840] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0271.840] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.841] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0271.841] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0271.841] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0271.842] CloseHandle (hObject=0x1564) returned 1 [0271.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23d9cb90, dwHighDateTime=0x1d6076d)) [0271.842] GetSystemMetrics (nIndex=0) returned 1440 [0271.842] GetSystemMetrics (nIndex=1) returned 900 [0271.842] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0271.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x23d9cb90, dwHighDateTime=0x1d6076d)) [0271.842] ReleaseMutex (hMutex=0x158) returned 1 [0271.842] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0271.842] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0271.842] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0271.842] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0271.842] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1564 [0271.844] Process32First (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.846] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.846] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.847] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.847] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.847] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.848] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.848] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.849] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.849] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0271.849] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.850] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.850] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.850] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.851] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.851] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.851] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.852] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.852] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.853] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.853] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0271.853] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.854] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0271.854] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.854] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0271.855] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0271.855] Process32Next (in: hSnapshot=0x1564, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0271.855] CloseHandle (hObject=0x1564) returned 1 [0271.855] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0271.856] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0271.856] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0271.856] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0271.856] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0271.856] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0271.856] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0271.856] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0271.856] GetForegroundWindow () returned 0x400fa [0271.856] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0271.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23dc2cf0, dwHighDateTime=0x1d6076d)) [0271.856] Sleep (dwMilliseconds=0x96) [0272.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23f3fab0, dwHighDateTime=0x1d6076d)) [0272.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23f3fab0, dwHighDateTime=0x1d6076d)) [0272.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23f3fab0, dwHighDateTime=0x1d6076d)) [0272.002] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.004] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.005] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.005] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.006] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.006] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.006] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.007] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.007] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.007] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.008] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.008] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.009] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.009] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.009] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.010] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.010] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.010] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.011] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.011] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.011] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.012] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.012] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.013] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.013] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.013] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.014] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.014] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.014] CloseHandle (hObject=0x1568) returned 1 [0272.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23f3fab0, dwHighDateTime=0x1d6076d)) [0272.015] GetSystemMetrics (nIndex=0) returned 1440 [0272.015] GetSystemMetrics (nIndex=1) returned 900 [0272.015] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0272.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x23f3fab0, dwHighDateTime=0x1d6076d)) [0272.015] ReleaseMutex (hMutex=0x158) returned 1 [0272.015] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0272.015] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0272.015] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0272.015] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0272.015] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.018] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.018] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.019] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.019] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.019] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.020] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.020] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.021] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.021] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.021] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.022] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.022] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.022] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.023] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.023] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.024] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.024] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.024] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.025] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.025] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.025] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.026] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.026] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.026] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.027] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.027] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.027] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.028] CloseHandle (hObject=0x1568) returned 1 [0272.028] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0272.028] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0272.028] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0272.028] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0272.028] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0272.028] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0272.028] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0272.028] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0272.028] GetForegroundWindow () returned 0x400fa [0272.028] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0272.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x23f65c10, dwHighDateTime=0x1d6076d)) [0272.028] Sleep (dwMilliseconds=0x96) [0272.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x240e29d0, dwHighDateTime=0x1d6076d)) [0272.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x240e29d0, dwHighDateTime=0x1d6076d)) [0272.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x240e29d0, dwHighDateTime=0x1d6076d)) [0272.175] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.177] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.178] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.178] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.178] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.179] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.179] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.179] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.180] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.180] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.180] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.181] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.181] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.181] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.182] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.182] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.183] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.183] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.183] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.184] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.184] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.184] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.185] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.185] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.185] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.186] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.186] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.187] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.187] CloseHandle (hObject=0x1568) returned 1 [0272.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x240e29d0, dwHighDateTime=0x1d6076d)) [0272.187] GetSystemMetrics (nIndex=0) returned 1440 [0272.187] GetSystemMetrics (nIndex=1) returned 900 [0272.187] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0272.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x240e29d0, dwHighDateTime=0x1d6076d)) [0272.187] ReleaseMutex (hMutex=0x158) returned 1 [0272.187] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0272.187] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0272.187] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0272.187] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0272.187] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.190] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.190] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.190] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.191] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.191] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.191] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.192] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.192] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.192] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.193] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.193] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.194] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.194] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.194] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.195] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.195] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.195] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.196] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.196] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.197] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.197] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.197] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.198] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.198] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.198] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.199] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.199] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.199] CloseHandle (hObject=0x1568) returned 1 [0272.200] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0272.200] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0272.200] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0272.200] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0272.200] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0272.200] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0272.200] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0272.200] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0272.200] GetForegroundWindow () returned 0x0 [0272.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24108b30, dwHighDateTime=0x1d6076d)) [0272.200] Sleep (dwMilliseconds=0x96) [0272.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x242858f0, dwHighDateTime=0x1d6076d)) [0272.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x242858f0, dwHighDateTime=0x1d6076d)) [0272.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x242858f0, dwHighDateTime=0x1d6076d)) [0272.344] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.346] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.346] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.346] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.347] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.347] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.347] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.347] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.348] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.348] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.348] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.349] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.349] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.349] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.349] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.350] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.350] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.350] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.351] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.351] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.351] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.352] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.352] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.352] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.352] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.353] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.353] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.353] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.354] CloseHandle (hObject=0x1568) returned 1 [0272.354] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x242858f0, dwHighDateTime=0x1d6076d)) [0272.354] GetSystemMetrics (nIndex=0) returned 1440 [0272.354] GetSystemMetrics (nIndex=1) returned 900 [0272.354] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0272.354] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x242858f0, dwHighDateTime=0x1d6076d)) [0272.354] ReleaseMutex (hMutex=0x158) returned 1 [0272.354] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0272.354] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0272.354] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0272.354] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0272.354] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.356] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.356] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.356] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.356] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.357] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.357] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.357] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.358] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.358] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.358] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.359] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.359] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.359] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.360] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.360] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.360] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.361] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.361] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.361] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.362] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.362] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.362] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.362] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.363] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.363] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.363] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.364] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.364] CloseHandle (hObject=0x1568) returned 1 [0272.364] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0272.364] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0272.364] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0272.364] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0272.364] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0272.364] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0272.364] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0272.364] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0272.364] GetForegroundWindow () returned 0x400fa [0272.364] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0272.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x242aba50, dwHighDateTime=0x1d6076d)) [0272.365] Sleep (dwMilliseconds=0x96) [0272.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24428810, dwHighDateTime=0x1d6076d)) [0272.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24428810, dwHighDateTime=0x1d6076d)) [0272.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24428810, dwHighDateTime=0x1d6076d)) [0272.516] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.518] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.519] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.519] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.519] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.520] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.520] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.521] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.521] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.521] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.522] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.522] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.523] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.523] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.523] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.524] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.524] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.525] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.527] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.528] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.528] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.528] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.529] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.529] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.529] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.530] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.530] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.531] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.531] CloseHandle (hObject=0x1568) returned 1 [0272.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2444e970, dwHighDateTime=0x1d6076d)) [0272.531] GetSystemMetrics (nIndex=0) returned 1440 [0272.531] GetSystemMetrics (nIndex=1) returned 900 [0272.531] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0272.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x2444e970, dwHighDateTime=0x1d6076d)) [0272.531] ReleaseMutex (hMutex=0x158) returned 1 [0272.531] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0272.531] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0272.532] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0272.532] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0272.532] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.534] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.534] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.535] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.535] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.535] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.536] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.536] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.537] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.537] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.537] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.538] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.538] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.539] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.539] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.539] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.540] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.540] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.541] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.541] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.541] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.542] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.542] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.542] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.543] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.543] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.544] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.544] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.544] CloseHandle (hObject=0x1568) returned 1 [0272.545] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0272.545] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0272.545] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0272.545] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0272.545] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0272.545] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0272.545] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0272.545] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0272.545] GetForegroundWindow () returned 0x400fa [0272.545] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0272.545] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2444e970, dwHighDateTime=0x1d6076d)) [0272.545] Sleep (dwMilliseconds=0x96) [0272.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x245cb730, dwHighDateTime=0x1d6076d)) [0272.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x245cb730, dwHighDateTime=0x1d6076d)) [0272.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x245cb730, dwHighDateTime=0x1d6076d)) [0272.687] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.690] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.690] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.690] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.691] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.691] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.692] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.692] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.693] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.693] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.693] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.694] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.694] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.694] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.695] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.695] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.696] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.696] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.696] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.697] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.697] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.698] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.698] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.698] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.699] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.699] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.700] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.700] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.700] CloseHandle (hObject=0x1568) returned 1 [0272.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x245cb730, dwHighDateTime=0x1d6076d)) [0272.701] GetSystemMetrics (nIndex=0) returned 1440 [0272.701] GetSystemMetrics (nIndex=1) returned 900 [0272.701] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0272.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x245cb730, dwHighDateTime=0x1d6076d)) [0272.701] ReleaseMutex (hMutex=0x158) returned 1 [0272.701] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0272.701] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0272.701] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0272.701] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0272.701] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.704] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.705] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.705] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.705] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.706] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.706] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.708] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.708] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.709] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.709] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.710] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.710] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.710] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.711] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.711] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.712] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.712] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.712] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.713] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.713] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.714] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.714] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.714] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.715] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.715] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.716] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.716] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.716] CloseHandle (hObject=0x1568) returned 1 [0272.716] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0272.716] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0272.716] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0272.717] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0272.717] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0272.717] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0272.717] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0272.717] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0272.717] GetForegroundWindow () returned 0x400fa [0272.717] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0272.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x245f1890, dwHighDateTime=0x1d6076d)) [0272.717] Sleep (dwMilliseconds=0x96) [0272.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2476e650, dwHighDateTime=0x1d6076d)) [0272.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2476e650, dwHighDateTime=0x1d6076d)) [0272.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2476e650, dwHighDateTime=0x1d6076d)) [0272.860] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.862] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.862] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.863] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.863] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.863] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.864] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.864] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.865] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.865] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.865] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.866] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.866] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.867] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.867] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.867] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.868] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.868] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.868] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.869] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.869] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.870] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.870] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.870] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.871] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.871] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.872] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.872] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.872] CloseHandle (hObject=0x1568) returned 1 [0272.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2476e650, dwHighDateTime=0x1d6076d)) [0272.872] GetSystemMetrics (nIndex=0) returned 1440 [0272.872] GetSystemMetrics (nIndex=1) returned 900 [0272.872] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0272.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x2476e650, dwHighDateTime=0x1d6076d)) [0272.872] ReleaseMutex (hMutex=0x158) returned 1 [0272.872] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0272.872] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0272.873] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0272.873] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0272.873] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0272.874] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.875] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.875] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.875] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.876] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.876] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.876] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.876] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.877] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.877] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0272.877] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.878] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.878] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.878] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.879] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.879] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.879] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.879] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.880] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.880] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.880] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0272.881] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.881] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0272.881] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.881] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0272.882] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0272.882] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0272.882] CloseHandle (hObject=0x1568) returned 1 [0272.882] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0272.882] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0272.882] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0272.882] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0272.882] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0272.882] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0272.883] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0272.883] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0272.883] GetForegroundWindow () returned 0x400fa [0272.883] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0272.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x247947b0, dwHighDateTime=0x1d6076d)) [0272.883] Sleep (dwMilliseconds=0x96) [0273.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24911570, dwHighDateTime=0x1d6076d)) [0273.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24911570, dwHighDateTime=0x1d6076d)) [0273.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24911570, dwHighDateTime=0x1d6076d)) [0273.031] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.033] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.033] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.034] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.034] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.034] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.035] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.035] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.035] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.036] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.036] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.037] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.037] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.037] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.038] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.038] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.039] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.039] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.039] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.040] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.040] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.040] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.041] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.041] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.042] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.042] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.042] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.043] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.043] CloseHandle (hObject=0x1568) returned 1 [0273.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24911570, dwHighDateTime=0x1d6076d)) [0273.043] GetSystemMetrics (nIndex=0) returned 1440 [0273.043] GetSystemMetrics (nIndex=1) returned 900 [0273.043] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0273.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x24911570, dwHighDateTime=0x1d6076d)) [0273.043] ReleaseMutex (hMutex=0x158) returned 1 [0273.043] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0273.043] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0273.044] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0273.044] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0273.044] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.046] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.046] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.047] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.047] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.048] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.048] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.048] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.049] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.049] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.049] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.050] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.050] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.050] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.051] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.051] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.051] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.052] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.052] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.052] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.053] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.053] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.054] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.054] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.054] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.055] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.055] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.055] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.056] CloseHandle (hObject=0x1568) returned 1 [0273.056] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0273.056] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0273.056] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0273.056] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0273.056] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0273.056] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0273.056] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0273.056] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0273.056] GetForegroundWindow () returned 0x0 [0273.056] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x249376d0, dwHighDateTime=0x1d6076d)) [0273.056] Sleep (dwMilliseconds=0x96) [0273.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24ab4490, dwHighDateTime=0x1d6076d)) [0273.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24ab4490, dwHighDateTime=0x1d6076d)) [0273.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24ab4490, dwHighDateTime=0x1d6076d)) [0273.202] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.204] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.205] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.205] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.206] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.206] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.206] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.207] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.207] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.207] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.208] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.208] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.209] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.209] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.209] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.210] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.210] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.210] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.211] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.211] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.212] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.212] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.212] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.213] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.213] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.213] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.214] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.214] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.215] CloseHandle (hObject=0x1568) returned 1 [0273.215] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24ab4490, dwHighDateTime=0x1d6076d)) [0273.215] GetSystemMetrics (nIndex=0) returned 1440 [0273.215] GetSystemMetrics (nIndex=1) returned 900 [0273.215] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0273.215] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x24ab4490, dwHighDateTime=0x1d6076d)) [0273.215] ReleaseMutex (hMutex=0x158) returned 1 [0273.215] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0273.215] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0273.215] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0273.215] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0273.215] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.217] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.218] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.218] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.218] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.219] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.219] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.219] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.220] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.220] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.220] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.221] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.221] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.222] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.222] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.222] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.223] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.223] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.223] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.224] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.224] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.224] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.225] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.225] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.225] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.226] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.226] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.226] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.226] CloseHandle (hObject=0x1568) returned 1 [0273.226] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0273.227] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0273.227] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0273.227] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0273.227] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0273.227] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0273.227] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0273.227] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0273.227] GetForegroundWindow () returned 0x400fa [0273.227] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0273.227] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24ada5f0, dwHighDateTime=0x1d6076d)) [0273.227] Sleep (dwMilliseconds=0x96) [0273.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24c573b0, dwHighDateTime=0x1d6076d)) [0273.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24c573b0, dwHighDateTime=0x1d6076d)) [0273.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24c573b0, dwHighDateTime=0x1d6076d)) [0273.374] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.376] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.376] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.376] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.377] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.377] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.377] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.378] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.378] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.378] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.379] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.379] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.379] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.379] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.380] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.380] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.380] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.381] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.381] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.381] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.382] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.382] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.382] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.382] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.383] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.383] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.383] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.384] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.384] CloseHandle (hObject=0x1568) returned 1 [0273.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24c573b0, dwHighDateTime=0x1d6076d)) [0273.384] GetSystemMetrics (nIndex=0) returned 1440 [0273.384] GetSystemMetrics (nIndex=1) returned 900 [0273.384] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0273.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x24c573b0, dwHighDateTime=0x1d6076d)) [0273.384] ReleaseMutex (hMutex=0x158) returned 1 [0273.384] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0273.384] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0273.384] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0273.384] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0273.384] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.386] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.386] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.387] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.387] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.387] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.388] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.388] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.388] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.389] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.389] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.390] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.390] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.390] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.391] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.391] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.392] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.392] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.392] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.392] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.393] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.393] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.393] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.394] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.394] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.394] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.395] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.396] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.396] CloseHandle (hObject=0x1568) returned 1 [0273.397] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0273.397] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0273.397] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0273.397] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0273.397] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0273.397] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0273.397] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0273.397] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0273.397] GetForegroundWindow () returned 0x400fa [0273.397] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0273.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24c7d510, dwHighDateTime=0x1d6076d)) [0273.398] Sleep (dwMilliseconds=0x96) [0273.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24dfa2d0, dwHighDateTime=0x1d6076d)) [0273.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24dfa2d0, dwHighDateTime=0x1d6076d)) [0273.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24dfa2d0, dwHighDateTime=0x1d6076d)) [0273.546] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.548] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.548] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.549] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.549] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.549] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.550] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.550] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.551] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.551] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.551] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.552] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.552] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.553] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.553] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.553] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.554] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.554] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.554] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.555] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.555] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.556] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.556] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.556] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.557] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.557] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.558] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.558] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.558] CloseHandle (hObject=0x1568) returned 1 [0273.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24dfa2d0, dwHighDateTime=0x1d6076d)) [0273.558] GetSystemMetrics (nIndex=0) returned 1440 [0273.558] GetSystemMetrics (nIndex=1) returned 900 [0273.558] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0273.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x24dfa2d0, dwHighDateTime=0x1d6076d)) [0273.559] ReleaseMutex (hMutex=0x158) returned 1 [0273.559] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0273.559] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0273.559] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0273.559] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0273.559] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.561] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.561] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.562] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.562] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.563] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.563] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.563] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.564] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.564] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.565] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.565] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.565] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.566] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.566] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.567] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.567] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.567] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.568] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.568] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.568] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.569] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.569] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.569] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.570] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.570] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.570] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.571] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.571] CloseHandle (hObject=0x1568) returned 1 [0273.571] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0273.571] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0273.571] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0273.571] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0273.571] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0273.571] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0273.571] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0273.571] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0273.571] GetForegroundWindow () returned 0x400fa [0273.571] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0273.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24e20430, dwHighDateTime=0x1d6076d)) [0273.571] Sleep (dwMilliseconds=0x96) [0273.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24f9d1f0, dwHighDateTime=0x1d6076d)) [0273.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24f9d1f0, dwHighDateTime=0x1d6076d)) [0273.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24f9d1f0, dwHighDateTime=0x1d6076d)) [0273.717] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.719] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.720] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.720] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.720] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.721] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.721] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.721] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.722] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.722] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.723] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.723] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.723] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.724] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.724] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.724] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.725] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.725] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.726] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.726] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.726] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.727] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.727] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.727] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.728] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.728] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.728] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.729] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.729] CloseHandle (hObject=0x1568) returned 1 [0273.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24f9d1f0, dwHighDateTime=0x1d6076d)) [0273.729] GetSystemMetrics (nIndex=0) returned 1440 [0273.729] GetSystemMetrics (nIndex=1) returned 900 [0273.729] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0273.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x24f9d1f0, dwHighDateTime=0x1d6076d)) [0273.729] ReleaseMutex (hMutex=0x158) returned 1 [0273.730] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0273.730] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0273.730] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0273.730] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0273.730] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.732] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.733] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.734] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.734] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.735] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.735] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.736] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.737] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.737] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.737] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.738] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.738] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.738] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.739] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.739] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.739] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.740] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.740] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.741] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.741] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.741] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.742] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.742] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.742] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.743] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.743] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.743] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.744] CloseHandle (hObject=0x1568) returned 1 [0273.744] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0273.744] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0273.744] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0273.744] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0273.744] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0273.744] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0273.744] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0273.744] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0273.744] GetForegroundWindow () returned 0x400fa [0273.744] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0273.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x24fc3350, dwHighDateTime=0x1d6076d)) [0273.745] Sleep (dwMilliseconds=0x96) [0273.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25140110, dwHighDateTime=0x1d6076d)) [0273.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25140110, dwHighDateTime=0x1d6076d)) [0273.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25140110, dwHighDateTime=0x1d6076d)) [0273.889] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.891] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.891] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.891] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.892] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.892] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.892] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.893] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.893] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.893] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.894] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.894] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.894] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.895] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.895] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.895] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.896] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.896] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.897] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.897] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.897] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.898] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.898] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.898] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.899] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.899] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.900] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.900] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.900] CloseHandle (hObject=0x1568) returned 1 [0273.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25140110, dwHighDateTime=0x1d6076d)) [0273.900] GetSystemMetrics (nIndex=0) returned 1440 [0273.900] GetSystemMetrics (nIndex=1) returned 900 [0273.900] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0273.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x25140110, dwHighDateTime=0x1d6076d)) [0273.901] ReleaseMutex (hMutex=0x158) returned 1 [0273.901] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0273.901] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0273.901] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0273.901] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0273.901] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0273.903] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.903] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.904] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.904] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.904] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.905] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.905] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.905] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.906] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.906] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0273.906] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.907] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.907] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.907] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.908] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.908] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.908] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.908] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.909] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.909] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.909] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0273.910] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.910] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0273.910] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.910] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0273.911] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0273.911] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0273.911] CloseHandle (hObject=0x1568) returned 1 [0273.911] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0273.912] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0273.912] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0273.912] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0273.912] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0273.912] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0273.912] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0273.912] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0273.912] GetForegroundWindow () returned 0x0 [0273.912] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25166270, dwHighDateTime=0x1d6076d)) [0273.912] Sleep (dwMilliseconds=0x96) [0274.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x252e3030, dwHighDateTime=0x1d6076d)) [0274.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x252e3030, dwHighDateTime=0x1d6076d)) [0274.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x252e3030, dwHighDateTime=0x1d6076d)) [0274.060] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0274.062] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.063] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.063] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.064] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.064] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.064] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.065] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.065] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.065] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.066] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.066] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.066] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.067] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.067] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.068] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.068] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.068] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.069] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.069] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.069] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.070] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.070] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.071] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.071] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.071] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.072] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.072] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.072] CloseHandle (hObject=0x1568) returned 1 [0274.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x252e3030, dwHighDateTime=0x1d6076d)) [0274.072] GetSystemMetrics (nIndex=0) returned 1440 [0274.072] GetSystemMetrics (nIndex=1) returned 900 [0274.072] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0274.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x252e3030, dwHighDateTime=0x1d6076d)) [0274.073] ReleaseMutex (hMutex=0x158) returned 1 [0274.073] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0274.073] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0274.073] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0274.073] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0274.073] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1568 [0274.075] Process32First (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.075] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.076] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.076] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.077] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.077] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.077] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.078] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.078] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.079] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.079] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.079] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.080] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.080] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.080] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.081] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.081] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.081] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.082] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.082] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.082] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.083] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.083] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.084] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.084] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.084] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.085] Process32Next (in: hSnapshot=0x1568, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.085] CloseHandle (hObject=0x1568) returned 1 [0274.085] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0274.085] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0274.085] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0274.085] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0274.085] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0274.085] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0274.085] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0274.086] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0274.086] GetForegroundWindow () returned 0x400fa [0274.086] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0274.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25309190, dwHighDateTime=0x1d6076d)) [0274.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fa90 | out: lpSystemTimeAsFileTime=0x8b8fa90*(dwLowDateTime=0x25309190, dwHighDateTime=0x1d6076d)) [0274.086] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0274.086] GetUserGeoID (GeoClass=0x10) returned 0xf4 [0274.086] ReleaseMutex (hMutex=0x158) returned 1 [0274.087] InvalidateRect (hWnd=0x400fa, lpRect=0x8b8fae8, bErase=0) returned 1 [0274.106] Sleep (dwMilliseconds=0x96) [0274.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x254ac0b0, dwHighDateTime=0x1d6076d)) [0274.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x254ac0b0, dwHighDateTime=0x1d6076d)) [0274.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x254ac0b0, dwHighDateTime=0x1d6076d)) [0274.248] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0274.249] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.250] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.250] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.250] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.251] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.251] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.251] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.251] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.252] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.252] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.252] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.253] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.253] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.253] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.254] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.254] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.254] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.255] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.255] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.255] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.256] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.256] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.256] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.257] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.257] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.257] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.257] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.258] CloseHandle (hObject=0x156c) returned 1 [0274.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x254ac0b0, dwHighDateTime=0x1d6076d)) [0274.258] GetSystemMetrics (nIndex=0) returned 1440 [0274.258] GetSystemMetrics (nIndex=1) returned 900 [0274.258] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0274.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x254ac0b0, dwHighDateTime=0x1d6076d)) [0274.258] ReleaseMutex (hMutex=0x158) returned 1 [0274.258] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0274.258] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0274.258] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0274.258] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0274.258] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0274.260] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.260] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.260] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.261] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.261] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.261] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.261] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.262] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.262] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.262] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.263] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.263] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.263] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.264] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.264] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.264] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.264] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.265] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.265] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.265] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.266] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.266] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.266] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.266] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.267] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.267] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.267] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.268] CloseHandle (hObject=0x156c) returned 1 [0274.268] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0274.268] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0274.268] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0274.268] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0274.268] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0274.268] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0274.268] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0274.268] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0274.268] GetForegroundWindow () returned 0x400fa [0274.268] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0274.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x254d2210, dwHighDateTime=0x1d6076d)) [0274.268] Sleep (dwMilliseconds=0x96) [0274.419] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2564efd0, dwHighDateTime=0x1d6076d)) [0274.419] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2564efd0, dwHighDateTime=0x1d6076d)) [0274.419] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2564efd0, dwHighDateTime=0x1d6076d)) [0274.419] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0274.421] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.421] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.421] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.422] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.422] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.422] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.422] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.423] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.423] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.423] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.424] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.424] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.424] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.425] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.425] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.425] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.426] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.426] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.426] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.426] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.427] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.427] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.427] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.428] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.428] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.428] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.428] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.429] CloseHandle (hObject=0x156c) returned 1 [0274.429] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x2564efd0, dwHighDateTime=0x1d6076d)) [0274.429] GetSystemMetrics (nIndex=0) returned 1440 [0274.429] GetSystemMetrics (nIndex=1) returned 900 [0274.429] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0274.429] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x2564efd0, dwHighDateTime=0x1d6076d)) [0274.429] ReleaseMutex (hMutex=0x158) returned 1 [0274.429] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0274.429] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0274.429] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0274.429] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0274.429] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0274.431] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.431] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.431] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.432] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.432] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.432] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.433] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.433] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.433] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.433] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.434] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.434] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.435] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.435] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.435] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.436] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.436] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.436] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.437] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.437] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.437] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.438] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.438] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.438] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.438] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.439] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.439] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.439] CloseHandle (hObject=0x156c) returned 1 [0274.439] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0274.440] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0274.440] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0274.440] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0274.440] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0274.440] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0274.440] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0274.440] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0274.440] GetForegroundWindow () returned 0x400fa [0274.440] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0274.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25675130, dwHighDateTime=0x1d6076d)) [0274.440] Sleep (dwMilliseconds=0x96) [0274.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x257f1ef0, dwHighDateTime=0x1d6076d)) [0274.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x257f1ef0, dwHighDateTime=0x1d6076d)) [0274.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x257f1ef0, dwHighDateTime=0x1d6076d)) [0274.591] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0274.593] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.594] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.594] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.595] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.595] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.595] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.596] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.596] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.597] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.597] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.597] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.598] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.598] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.598] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.599] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.599] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.600] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.600] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.600] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.601] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.601] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.602] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.602] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.603] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.603] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.603] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.604] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.604] CloseHandle (hObject=0x156c) returned 1 [0274.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x257f1ef0, dwHighDateTime=0x1d6076d)) [0274.604] GetSystemMetrics (nIndex=0) returned 1440 [0274.604] GetSystemMetrics (nIndex=1) returned 900 [0274.604] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0274.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x257f1ef0, dwHighDateTime=0x1d6076d)) [0274.605] ReleaseMutex (hMutex=0x158) returned 1 [0274.605] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0274.605] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0274.605] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0274.605] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0274.605] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0274.607] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.608] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.608] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.609] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.609] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.609] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.610] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.610] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.611] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.611] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.611] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.612] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.612] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.613] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.613] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.613] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.614] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.614] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.615] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.615] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.616] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.616] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.616] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.617] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.617] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.617] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.618] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.618] CloseHandle (hObject=0x156c) returned 1 [0274.618] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0274.618] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0274.618] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0274.618] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0274.618] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0274.618] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0274.618] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0274.618] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0274.618] GetForegroundWindow () returned 0x400fa [0274.618] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0274.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25818050, dwHighDateTime=0x1d6076d)) [0274.619] Sleep (dwMilliseconds=0x96) [0274.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25994e10, dwHighDateTime=0x1d6076d)) [0274.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25994e10, dwHighDateTime=0x1d6076d)) [0274.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25994e10, dwHighDateTime=0x1d6076d)) [0274.762] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0274.764] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.765] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.765] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.765] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.766] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.766] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.766] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.767] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.767] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.767] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.768] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.768] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.768] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.769] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.769] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.770] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.770] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.770] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.771] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.771] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.771] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.772] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.772] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.772] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.773] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.773] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.773] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.774] CloseHandle (hObject=0x156c) returned 1 [0274.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25994e10, dwHighDateTime=0x1d6076d)) [0274.774] GetSystemMetrics (nIndex=0) returned 1440 [0274.774] GetSystemMetrics (nIndex=1) returned 900 [0274.774] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0274.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x25994e10, dwHighDateTime=0x1d6076d)) [0274.774] ReleaseMutex (hMutex=0x158) returned 1 [0274.774] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0274.774] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0274.774] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0274.774] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0274.774] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0274.776] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.777] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.777] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.778] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.778] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.779] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.779] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.779] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.780] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.780] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.780] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.781] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.781] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.781] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.782] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.782] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.782] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.783] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.783] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.784] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.784] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.784] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.785] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.785] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.785] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.786] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.786] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.786] CloseHandle (hObject=0x156c) returned 1 [0274.786] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0274.786] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0274.786] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0274.787] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0274.787] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0274.787] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0274.787] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0274.787] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0274.787] GetForegroundWindow () returned 0x0 [0274.787] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x259baf70, dwHighDateTime=0x1d6076d)) [0274.787] Sleep (dwMilliseconds=0x96) [0274.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25b37d30, dwHighDateTime=0x1d6076d)) [0274.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25b37d30, dwHighDateTime=0x1d6076d)) [0274.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25b37d30, dwHighDateTime=0x1d6076d)) [0274.934] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0274.936] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.937] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.937] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.938] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.938] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.938] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.939] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.939] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.940] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.940] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.940] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.941] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.941] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.941] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.942] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.942] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.943] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.943] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.943] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.944] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.944] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.945] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.945] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.945] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.946] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.946] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.946] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.947] CloseHandle (hObject=0x156c) returned 1 [0274.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25b37d30, dwHighDateTime=0x1d6076d)) [0274.947] GetSystemMetrics (nIndex=0) returned 1440 [0274.947] GetSystemMetrics (nIndex=1) returned 900 [0274.947] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0274.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fae0 | out: lpSystemTimeAsFileTime=0x8b8fae0*(dwLowDateTime=0x25b37d30, dwHighDateTime=0x1d6076d)) [0274.947] ReleaseMutex (hMutex=0x158) returned 1 [0274.947] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0274.947] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0274.947] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0274.947] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0274.947] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0274.949] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.950] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.950] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.951] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.951] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.951] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.952] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.952] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.953] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.953] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0274.953] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.954] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.954] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.954] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.955] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.955] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.956] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.956] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.956] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.957] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.957] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0274.958] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.958] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0274.958] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.959] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0274.959] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0274.959] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0274.961] CloseHandle (hObject=0x156c) returned 1 [0274.961] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0274.961] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0274.961] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0274.961] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0274.961] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0274.961] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0274.961] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0274.962] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0274.962] GetForegroundWindow () returned 0x400fa [0274.962] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0274.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25b5de90, dwHighDateTime=0x1d6076d)) [0274.962] Sleep (dwMilliseconds=0x96) [0275.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faf0 | out: lpSystemTimeAsFileTime=0x8b8faf0*(dwLowDateTime=0x25cdac50, dwHighDateTime=0x1d6076d)) [0275.105] InvalidateRect (hWnd=0x400fa, lpRect=0x0, bErase=0) returned 1 [0275.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x25d00db0, dwHighDateTime=0x1d6076d)) [0275.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x25d00db0, dwHighDateTime=0x1d6076d)) [0275.123] SendMessageA (hWnd=0x400fa, Msg=0x312, wParam=0x1, lParam=0x0) returned 0x0 [0275.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x25d00db0, dwHighDateTime=0x1d6076d)) [0275.123] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.125] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.125] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.126] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.126] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.126] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.126] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.127] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.127] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.127] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.128] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0275.128] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.128] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.129] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.129] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.130] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.130] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.130] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.131] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.131] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.131] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.132] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0275.132] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.132] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0275.133] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.133] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0275.134] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0275.134] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0275.134] CloseHandle (hObject=0x156c) returned 1 [0275.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x25d00db0, dwHighDateTime=0x1d6076d)) [0275.135] GetSystemMetrics (nIndex=0) returned 1440 [0275.135] GetSystemMetrics (nIndex=1) returned 900 [0275.135] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0275.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x25d00db0, dwHighDateTime=0x1d6076d)) [0275.135] ReleaseMutex (hMutex=0x158) returned 1 [0275.135] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0275.135] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0275.135] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0275.135] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0275.135] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.137] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.146] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.147] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.147] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.147] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.148] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.148] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.148] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.149] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.149] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0275.149] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.150] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.150] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.150] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.151] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.151] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.151] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.152] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.152] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.152] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.152] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0275.153] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.153] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0275.153] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.154] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0275.154] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0275.154] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0275.155] CloseHandle (hObject=0x156c) returned 1 [0275.155] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0275.155] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0275.155] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0275.155] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0275.155] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0275.155] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0275.155] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0275.155] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0275.155] GetForegroundWindow () returned 0x400fa [0275.155] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0275.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x25d4d070, dwHighDateTime=0x1d6076d)) [0275.155] Sleep (dwMilliseconds=0x96) [0275.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x25ec9e30, dwHighDateTime=0x1d6076d)) [0275.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x25ec9e30, dwHighDateTime=0x1d6076d)) [0275.308] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.310] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.311] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.311] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.311] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.312] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.312] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.313] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.313] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.313] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.314] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0275.314] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.315] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.315] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.316] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.316] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.316] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.317] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.317] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.317] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.318] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.318] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0275.320] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.321] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0275.321] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.322] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0275.322] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0275.322] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0275.323] CloseHandle (hObject=0x156c) returned 1 [0275.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x25ec9e30, dwHighDateTime=0x1d6076d)) [0275.323] GetSystemMetrics (nIndex=0) returned 1440 [0275.323] GetSystemMetrics (nIndex=1) returned 900 [0275.323] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0275.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x25ec9e30, dwHighDateTime=0x1d6076d)) [0275.323] ReleaseMutex (hMutex=0x158) returned 1 [0275.323] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0275.323] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0275.323] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0275.323] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0275.323] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.326] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.326] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.326] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.327] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.327] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.328] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.328] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.328] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.329] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.329] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0275.330] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.330] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.330] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.331] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.331] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.331] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.332] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.332] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.333] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.333] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.333] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0275.334] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.334] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0275.334] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.335] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0275.335] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0275.336] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0275.336] CloseHandle (hObject=0x156c) returned 1 [0275.336] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0275.336] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0275.336] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0275.336] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0275.336] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0275.336] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0275.336] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0275.336] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0275.336] GetForegroundWindow () returned 0x400fa [0275.337] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0275.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x25eeff90, dwHighDateTime=0x1d6076d)) [0275.337] Sleep (dwMilliseconds=0x96) [0275.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2606cd50, dwHighDateTime=0x1d6076d)) [0275.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2606cd50, dwHighDateTime=0x1d6076d)) [0275.480] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.482] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.483] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.483] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.484] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.484] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.484] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.485] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.485] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.485] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.486] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0275.486] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.487] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.487] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.487] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.488] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.488] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.489] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.489] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.489] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.490] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.490] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0275.490] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.491] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0275.491] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.491] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0275.492] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0275.492] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0275.492] CloseHandle (hObject=0x156c) returned 1 [0275.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2606cd50, dwHighDateTime=0x1d6076d)) [0275.492] GetSystemMetrics (nIndex=0) returned 1440 [0275.493] GetSystemMetrics (nIndex=1) returned 900 [0275.493] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0275.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x2606cd50, dwHighDateTime=0x1d6076d)) [0275.493] ReleaseMutex (hMutex=0x158) returned 1 [0275.493] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0275.493] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0275.493] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0275.493] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0275.493] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.495] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.495] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.496] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.496] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.496] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.497] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.497] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.497] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.497] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.498] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0275.498] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.498] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.499] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.499] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.499] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.500] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.500] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.500] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.500] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.501] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.501] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0275.501] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.502] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0275.502] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.502] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0275.503] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0275.503] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0275.503] CloseHandle (hObject=0x156c) returned 1 [0275.503] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0275.503] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0275.503] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0275.503] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0275.503] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0275.503] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0275.503] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0275.504] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0275.504] GetForegroundWindow () returned 0x400fa [0275.504] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0275.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26092eb0, dwHighDateTime=0x1d6076d)) [0275.504] Sleep (dwMilliseconds=0x96) [0275.651] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2620fc70, dwHighDateTime=0x1d6076d)) [0275.651] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2620fc70, dwHighDateTime=0x1d6076d)) [0275.651] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.653] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.654] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.654] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.655] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.655] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.655] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.656] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.656] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.656] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.657] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0275.657] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.657] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.658] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.658] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.659] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.659] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.659] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.660] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.660] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.660] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.661] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0275.661] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.661] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0275.662] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.662] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0275.664] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0275.664] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0275.665] CloseHandle (hObject=0x156c) returned 1 [0275.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2620fc70, dwHighDateTime=0x1d6076d)) [0275.665] GetSystemMetrics (nIndex=0) returned 1440 [0275.665] GetSystemMetrics (nIndex=1) returned 900 [0275.665] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0275.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x2620fc70, dwHighDateTime=0x1d6076d)) [0275.665] ReleaseMutex (hMutex=0x158) returned 1 [0275.665] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0275.665] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0275.665] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0275.665] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0275.665] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.668] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.668] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.669] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.669] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.669] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.670] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.670] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.671] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.671] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.671] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0275.672] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.672] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.672] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.673] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.673] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.674] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.674] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.674] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.675] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.675] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.675] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0275.676] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.676] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0275.676] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.677] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0275.677] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0275.677] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0275.678] CloseHandle (hObject=0x156c) returned 1 [0275.678] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0275.678] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0275.678] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0275.678] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0275.678] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0275.678] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0275.678] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0275.678] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0275.678] GetForegroundWindow () returned 0x0 [0275.678] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26235dd0, dwHighDateTime=0x1d6076d)) [0275.678] Sleep (dwMilliseconds=0x96) [0275.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x263b2b90, dwHighDateTime=0x1d6076d)) [0275.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x263b2b90, dwHighDateTime=0x1d6076d)) [0275.823] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.826] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.826] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.827] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.827] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.828] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.828] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.829] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.829] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.830] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.830] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0275.831] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.831] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.831] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.832] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.832] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.832] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.833] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.833] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.834] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.834] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.834] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0275.835] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.835] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0275.835] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.836] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0275.836] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0275.836] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0275.837] CloseHandle (hObject=0x156c) returned 1 [0275.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x263b2b90, dwHighDateTime=0x1d6076d)) [0275.837] GetSystemMetrics (nIndex=0) returned 1440 [0275.837] GetSystemMetrics (nIndex=1) returned 900 [0275.837] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0275.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x263b2b90, dwHighDateTime=0x1d6076d)) [0275.837] ReleaseMutex (hMutex=0x158) returned 1 [0275.837] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0275.837] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0275.837] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0275.837] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0275.837] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.839] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.840] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.840] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.840] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.841] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.841] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.841] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.842] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.842] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.842] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0275.843] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.843] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.843] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.844] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.844] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.845] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.845] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.845] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.846] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.846] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.846] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0275.847] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.847] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0275.847] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.848] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0275.848] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0275.848] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0275.849] CloseHandle (hObject=0x156c) returned 1 [0275.849] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0275.849] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0275.849] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0275.849] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0275.849] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0275.849] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0275.849] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0275.849] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0275.849] GetForegroundWindow () returned 0x400fa [0275.849] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0275.849] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x263d8cf0, dwHighDateTime=0x1d6076d)) [0275.849] Sleep (dwMilliseconds=0x96) [0275.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26555ab0, dwHighDateTime=0x1d6076d)) [0275.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26555ab0, dwHighDateTime=0x1d6076d)) [0275.995] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0275.997] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.997] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.998] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.998] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.998] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.999] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.999] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.000] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.000] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.000] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.001] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.001] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.002] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.002] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.002] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.003] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.003] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.003] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.004] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.004] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.005] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.005] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.005] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.006] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.006] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.006] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.007] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.007] CloseHandle (hObject=0x156c) returned 1 [0276.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26555ab0, dwHighDateTime=0x1d6076d)) [0276.007] GetSystemMetrics (nIndex=0) returned 1440 [0276.007] GetSystemMetrics (nIndex=1) returned 900 [0276.007] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0276.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x26555ab0, dwHighDateTime=0x1d6076d)) [0276.007] ReleaseMutex (hMutex=0x158) returned 1 [0276.008] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0276.008] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0276.008] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0276.008] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0276.008] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.040] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.040] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.040] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.041] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.041] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.042] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.042] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.042] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.043] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.043] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.043] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.044] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.044] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.045] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.045] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.045] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.046] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.046] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.046] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.047] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.047] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.048] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.048] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.048] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.049] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.049] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.049] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.050] CloseHandle (hObject=0x156c) returned 1 [0276.050] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0276.050] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0276.050] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0276.050] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0276.050] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0276.050] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0276.050] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0276.050] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0276.050] GetForegroundWindow () returned 0x400fa [0276.050] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0276.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x265c7ed0, dwHighDateTime=0x1d6076d)) [0276.050] Sleep (dwMilliseconds=0x96) [0276.197] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26744c90, dwHighDateTime=0x1d6076d)) [0276.197] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26744c90, dwHighDateTime=0x1d6076d)) [0276.197] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.199] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.200] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.200] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.201] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.201] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.201] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.202] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.202] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.203] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.203] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.203] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.204] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.204] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.204] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.205] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.205] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.206] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.206] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.206] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.207] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.207] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.207] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.208] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.208] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.208] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.209] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.209] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.210] CloseHandle (hObject=0x156c) returned 1 [0276.210] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26744c90, dwHighDateTime=0x1d6076d)) [0276.210] GetSystemMetrics (nIndex=0) returned 1440 [0276.210] GetSystemMetrics (nIndex=1) returned 900 [0276.210] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0276.210] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x26744c90, dwHighDateTime=0x1d6076d)) [0276.210] ReleaseMutex (hMutex=0x158) returned 1 [0276.210] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0276.210] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0276.210] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0276.210] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0276.210] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.212] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.213] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.214] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.214] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.214] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.215] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.215] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.216] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.216] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.216] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.217] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.217] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.217] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.218] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.218] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.218] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.219] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.219] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.220] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.220] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.220] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.221] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.221] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.221] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.222] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.222] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.223] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.223] CloseHandle (hObject=0x156c) returned 1 [0276.223] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0276.223] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0276.223] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0276.223] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0276.223] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0276.223] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0276.223] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0276.223] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0276.223] GetForegroundWindow () returned 0x400fa [0276.223] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0276.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2676adf0, dwHighDateTime=0x1d6076d)) [0276.224] Sleep (dwMilliseconds=0x96) [0276.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x268e7bb0, dwHighDateTime=0x1d6076d)) [0276.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x268e7bb0, dwHighDateTime=0x1d6076d)) [0276.370] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.374] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.375] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.375] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.376] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.377] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.377] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.378] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.379] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.379] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.380] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.381] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.381] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.382] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.383] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.384] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.384] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.385] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.386] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.386] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.387] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.388] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.388] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.389] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.390] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.391] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.391] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.392] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.392] CloseHandle (hObject=0x156c) returned 1 [0276.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2690dd10, dwHighDateTime=0x1d6076d)) [0276.393] GetSystemMetrics (nIndex=0) returned 1440 [0276.393] GetSystemMetrics (nIndex=1) returned 900 [0276.393] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0276.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x2690dd10, dwHighDateTime=0x1d6076d)) [0276.393] ReleaseMutex (hMutex=0x158) returned 1 [0276.393] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0276.393] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0276.393] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0276.393] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0276.393] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.397] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.398] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.399] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.399] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.401] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.402] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.403] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.403] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.404] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.405] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.406] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.406] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.407] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.407] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.408] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.409] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.409] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.410] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.411] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.412] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.412] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.413] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.414] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.415] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.417] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.418] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.418] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.419] CloseHandle (hObject=0x156c) returned 1 [0276.419] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0276.419] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0276.419] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0276.419] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0276.420] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0276.420] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0276.420] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0276.420] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0276.420] GetForegroundWindow () returned 0x400fa [0276.420] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0276.420] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26959fd0, dwHighDateTime=0x1d6076d)) [0276.420] Sleep (dwMilliseconds=0x96) [0276.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26ad6d90, dwHighDateTime=0x1d6076d)) [0276.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26ad6d90, dwHighDateTime=0x1d6076d)) [0276.572] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.574] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.574] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.574] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.575] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.575] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.576] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.576] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.576] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.577] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.577] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.577] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.578] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.578] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.579] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.579] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.579] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.580] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.580] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.581] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.581] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.581] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.582] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.582] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.582] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.583] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.583] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.584] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.584] CloseHandle (hObject=0x156c) returned 1 [0276.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26ad6d90, dwHighDateTime=0x1d6076d)) [0276.584] GetSystemMetrics (nIndex=0) returned 1440 [0276.584] GetSystemMetrics (nIndex=1) returned 900 [0276.584] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0276.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x26ad6d90, dwHighDateTime=0x1d6076d)) [0276.584] ReleaseMutex (hMutex=0x158) returned 1 [0276.584] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0276.584] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0276.584] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0276.584] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0276.584] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.586] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.587] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.588] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.588] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.588] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.589] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.589] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.590] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.590] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.590] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.591] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.591] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.591] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.592] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.592] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.592] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.593] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.593] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.594] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.594] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.594] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.595] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.595] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.595] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.596] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.596] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.596] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.597] CloseHandle (hObject=0x156c) returned 1 [0276.597] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0276.597] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0276.597] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0276.597] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0276.597] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0276.597] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0276.597] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0276.597] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0276.597] GetForegroundWindow () returned 0x0 [0276.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26afcef0, dwHighDateTime=0x1d6076d)) [0276.597] Sleep (dwMilliseconds=0x96) [0276.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26c79cb0, dwHighDateTime=0x1d6076d)) [0276.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26c79cb0, dwHighDateTime=0x1d6076d)) [0276.744] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.746] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.746] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.747] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.747] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.747] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.748] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.748] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.749] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.749] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.749] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.750] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.750] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.751] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.751] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.751] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.752] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.752] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.753] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.753] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.753] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.754] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.754] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.754] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.755] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.755] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.755] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.756] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.756] CloseHandle (hObject=0x156c) returned 1 [0276.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26c79cb0, dwHighDateTime=0x1d6076d)) [0276.756] GetSystemMetrics (nIndex=0) returned 1440 [0276.756] GetSystemMetrics (nIndex=1) returned 900 [0276.756] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0276.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x26c79cb0, dwHighDateTime=0x1d6076d)) [0276.757] ReleaseMutex (hMutex=0x158) returned 1 [0276.757] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0276.757] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0276.757] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0276.757] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0276.757] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.759] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.759] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.760] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.760] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.760] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.761] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.761] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.761] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.762] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.762] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.763] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.763] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.763] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.764] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.764] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.764] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.765] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.765] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.766] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.766] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.766] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.767] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.767] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.767] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.768] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.768] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.769] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.769] CloseHandle (hObject=0x156c) returned 1 [0276.769] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0276.769] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0276.769] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0276.769] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0276.769] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0276.769] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0276.769] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0276.769] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0276.769] GetForegroundWindow () returned 0x400fa [0276.769] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0276.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26c9fe10, dwHighDateTime=0x1d6076d)) [0276.770] Sleep (dwMilliseconds=0x96) [0276.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26e1cbd0, dwHighDateTime=0x1d6076d)) [0276.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26e1cbd0, dwHighDateTime=0x1d6076d)) [0276.915] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.917] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.917] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.917] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.918] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.918] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.918] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.919] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.919] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.919] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.920] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.920] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.920] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.921] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.921] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.921] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.922] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.922] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.923] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.923] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.923] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.924] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.924] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.925] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.925] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.925] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.926] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.926] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.926] CloseHandle (hObject=0x156c) returned 1 [0276.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26e1cbd0, dwHighDateTime=0x1d6076d)) [0276.927] GetSystemMetrics (nIndex=0) returned 1440 [0276.927] GetSystemMetrics (nIndex=1) returned 900 [0276.927] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0276.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x26e1cbd0, dwHighDateTime=0x1d6076d)) [0276.927] ReleaseMutex (hMutex=0x158) returned 1 [0276.927] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0276.927] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0276.927] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0276.927] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0276.927] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0276.929] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.929] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.930] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.931] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.931] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.931] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.932] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.932] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.933] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.933] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0276.933] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.934] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.934] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.934] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.935] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.935] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.936] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.936] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.936] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.937] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.937] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0276.938] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.938] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0276.938] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.939] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0276.939] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0276.939] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0276.940] CloseHandle (hObject=0x156c) returned 1 [0276.940] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0276.940] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0276.940] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0276.940] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0276.940] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0276.940] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0276.940] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0276.940] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0276.940] GetForegroundWindow () returned 0x400fa [0276.940] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0276.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26e42d30, dwHighDateTime=0x1d6076d)) [0276.941] Sleep (dwMilliseconds=0x96) [0277.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26fbfaf0, dwHighDateTime=0x1d6076d)) [0277.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26fbfaf0, dwHighDateTime=0x1d6076d)) [0277.086] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.088] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.089] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.089] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.089] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.090] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.090] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.090] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.091] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.091] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.092] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.092] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.092] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.093] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.093] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.094] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.094] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.094] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.095] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.095] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.095] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.096] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0277.096] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.097] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0277.097] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.097] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0277.098] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0277.098] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0277.098] CloseHandle (hObject=0x156c) returned 1 [0277.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26fbfaf0, dwHighDateTime=0x1d6076d)) [0277.098] GetSystemMetrics (nIndex=0) returned 1440 [0277.098] GetSystemMetrics (nIndex=1) returned 900 [0277.098] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0277.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x26fbfaf0, dwHighDateTime=0x1d6076d)) [0277.098] ReleaseMutex (hMutex=0x158) returned 1 [0277.098] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0277.099] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0277.099] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0277.099] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0277.099] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.101] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.101] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.101] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.102] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.103] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.103] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.103] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.104] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.104] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.105] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.105] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.105] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.106] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.106] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.107] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.107] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.107] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.108] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.108] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.108] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.109] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0277.109] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.109] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0277.110] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.110] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0277.111] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0277.111] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0277.111] CloseHandle (hObject=0x156c) returned 1 [0277.111] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0277.112] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0277.112] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0277.112] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0277.112] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0277.112] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0277.112] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0277.112] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0277.112] GetForegroundWindow () returned 0x400fa [0277.112] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0277.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x26fe5c50, dwHighDateTime=0x1d6076d)) [0277.112] Sleep (dwMilliseconds=0x96) [0277.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x27162a10, dwHighDateTime=0x1d6076d)) [0277.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x27162a10, dwHighDateTime=0x1d6076d)) [0277.258] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.261] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.261] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.261] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.262] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.262] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.262] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.263] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.263] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.264] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.264] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.264] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.265] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.265] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.265] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.266] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.266] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.267] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.267] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.267] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.268] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.268] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0277.268] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.269] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0277.269] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.270] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0277.270] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0277.270] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0277.271] CloseHandle (hObject=0x156c) returned 1 [0277.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x27162a10, dwHighDateTime=0x1d6076d)) [0277.271] GetSystemMetrics (nIndex=0) returned 1440 [0277.271] GetSystemMetrics (nIndex=1) returned 900 [0277.271] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0277.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x27162a10, dwHighDateTime=0x1d6076d)) [0277.271] ReleaseMutex (hMutex=0x158) returned 1 [0277.271] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0277.271] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0277.271] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0277.271] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0277.271] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.274] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.274] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.275] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.275] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.275] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.276] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.276] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.276] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.277] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.277] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.278] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.278] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.278] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.279] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.279] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.279] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.280] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.280] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.281] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.281] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.281] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0277.282] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.282] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0277.282] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.283] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0277.283] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0277.284] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0277.284] CloseHandle (hObject=0x156c) returned 1 [0277.284] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0277.284] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0277.284] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0277.284] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0277.284] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0277.284] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0277.284] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0277.284] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0277.284] GetForegroundWindow () returned 0x400fa [0277.285] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0277.285] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x27188b70, dwHighDateTime=0x1d6076d)) [0277.285] Sleep (dwMilliseconds=0x96) [0277.432] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x27305930, dwHighDateTime=0x1d6076d)) [0277.432] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x27305930, dwHighDateTime=0x1d6076d)) [0277.432] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.434] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.435] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.435] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.435] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.435] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.436] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.436] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.436] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.437] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.437] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.437] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.437] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.438] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.438] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.438] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.439] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.439] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.439] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.440] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.440] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.440] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0277.441] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.441] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0277.441] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.442] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0277.442] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0277.442] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0277.443] CloseHandle (hObject=0x156c) returned 1 [0277.443] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x27305930, dwHighDateTime=0x1d6076d)) [0277.443] GetSystemMetrics (nIndex=0) returned 1440 [0277.443] GetSystemMetrics (nIndex=1) returned 900 [0277.443] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0277.443] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x27305930, dwHighDateTime=0x1d6076d)) [0277.443] ReleaseMutex (hMutex=0x158) returned 1 [0277.443] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0277.443] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0277.443] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0277.443] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0277.443] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.445] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.446] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.446] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.447] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.447] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.447] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.448] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.448] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.448] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.449] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.449] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.449] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.450] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.450] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.450] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.451] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.451] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.451] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.451] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.452] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.452] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0277.452] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.453] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0277.453] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.453] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0277.454] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0277.454] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0277.454] CloseHandle (hObject=0x156c) returned 1 [0277.454] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0277.455] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0277.455] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0277.455] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0277.455] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0277.455] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0277.455] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0277.455] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0277.455] GetForegroundWindow () returned 0x0 [0277.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2732ba90, dwHighDateTime=0x1d6076d)) [0277.455] Sleep (dwMilliseconds=0x96) [0277.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x274a8850, dwHighDateTime=0x1d6076d)) [0277.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x274a8850, dwHighDateTime=0x1d6076d)) [0277.602] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.604] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.605] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.605] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.606] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.606] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.606] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.607] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.607] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.608] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.608] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.609] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.609] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.610] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.610] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.610] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.611] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.611] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.612] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.612] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.612] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.613] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0277.614] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.614] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0277.615] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.615] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0277.615] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0277.616] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0277.616] CloseHandle (hObject=0x156c) returned 1 [0277.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x274a8850, dwHighDateTime=0x1d6076d)) [0277.616] GetSystemMetrics (nIndex=0) returned 1440 [0277.616] GetSystemMetrics (nIndex=1) returned 900 [0277.616] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0277.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x274ce9b0, dwHighDateTime=0x1d6076d)) [0277.617] ReleaseMutex (hMutex=0x158) returned 1 [0277.617] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0277.617] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0277.617] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0277.617] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0277.617] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.619] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.619] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.620] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.620] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.621] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.621] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.621] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.622] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.622] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.622] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.623] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.623] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.624] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.624] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.624] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.625] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.625] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.626] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.626] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.626] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.627] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0277.627] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.627] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0277.628] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.628] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0277.629] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0277.629] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0277.629] CloseHandle (hObject=0x156c) returned 1 [0277.629] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0277.629] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0277.630] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0277.630] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0277.630] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0277.630] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0277.630] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0277.630] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0277.630] GetForegroundWindow () returned 0x400fa [0277.630] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0277.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x274ce9b0, dwHighDateTime=0x1d6076d)) [0277.630] Sleep (dwMilliseconds=0x96) [0277.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2764b770, dwHighDateTime=0x1d6076d)) [0277.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x2764b770, dwHighDateTime=0x1d6076d)) [0277.773] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.775] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.775] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.776] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.776] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.777] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.777] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.777] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.778] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.778] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.779] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.779] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.788] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.788] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.789] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.789] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.789] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.792] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.792] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.793] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.795] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.796] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0277.796] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.797] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0277.797] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.797] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0277.799] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0277.800] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0277.801] CloseHandle (hObject=0x156c) returned 1 [0277.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x276718d0, dwHighDateTime=0x1d6076d)) [0277.801] GetSystemMetrics (nIndex=0) returned 1440 [0277.801] GetSystemMetrics (nIndex=1) returned 900 [0277.801] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0277.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x276718d0, dwHighDateTime=0x1d6076d)) [0277.802] ReleaseMutex (hMutex=0x158) returned 1 [0277.802] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0277.802] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0277.802] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0277.803] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0277.803] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.808] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.811] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.812] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.812] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.812] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.813] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.813] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.813] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.819] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.824] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.824] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.825] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.825] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.825] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.826] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.826] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.826] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.827] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.827] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.827] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.828] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0277.833] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.833] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0277.838] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.839] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0277.839] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0277.839] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0277.839] CloseHandle (hObject=0x156c) returned 1 [0277.840] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0277.840] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0277.840] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0277.840] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0277.840] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0277.840] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0277.840] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0277.840] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0277.840] GetForegroundWindow () returned 0x400fa [0277.840] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0277.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x276e3cf0, dwHighDateTime=0x1d6076d)) [0277.840] Sleep (dwMilliseconds=0x96) [0277.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x27860ab0, dwHighDateTime=0x1d6076d)) [0277.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x27860ab0, dwHighDateTime=0x1d6076d)) [0277.991] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0277.993] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.994] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.994] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.995] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.995] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.995] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.996] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.996] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.996] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.997] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0277.997] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.998] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.998] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.998] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.999] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.999] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0278.000] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.000] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0278.000] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0278.001] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.001] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0278.002] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0278.003] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0278.009] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.009] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0278.011] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0278.013] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0278.015] CloseHandle (hObject=0x156c) returned 1 [0278.015] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x27886c10, dwHighDateTime=0x1d6076d)) [0278.015] GetSystemMetrics (nIndex=0) returned 1440 [0278.015] GetSystemMetrics (nIndex=1) returned 900 [0278.015] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0278.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8fadc | out: lpSystemTimeAsFileTime=0x8b8fadc*(dwLowDateTime=0x27886c10, dwHighDateTime=0x1d6076d)) [0278.016] ReleaseMutex (hMutex=0x158) returned 1 [0278.016] FindWindowA (lpClassName=0x0, lpWindowName="Open File") returned 0x0 [0278.016] FindWindowA (lpClassName=0x0, lpWindowName="Windows Internet Explorer") returned 0x0 [0278.016] FindWindowA (lpClassName="RegEdit_RegEdit", lpWindowName=0x0) returned 0x0 [0278.016] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0278.016] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x156c [0278.018] Process32First (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.018] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0278.019] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0278.019] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0278.019] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0278.020] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0278.020] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0278.021] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0278.021] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0278.022] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0278.022] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.023] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.023] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.024] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.024] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.025] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0278.025] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.025] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x2b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0278.026] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x40c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x344, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0278.026] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.026] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x134, pcPriClassBase=8, dwFlags=0x0, szExeFile="BUccwoAg.exe")) returned 1 [0278.027] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0278.027] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0278.027] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.028] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x68c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ssYIYkgc.exe")) returned 1 [0278.028] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 1 [0278.029] Process32Next (in: hSnapshot=0x156c, lppe=0x448b34 | out: lppe=0x448b34*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="YMIIsQMA.exe")) returned 0 [0278.029] CloseHandle (hObject=0x156c) returned 1 [0278.029] FindWindowA (lpClassName=0x0, lpWindowName="Run") returned 0x0 [0278.029] FindWindowA (lpClassName=0x0, lpWindowName="Open") returned 0x0 [0278.029] FindWindowA (lpClassName="BUTTON", lpWindowName="START") returned 0x10058 [0278.029] ShowWindow (hWnd=0x10058, nCmdShow=0) returned 0 [0278.029] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="Shell_TrayWnd", lpszWindow=0x0) returned 0x10054 [0278.029] ShowWindow (hWnd=0x10054, nCmdShow=0) returned 0 [0278.029] FindWindowExA (hWndParent=0x0, hWndChildAfter=0x0, lpszClass="DV2ControlHost", lpszWindow=0x0) returned 0x700a2 [0278.029] ShowWindow (hWnd=0x700a2, nCmdShow=0) returned 0 [0278.029] GetForegroundWindow () returned 0x400fa [0278.030] FindWindowExA (hWndParent=0x400fa, hWndChildAfter=0x0, lpszClass="WorkerW", lpszWindow=0x0) returned 0x0 [0278.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8b8faec | out: lpSystemTimeAsFileTime=0x8b8faec*(dwLowDateTime=0x278acd70, dwHighDateTime=0x1d6076d)) [0278.030] Sleep (dwMilliseconds=0x96) Thread: id = 410 os_tid = 0x4d4 [0261.661] GetCurrentThreadId () returned 0x4d4 [0261.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff28 | out: lpSystemTimeAsFileTime=0x759ff28*(dwLowDateTime=0x1dcc2c70, dwHighDateTime=0x1d6076d)) [0261.662] GetCurrentThreadId () returned 0x4d4 [0261.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff58 | out: lpSystemTimeAsFileTime=0x759ff58*(dwLowDateTime=0x1dcc2c70, dwHighDateTime=0x1d6076d)) [0261.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff6c | out: lpSystemTimeAsFileTime=0x759ff6c*(dwLowDateTime=0x1dcc2c70, dwHighDateTime=0x1d6076d)) [0261.662] GetCurrentThreadId () returned 0x4d4 [0261.662] gethostbyname (name="google.com") returned 0x1f14e90*(h_name="google.com", h_aliases=0x1f14ea0*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x1f14ea4*=([0]="172.217.23.142")) [0261.663] socket (af=2, type=1, protocol=0) returned 0x1560 [0261.663] htons (hostshort=0x50) returned 0x5000 [0261.663] connect (s=0x1560, name=0x759ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0261.689] ioctlsocket (in: s=0x1560, cmd=-2147195266, argp=0x759ff28 | out: argp=0x759ff28) returned 0 [0261.689] GetCurrentThreadId () returned 0x4d4 [0261.689] send (s=0x1560, buf=0x40f0a6*, len=36, flags=0) returned 36 [0261.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff44 | out: lpSystemTimeAsFileTime=0x759ff44*(dwLowDateTime=0x1dd0ef30, dwHighDateTime=0x1d6076d)) [0261.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff44 | out: lpSystemTimeAsFileTime=0x759ff44*(dwLowDateTime=0x1dd0ef30, dwHighDateTime=0x1d6076d)) [0261.690] ioctlsocket (in: s=0x1560, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0261.690] Sleep (dwMilliseconds=0x32) [0261.751] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff44 | out: lpSystemTimeAsFileTime=0x759ff44*(dwLowDateTime=0x1dda74b0, dwHighDateTime=0x1d6076d)) [0261.752] ioctlsocket (in: s=0x1560, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0261.752] Sleep (dwMilliseconds=0x32) [0261.814] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x4e80000 [0261.814] GetCurrentThreadId () returned 0x4d4 [0261.814] recv (in: s=0x1560, buf=0x4e80000, len=528, flags=0 | out: buf=0x4e80000*) returned 528 [0261.815] shutdown (s=0x759ff84, how=2) returned -1 [0261.815] closesocket (s=0x759ff84) returned -1 [0261.815] GetCurrentThreadId () returned 0x4d4 [0261.815] GetCurrentThreadId () returned 0x4d4 [0261.815] VirtualFree (lpAddress=0x4e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.815] GetCurrentThreadId () returned 0x4d4 [0261.815] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0261.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff6c | out: lpSystemTimeAsFileTime=0x759ff6c*(dwLowDateTime=0x1de3fa30, dwHighDateTime=0x1d6076d)) [0261.815] ReleaseMutex (hMutex=0x158) returned 1 [0261.816] GetCurrentThreadId () returned 0x4d4 [0261.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff58 | out: lpSystemTimeAsFileTime=0x759ff58*(dwLowDateTime=0x1de3fa30, dwHighDateTime=0x1d6076d)) [0261.816] Sleep (dwMilliseconds=0x13857) [0271.845] GetCurrentThreadId () returned 0x4d4 [0271.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff58 | out: lpSystemTimeAsFileTime=0x759ff58*(dwLowDateTime=0x23dc2cf0, dwHighDateTime=0x1d6076d)) [0271.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff6c | out: lpSystemTimeAsFileTime=0x759ff6c*(dwLowDateTime=0x23dc2cf0, dwHighDateTime=0x1d6076d)) [0271.845] GetCurrentThreadId () returned 0x4d4 [0271.845] gethostbyname (name="google.com") returned 0x1f14e90*(h_name="google.com", h_aliases=0x1f14ea0*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x1f14ea4*=([0]="172.217.23.142")) [0271.857] socket (af=2, type=1, protocol=0) returned 0x1564 [0271.857] htons (hostshort=0x50) returned 0x5000 [0271.857] connect (s=0x1564, name=0x759ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0271.878] ioctlsocket (in: s=0x1564, cmd=-2147195266, argp=0x759ff28 | out: argp=0x759ff28) returned 0 [0271.878] GetCurrentThreadId () returned 0x4d4 [0271.878] send (s=0x1564, buf=0x40f0a6*, len=36, flags=0) returned 36 [0271.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff44 | out: lpSystemTimeAsFileTime=0x759ff44*(dwLowDateTime=0x23e0efb0, dwHighDateTime=0x1d6076d)) [0271.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff44 | out: lpSystemTimeAsFileTime=0x759ff44*(dwLowDateTime=0x23e0efb0, dwHighDateTime=0x1d6076d)) [0271.879] ioctlsocket (in: s=0x1564, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0271.879] Sleep (dwMilliseconds=0x32) [0271.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff44 | out: lpSystemTimeAsFileTime=0x759ff44*(dwLowDateTime=0x23ea7530, dwHighDateTime=0x1d6076d)) [0271.939] ioctlsocket (in: s=0x1564, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0271.939] Sleep (dwMilliseconds=0x32) [0272.001] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x4ea0000 [0272.001] GetCurrentThreadId () returned 0x4d4 [0272.001] recv (in: s=0x1564, buf=0x4ea0000, len=528, flags=0 | out: buf=0x4ea0000*) returned 528 [0272.001] shutdown (s=0x759ff84, how=2) returned -1 [0272.001] closesocket (s=0x759ff84) returned -1 [0272.001] GetCurrentThreadId () returned 0x4d4 [0272.001] GetCurrentThreadId () returned 0x4d4 [0272.002] VirtualFree (lpAddress=0x4ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.002] GetCurrentThreadId () returned 0x4d4 [0272.002] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0xbb8) returned 0x0 [0272.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff6c | out: lpSystemTimeAsFileTime=0x759ff6c*(dwLowDateTime=0x23f3fab0, dwHighDateTime=0x1d6076d)) [0272.002] ReleaseMutex (hMutex=0x158) returned 1 [0272.002] GetCurrentThreadId () returned 0x4d4 [0272.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x759ff58 | out: lpSystemTimeAsFileTime=0x759ff58*(dwLowDateTime=0x23f3fab0, dwHighDateTime=0x1d6076d)) [0272.002] Sleep (dwMilliseconds=0x15607) Thread: id = 411 os_tid = 0x300 Process: id = "26" image_name = "ssyiykgc.exe" filename = "c:\\programdata\\vwcueoyi\\ssyiykgc.exe" page_root = "0x13d22000" os_pid = "0x68c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x1c4" cmd_line = "C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 379 os_tid = 0x690 [0171.170] GetInputState () returned 0 [0171.170] GetInputState () returned 0 [0171.170] GetInputState () returned 0 [0171.170] GetInputState () returned 0 [0171.170] GetInputState () returned 0 [0171.170] GetUserDefaultLCID () returned 0x409 [0171.245] GetUserDefaultLCID () returned 0x409 [0171.246] GetUserDefaultLCID () returned 0x409 [0171.246] GetUserDefaultLCID () returned 0x409 [0171.246] GetUserDefaultLCID () returned 0x409 [0171.246] GetUserDefaultLCID () returned 0x409 [0171.246] GetUserDefaultLCID () returned 0x409 [0171.246] GetUserDefaultLCID () returned 0x409 [0171.247] VirtualProtect (in: lpAddress=0x401400, dwSize=0x7449e, flNewProtect=0x40, lpflOldProtect=0x18ff88 | out: lpflOldProtect=0x18ff88*=0x20) returned 1 [0171.253] GetUserDefaultLCID () returned 0x409 [0171.253] GetUserDefaultLCID () returned 0x409 [0171.253] GetUserDefaultLCID () returned 0x409 [0171.253] GetUserDefaultLCID () returned 0x409 [0171.253] GetUserDefaultLCID () returned 0x409 [0171.253] GetUserDefaultLCID () returned 0x409 [0171.254] GetUserDefaultLCID () returned 0x409 [0171.254] GetUserDefaultLCID () returned 0x409 [0171.336] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18ff80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18ff80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0171.355] GetVersionExA (in: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0171.462] GetProcAddress (hModule=0x75a70000, lpProcName="LoadLibraryA") returned 0x75a849d7 [0171.462] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75590000 [0171.462] GetProcAddress (hModule=0x75590000, lpProcName="GetKeyState") returned 0x755b291f [0171.463] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x75b80000 [0171.463] GetProcAddress (hModule=0x75b80000, lpProcName="QueryServiceStatus") returned 0x75b92a86 [0171.463] GetProcAddress (hModule=0x75a70000, lpProcName="GetFileAttributesW") returned 0x75a81b18 [0171.463] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalAlloc") returned 0x75a8588e [0171.464] GetProcAddress (hModule=0x75590000, lpProcName="GetKeyboardState") returned 0x755cec68 [0171.464] GetProcAddress (hModule=0x75590000, lpProcName="GetMessageA") returned 0x755a7bd3 [0171.464] GetProcAddress (hModule=0x75b80000, lpProcName="RegOpenKeyExA") returned 0x75b94907 [0171.464] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76d90000 [0171.611] GetProcAddress (hModule=0x76d90000, lpProcName="select") returned 0x76d96989 [0171.612] GetProcAddress (hModule=0x75b80000, lpProcName="OpenServiceW") returned 0x75b8ca4c [0171.612] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x74e30000 [0171.789] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupDelMembers") returned 0x74cf9322 [0171.800] GetProcAddress (hModule=0x75b80000, lpProcName="CheckTokenMembership") returned 0x75b8df04 [0171.800] GetProcAddress (hModule=0x75590000, lpProcName="GetForegroundWindow") returned 0x755b2320 [0171.800] GetProcAddress (hModule=0x76d90000, lpProcName="accept") returned 0x76d968b6 [0171.801] GetProcAddress (hModule=0x75b80000, lpProcName="LogonUserW") returned 0x75b8c1a9 [0171.801] GetProcAddress (hModule=0x75a70000, lpProcName="CopyFileW") returned 0x75aa830d [0171.801] GetProcAddress (hModule=0x75a70000, lpProcName="FindClose") returned 0x75a84442 [0171.801] GetProcAddress (hModule=0x75b80000, lpProcName="ConvertSidToStringSidA") returned 0x75bb192a [0171.801] GetProcAddress (hModule=0x75a70000, lpProcName="CreateDirectoryA") returned 0x75aad526 [0171.802] GetProcAddress (hModule=0x76d90000, lpProcName="shutdown") returned 0x76d9449d [0171.802] GetProcAddress (hModule=0x75a70000, lpProcName="ExitThread") returned 0x7738d598 [0171.802] GetProcAddress (hModule=0x75a70000, lpProcName="GetTickCount") returned 0x75a8110c [0171.802] GetProcAddress (hModule=0x75b80000, lpProcName="FreeSid") returned 0x75b9412e [0171.802] GetProcAddress (hModule=0x75590000, lpProcName="EndPaint") returned 0x755b1341 [0171.802] GetProcAddress (hModule=0x75a70000, lpProcName="SuspendThread") returned 0x75aa7d7e [0171.802] GetProcAddress (hModule=0x75590000, lpProcName="SetTimer") returned 0x755a79fb [0171.803] GetProcAddress (hModule=0x75a70000, lpProcName="Process32Next") returned 0x75aa88a4 [0171.803] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x75360000 [0171.803] GetProcAddress (hModule=0x75360000, lpProcName="SetBkColor") returned 0x753752d8 [0171.803] GetProcAddress (hModule=0x75b80000, lpProcName="AllocateAndInitializeSid") returned 0x75b940e6 [0171.803] GetProcAddress (hModule=0x76d90000, lpProcName="connect") returned 0x76d96bdd [0171.803] GetProcAddress (hModule=0x75a70000, lpProcName="GetUserGeoID") returned 0x75aaacf0 [0171.804] GetProcAddress (hModule=0x75a70000, lpProcName="MapViewOfFile") returned 0x75a818f1 [0171.804] GetProcAddress (hModule=0x75590000, lpProcName="FindWindowA") returned 0x755affe6 [0171.804] GetProcAddress (hModule=0x75a70000, lpProcName="WriteFile") returned 0x75a81282 [0171.804] GetProcAddress (hModule=0x75a70000, lpProcName="FindNextFileW") returned 0x75a854ee [0171.804] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x76010000 [0171.804] GetProcAddress (hModule=0x76010000, lpProcName="ExtractIconExW") returned 0x7612f0bd [0171.804] GetProcAddress (hModule=0x75b80000, lpProcName="RegOpenKeyExW") returned 0x75b9468d [0171.805] GetProcAddress (hModule=0x75590000, lpProcName="EmptyClipboard") returned 0x75607cb9 [0171.805] GetProcAddress (hModule=0x75360000, lpProcName="BitBlt") returned 0x75375ea6 [0171.805] GetProcAddress (hModule=0x75a70000, lpProcName="CloseHandle") returned 0x75a81410 [0171.805] GetProcAddress (hModule=0x75a70000, lpProcName="UnmapViewOfFile") returned 0x75a81826 [0171.805] GetProcAddress (hModule=0x75b80000, lpProcName="ConvertStringSidToSidA") returned 0x75ba0f23 [0171.805] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalFree") returned 0x75a85558 [0171.806] LoadLibraryA (lpLibFileName="wtsapi32.dll") returned 0x74ce0000 [0171.816] GetProcAddress (hModule=0x74ce0000, lpProcName="WTSEnumerateSessionsA") returned 0x74ce4023 [0171.816] GetProcAddress (hModule=0x75a70000, lpProcName="ProcessIdToSessionId") returned 0x75a81275 [0171.816] GetProcAddress (hModule=0x75a70000, lpProcName="DeleteFileA") returned 0x75a85444 [0171.816] GetProcAddress (hModule=0x76d90000, lpProcName="send") returned 0x76d96f01 [0171.816] GetProcAddress (hModule=0x75590000, lpProcName="DrawIcon") returned 0x755b8deb [0171.816] GetProcAddress (hModule=0x75a70000, lpProcName="SetEvent") returned 0x75a816c5 [0171.816] GetProcAddress (hModule=0x75590000, lpProcName="GetIconInfo") returned 0x755b49ea [0171.817] GetProcAddress (hModule=0x75a70000, lpProcName="GetCurrentThreadId") returned 0x75a81450 [0171.817] GetProcAddress (hModule=0x75a70000, lpProcName="LocalFree") returned 0x75a82d3c [0171.817] GetProcAddress (hModule=0x76010000, lpProcName="ExtractAssociatedIconA") returned 0x76214efe [0171.817] GetProcAddress (hModule=0x75a70000, lpProcName="CreateProcessW") returned 0x75a8103d [0171.817] GetProcAddress (hModule=0x75a70000, lpProcName="GetCurrentProcessId") returned 0x75a811f8 [0171.817] GetProcAddress (hModule=0x74e30000, lpProcName="NetUserSetInfo") returned 0x74cf5d16 [0171.817] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleHandleA") returned 0x75a81245 [0171.817] GetProcAddress (hModule=0x75360000, lpProcName="CreateCompatibleBitmap") returned 0x75375f49 [0171.818] GetProcAddress (hModule=0x75a70000, lpProcName="SetFileAttributesW") returned 0x75a9d4f7 [0171.818] GetProcAddress (hModule=0x75360000, lpProcName="DeleteDC") returned 0x753758b3 [0171.819] GetProcAddress (hModule=0x75b80000, lpProcName="SetEntriesInAclW") returned 0x75b92a66 [0171.819] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupGetMembers") returned 0x74cf21be [0171.819] GetProcAddress (hModule=0x75a70000, lpProcName="GetCurrentDirectoryW") returned 0x75a85611 [0171.819] GetProcAddress (hModule=0x75a70000, lpProcName="GetLastError") returned 0x75a811c0 [0171.819] GetProcAddress (hModule=0x75590000, lpProcName="LoadIconA") returned 0x755adafb [0171.819] GetProcAddress (hModule=0x75a70000, lpProcName="GetCommandLineA") returned 0x75a851a1 [0171.819] GetProcAddress (hModule=0x75b80000, lpProcName="GetUserNameW") returned 0x75b9157a [0171.820] GetProcAddress (hModule=0x75b80000, lpProcName="LsaAddAccountRights") returned 0x75bc8819 [0171.820] GetProcAddress (hModule=0x75360000, lpProcName="GetObjectA") returned 0x753785d4 [0171.820] GetProcAddress (hModule=0x75a70000, lpProcName="GetCommandLineW") returned 0x75a85223 [0171.820] GetProcAddress (hModule=0x76d90000, lpProcName="getsockname") returned 0x76d930af [0171.820] GetProcAddress (hModule=0x75590000, lpProcName="SendMessageA") returned 0x755b612e [0171.820] GetProcAddress (hModule=0x75a70000, lpProcName="UpdateResourceA") returned 0x75b1363d [0171.820] GetProcAddress (hModule=0x75590000, lpProcName="GetSystemMetrics") returned 0x755a7d2f [0171.821] GetProcAddress (hModule=0x75360000, lpProcName="CreateCompatibleDC") returned 0x753754f4 [0171.821] GetProcAddress (hModule=0x75a70000, lpProcName="Sleep") returned 0x75a810ff [0171.821] GetProcAddress (hModule=0x75b80000, lpProcName="CloseServiceHandle") returned 0x75b9369c [0171.821] GetProcAddress (hModule=0x75590000, lpProcName="InvalidateRect") returned 0x755b1381 [0171.821] GetProcAddress (hModule=0x75a70000, lpProcName="FindFirstFileW") returned 0x75a84435 [0171.821] GetProcAddress (hModule=0x74ce0000, lpProcName="WTSLogoffSession") returned 0x74ce3d77 [0171.822] GetProcAddress (hModule=0x75590000, lpProcName="FindWindowExA") returned 0x755b00d9 [0171.846] GetProcAddress (hModule=0x76d90000, lpProcName="closesocket") returned 0x76d93918 [0171.847] GetProcAddress (hModule=0x75a70000, lpProcName="CreateDirectoryW") returned 0x75a84259 [0171.847] GetProcAddress (hModule=0x75a70000, lpProcName="RtlZeroMemory") returned 0x77393c10 [0171.847] GetProcAddress (hModule=0x75b80000, lpProcName="RegQueryValueExA") returned 0x75b948ef [0171.847] GetProcAddress (hModule=0x75b80000, lpProcName="LookupAccountSidW") returned 0x75b94874 [0171.848] GetProcAddress (hModule=0x75b80000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x75b8a97d [0171.848] GetProcAddress (hModule=0x75a70000, lpProcName="SetFilePointer") returned 0x75a817d1 [0171.848] GetProcAddress (hModule=0x75590000, lpProcName="DrawTextW") returned 0x755b25cf [0171.848] GetProcAddress (hModule=0x75a70000, lpProcName="OpenThread") returned 0x75a91248 [0171.848] GetProcAddress (hModule=0x75590000, lpProcName="ShowWindow") returned 0x755b0dfb [0171.848] GetProcAddress (hModule=0x76d90000, lpProcName="WSAStartup") returned 0x76d93ab2 [0171.848] GetProcAddress (hModule=0x75360000, lpProcName="TextOutA") returned 0x7537eda3 [0171.849] GetProcAddress (hModule=0x76d90000, lpProcName="listen") returned 0x76d9b001 [0171.849] GetProcAddress (hModule=0x75360000, lpProcName="DeleteObject") returned 0x75375689 [0171.850] GetProcAddress (hModule=0x75590000, lpProcName="DrawTextA") returned 0x755baea1 [0171.850] GetProcAddress (hModule=0x75590000, lpProcName="UnregisterClassA") returned 0x755adced [0171.850] GetProcAddress (hModule=0x76d90000, lpProcName="recv") returned 0x76d96b0e [0171.850] GetProcAddress (hModule=0x75a70000, lpProcName="EndUpdateResourceA") returned 0x75b13d34 [0171.850] GetProcAddress (hModule=0x75590000, lpProcName="LoadCursorA") returned 0x755adad5 [0171.851] GetProcAddress (hModule=0x75a70000, lpProcName="FreeLibrary") returned 0x75a834c8 [0171.851] GetProcAddress (hModule=0x75360000, lpProcName="CreateFontIndirectA") returned 0x7537cffd [0171.851] GetProcAddress (hModule=0x75a70000, lpProcName="CreateFileA") returned 0x75a853c6 [0171.851] GetProcAddress (hModule=0x75b80000, lpProcName="SetEntriesInAclA") returned 0x75bd15e9 [0171.851] GetProcAddress (hModule=0x75b80000, lpProcName="RegSetValueExW") returned 0x75b914d6 [0171.851] GetProcAddress (hModule=0x75a70000, lpProcName="CreateFileMappingA") returned 0x75a85506 [0171.852] GetProcAddress (hModule=0x75360000, lpProcName="TextOutW") returned 0x7537d41c [0171.852] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupAddMembers") returned 0x74cf92fe [0171.852] GetProcAddress (hModule=0x76d90000, lpProcName="socket") returned 0x76d93eb8 [0171.852] GetProcAddress (hModule=0x75b80000, lpProcName="SetSecurityDescriptorDacl") returned 0x75b9415e [0171.852] GetProcAddress (hModule=0x75a70000, lpProcName="ResumeThread") returned 0x75a843ef [0171.852] GetProcAddress (hModule=0x75a70000, lpProcName="CreateMutexA") returned 0x75a84c6b [0171.852] GetProcAddress (hModule=0x75a70000, lpProcName="CreateToolhelp32Snapshot") returned 0x75aa735f [0171.853] GetProcAddress (hModule=0x75b80000, lpProcName="CreateProcessWithLogonW") returned 0x75bc52e9 [0171.853] GetProcAddress (hModule=0x75a70000, lpProcName="BeginUpdateResourceW") returned 0x75b13d6c [0171.853] GetProcAddress (hModule=0x75a70000, lpProcName="LocalAlloc") returned 0x75a8168c [0171.853] GetProcAddress (hModule=0x75b80000, lpProcName="StartServiceCtrlDispatcherW") returned 0x75b8a965 [0171.853] GetProcAddress (hModule=0x76d90000, lpProcName="bind") returned 0x76d94582 [0171.854] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleHandleW") returned 0x75a834b0 [0171.854] GetProcAddress (hModule=0x75a70000, lpProcName="GetFileSize") returned 0x75a8196e [0171.854] GetProcAddress (hModule=0x75b80000, lpProcName="LookupAccountNameW") returned 0x75b8e276 [0171.854] GetProcAddress (hModule=0x75590000, lpProcName="CloseClipboard") returned 0x755b8e8d [0171.854] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x75c40000 [0171.860] GetProcAddress (hModule=0x75c40000, lpProcName="OleLoadPicture") returned 0x75ca7c49 [0171.860] GetProcAddress (hModule=0x75590000, lpProcName="DestroyWindow") returned 0x755a9a55 [0171.860] GetProcAddress (hModule=0x75360000, lpProcName="CreateSolidBrush") returned 0x75374f17 [0171.860] GetProcAddress (hModule=0x76010000, lpProcName="ExtractAssociatedIconW") returned 0x76214e1e [0171.861] GetProcAddress (hModule=0x75a70000, lpProcName="BeginUpdateResourceA") returned 0x75b13f39 [0171.861] GetProcAddress (hModule=0x75a70000, lpProcName="DeleteFileW") returned 0x75a889b3 [0171.861] GetProcAddress (hModule=0x75360000, lpProcName="CreateDIBSection") returned 0x7537ac46 [0171.861] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x74cc0000 [0171.887] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetCancelConnection2W") returned 0x74cc8cd1 [0171.888] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetAddConnection2W") returned 0x74cc4744 [0171.888] GetProcAddress (hModule=0x75590000, lpProcName="TranslateMessage") returned 0x755a7809 [0171.888] GetProcAddress (hModule=0x75b80000, lpProcName="CreateServiceW") returned 0x75ba712c [0171.888] GetProcAddress (hModule=0x75a70000, lpProcName="CreateFileW") returned 0x75a83f5c [0171.888] GetProcAddress (hModule=0x75b80000, lpProcName="InitializeSecurityDescriptor") returned 0x75b94620 [0171.888] GetProcAddress (hModule=0x75a70000, lpProcName="CreateThread") returned 0x75a834d5 [0171.888] GetProcAddress (hModule=0x75a70000, lpProcName="WaitForSingleObject") returned 0x75a81136 [0171.888] GetProcAddress (hModule=0x75590000, lpProcName="InSendMessage") returned 0x755b3e46 [0171.889] GetProcAddress (hModule=0x75a70000, lpProcName="TerminateProcess") returned 0x75a9d802 [0171.889] GetProcAddress (hModule=0x75360000, lpProcName="SetTextColor") returned 0x7537522d [0171.889] GetProcAddress (hModule=0x76d90000, lpProcName="htonl") returned 0x76d92d57 [0171.889] GetProcAddress (hModule=0x75a70000, lpProcName="WinExec") returned 0x75b02c21 [0171.889] GetProcAddress (hModule=0x75590000, lpProcName="BeginPaint") returned 0x755b1361 [0171.889] GetProcAddress (hModule=0x75a70000, lpProcName="GetEnvironmentVariableW") returned 0x75a81b48 [0171.890] GetProcAddress (hModule=0x75a70000, lpProcName="VirtualFree") returned 0x75a8186e [0171.890] GetProcAddress (hModule=0x75a70000, lpProcName="OpenProcess") returned 0x75a81986 [0171.890] GetProcAddress (hModule=0x75b80000, lpProcName="RegQueryValueExW") returned 0x75b946ad [0171.890] GetProcAddress (hModule=0x75a70000, lpProcName="ReadFile") returned 0x75a83ed3 [0171.891] GetProcAddress (hModule=0x75590000, lpProcName="FillRect") returned 0x755b0eb6 [0171.891] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x75200000 [0171.891] GetProcAddress (hModule=0x75200000, lpProcName="CreateStreamOnHGlobal") returned 0x7522363b [0171.891] GetProcAddress (hModule=0x75a70000, lpProcName="VirtualAlloc") returned 0x75a81856 [0171.891] GetProcAddress (hModule=0x76d90000, lpProcName="ioctlsocket") returned 0x76d93084 [0171.892] GetProcAddress (hModule=0x76d90000, lpProcName="getpeername") returned 0x76d97147 [0171.892] GetProcAddress (hModule=0x75a70000, lpProcName="Process32First") returned 0x75aa8ae7 [0171.892] GetProcAddress (hModule=0x75a70000, lpProcName="ExitProcess") returned 0x75a87a10 [0171.892] GetProcAddress (hModule=0x75b80000, lpProcName="GetUserNameA") returned 0x75baa4b4 [0171.892] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupDel") returned 0x74cf8d7c [0171.892] GetProcAddress (hModule=0x75590000, lpProcName="CreateWindowExA") returned 0x755ad22e [0171.893] GetProcAddress (hModule=0x76d90000, lpProcName="gethostbyname") returned 0x76da7673 [0171.893] GetProcAddress (hModule=0x75590000, lpProcName="RegisterClassExA") returned 0x755adb98 [0171.893] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetOpenEnumW") returned 0x74cc2f06 [0171.893] GetProcAddress (hModule=0x75590000, lpProcName="DestroyIcon") returned 0x755b49b2 [0171.893] GetProcAddress (hModule=0x76010000, lpProcName="ShellExecuteExW") returned 0x76031e46 [0171.894] GetProcAddress (hModule=0x75a70000, lpProcName="TerminateThread") returned 0x75a87a2f [0171.894] GetProcAddress (hModule=0x75a70000, lpProcName="CopyFileA") returned 0x75aa58e5 [0171.894] GetProcAddress (hModule=0x75590000, lpProcName="DefWindowProcA") returned 0x773724e0 [0171.894] GetProcAddress (hModule=0x75b80000, lpProcName="SetNamedSecurityInfoW") returned 0x75b89fe2 [0171.894] GetProcAddress (hModule=0x75a70000, lpProcName="GetSystemTimeAsFileTime") returned 0x75a83509 [0171.894] GetProcAddress (hModule=0x75590000, lpProcName="DispatchMessageA") returned 0x755a7bbb [0171.894] GetProcAddress (hModule=0x76d90000, lpProcName="htons") returned 0x76d92d8b [0171.895] GetProcAddress (hModule=0x75590000, lpProcName="OpenClipboard") returned 0x755b8ecb [0171.895] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleFileNameW") returned 0x75a84950 [0171.895] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalUnlock") returned 0x75a9cfdf [0171.895] GetProcAddress (hModule=0x75a70000, lpProcName="GetEnvironmentVariableA") returned 0x75a833a0 [0171.895] GetProcAddress (hModule=0x74e30000, lpProcName="NetApiBufferFree") returned 0x74d313d2 [0171.896] GetProcAddress (hModule=0x75b80000, lpProcName="OpenSCManagerW") returned 0x75b8ca64 [0171.896] GetProcAddress (hModule=0x75590000, lpProcName="SetWindowPos") returned 0x755a8e4e [0171.896] GetProcAddress (hModule=0x75a70000, lpProcName="SetFileAttributesA") returned 0x75a9ecd3 [0171.896] GetProcAddress (hModule=0x75b80000, lpProcName="StartServiceW") returned 0x75b87974 [0171.896] GetProcAddress (hModule=0x75b80000, lpProcName="SetServiceStatus") returned 0x75b8c7a6 [0171.896] GetProcAddress (hModule=0x75a70000, lpProcName="GetLogicalDriveStringsA") returned 0x75a8e4dc [0171.896] GetProcAddress (hModule=0x75a70000, lpProcName="CreateProcessA") returned 0x75a81072 [0171.897] GetProcAddress (hModule=0x75a70000, lpProcName="CreateEventA") returned 0x75a8328c [0171.897] GetProcAddress (hModule=0x75b80000, lpProcName="LsaOpenPolicy") returned 0x75ba077c [0171.897] GetProcAddress (hModule=0x75590000, lpProcName="SetClipboardData") returned 0x755e8e57 [0171.897] GetProcAddress (hModule=0x75360000, lpProcName="SelectObject") returned 0x75374f70 [0171.897] GetProcAddress (hModule=0x75b80000, lpProcName="RegCloseKey") returned 0x75b9469d [0171.898] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalLock") returned 0x75a9d0a7 [0171.898] GetProcAddress (hModule=0x75a70000, lpProcName="ReleaseMutex") returned 0x75a8111e [0171.898] GetProcAddress (hModule=0x75360000, lpProcName="GetDIBits") returned 0x75376001 [0171.898] GetProcAddress (hModule=0x75590000, lpProcName="UpdateWindow") returned 0x755b3559 [0171.898] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupAdd") returned 0x74cf8c32 [0171.898] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleFileNameA") returned 0x75a814b1 [0171.899] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetEnumResourceW") returned 0x74cc3058 [0171.899] GetProcAddress (hModule=0x74e30000, lpProcName="NetUserAdd") returned 0x74cf5648 [0171.899] GetProcAddress (hModule=0x75a70000, lpProcName="GetLogicalDriveStringsW") returned 0x75b0436f [0171.900] GetProcAddress (hModule=0x75590000, lpProcName="GetDC") returned 0x755a72c4 [0171.900] GetProcAddress (hModule=0x75590000, lpProcName="PostQuitMessage") returned 0x755a9abb [0171.900] GetProcAddress (hModule=0x75590000, lpProcName="SetClassLongA") returned 0x755bd5f9 [0171.900] GetProcAddress (hModule=0x74ce0000, lpProcName="WTSFreeMemory") returned 0x74ce1b65 [0171.900] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0171.901] VirtualAlloc (lpAddress=0x0, dwSize=0x73b6e, flAllocationType=0x1000, flProtect=0x40) returned 0x370000 [0171.927] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5e5f98 [0171.927] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5e5f98, dwRevision=0x1 | out: pSecurityDescriptor=0x5e5f98) returned 1 [0171.927] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5e5f98, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5e5f98) returned 1 [0171.927] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x9f0000 [0172.058] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x220000 [0172.059] VirtualAlloc (lpAddress=0x0, dwSize=0x2300000, flAllocationType=0x3000, flProtect=0x40) returned 0xbc0000 [0172.061] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x2ec0000 [0172.068] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x2fc0000 [0172.076] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x230000 [0172.077] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x230000, nSize=0x200 | out: lpBuffer="C:\\Windows\\TEMP") returned 0xf [0172.080] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e16, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e0a | out: pSid=0x458e0a*=0x5e4b00*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0172.080] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e28, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e1c | out: pSid=0x458e1c*=0x5e4b18*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0172.080] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x240000 [0172.180] SetEntriesInAclA () returned 0x0 [0172.192] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5e5fb8 [0172.192] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5e5fb8, dwRevision=0x1 | out: pSecurityDescriptor=0x5e5fb8) returned 1 [0172.192] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5e5fb8, bDaclPresent=1, pDacl=0x5e6958, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5e5fb8) returned 1 [0172.192] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x250000 [0172.193] SetEntriesInAclA () returned 0x0 [0172.193] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5e60c0 [0172.193] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5e60c0, dwRevision=0x1 | out: pSecurityDescriptor=0x5e60c0) returned 1 [0172.193] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5e60c0, bDaclPresent=1, pDacl=0x5e6118, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5e60c0) returned 1 [0172.193] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x260000 [0172.193] SetEntriesInAclA () returned 0x0 [0172.193] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5e60e0 [0172.193] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x5e60e0, dwRevision=0x1 | out: pSecurityDescriptor=0x5e60e0) returned 1 [0172.193] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5e60e0, bDaclPresent=1, pDacl=0x5e6190, bDaclDefaulted=0 | out: pSecurityDescriptor=0x5e60e0) returned 1 [0172.193] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x403110 | out: lpWSAData=0x403110) returned 0 [0172.215] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="uwkkwwAk") returned 0xfc [0172.215] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="DakkIgow") returned 0x100 [0172.215] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x270000 [0172.263] VirtualAlloc (lpAddress=0x0, dwSize=0x402, flAllocationType=0x3000, flProtect=0x40) returned 0x290000 [0172.263] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x2a0000 [0172.263] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x2b0000 [0172.264] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x2c0000 [0172.264] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x2d0000 [0172.264] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x2e0000 [0172.264] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3f0000 [0172.264] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x2a0000, nSize=0x1000 | out: lpBuffer="C:\\Windows\\system32\\config\\systemprofile") returned 0x28 [0172.264] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x2b0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0172.266] CreateDirectoryW (lpPathName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou"), lpSecurityAttributes=0x458dca) returned 0 [0172.320] SetFileAttributesW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU", dwFileAttributes=0x6) returned 1 [0172.325] GetCurrentThreadId () returned 0x690 [0172.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xed7524a0, dwHighDateTime=0x1d6076c)) [0172.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xed7524a0, dwHighDateTime=0x1d6076c)) [0172.325] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0x3e7) returned 0x0 [0172.325] GetCurrentThreadId () returned 0x690 [0172.325] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou")) returned 0x16 [0172.325] CreateFileW (lpFileName="C:\\Windows\\system32\\config\\systemprofile\\duIwksoU\\BUccwoAg" (normalized: "c:\\windows\\system32\\config\\systemprofile\\duiwksou\\buccwoag"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0172.326] CreateFileMappingA (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x108 [0172.326] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x540000 [0172.326] ReleaseMutex (hMutex=0xfc) returned 1 [0172.326] CreateDirectoryW (lpPathName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc"), lpSecurityAttributes=0x458dca) returned 0 [0172.326] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc", dwFileAttributes=0x6) returned 1 [0172.326] GetCurrentThreadId () returned 0x690 [0172.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xed754bb0, dwHighDateTime=0x1d6076c)) [0172.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xed754bb0, dwHighDateTime=0x1d6076c)) [0172.327] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0x3e7) returned 0x0 [0172.327] GetCurrentThreadId () returned 0x690 [0172.327] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc")) returned 0x16 [0172.327] CreateFileW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0172.327] CreateFileMappingA (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x110 [0172.327] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x550000 [0172.327] ReleaseMutex (hMutex=0xfc) returned 1 [0172.330] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x560000 [0172.828] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x570000 [0172.829] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x580000 [0172.829] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x590000 [0172.829] GetUserNameA (in: lpBuffer=0x58001a, pcbBuffer=0x45db86 | out: lpBuffer="SYSTEM", pcbBuffer=0x45db86) returned 1 [0172.834] GetUserNameA (in: lpBuffer=0x59001a, pcbBuffer=0x45db86 | out: lpBuffer="SYSTEM", pcbBuffer=0x45db86) returned 1 [0172.835] Sleep (dwMilliseconds=0xed) [0173.122] LookupAccountNameW (in: lpSystemName=0x0, lpAccountName="gjpll9uxb4hpl9ud", Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed | out: Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed) returned 0 [0173.144] StartServiceCtrlDispatcherW (lpServiceTable=0x40ad47*(lpServiceName="", lpServiceProc=0x40b097)) Thread: id = 381 os_tid = 0x6e0 Thread: id = 383 os_tid = 0x6e8 Thread: id = 384 os_tid = 0x6ec Thread: id = 385 os_tid = 0x6f0 [0173.456] RegisterServiceCtrlHandlerW (lpServiceName="", lpHandlerProc=0x40af04) returned 0x5e8580 [0173.459] SetServiceStatus (hServiceStatus=0x5e8580, lpServiceStatus=0x40ad2b*(dwServiceType=0x10, dwCurrentState=0x2, dwControlsAccepted=0x0, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x1, dwWaitHint=0x1388)) returned 1 [0173.490] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x170 [0173.490] SetServiceStatus (hServiceStatus=0x5e8580, lpServiceStatus=0x40ad2b*(dwServiceType=0x10, dwCurrentState=0x2, dwControlsAccepted=0x0, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x2, dwWaitHint=0x3e8)) returned 1 [0173.490] SetServiceStatus (hServiceStatus=0x5e8580, lpServiceStatus=0x40ad2b*(dwServiceType=0x10, dwCurrentState=0x2, dwControlsAccepted=0x0, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x3, dwWaitHint=0x1388)) returned 1 [0173.491] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x45efae, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x380ff60 | out: lpThreadId=0x380ff60*=0x708) returned 0x174 [0173.492] SetServiceStatus (hServiceStatus=0x5e8580, lpServiceStatus=0x40ad2b*(dwServiceType=0x10, dwCurrentState=0x4, dwControlsAccepted=0x7, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0173.522] WaitForSingleObject (hHandle=0x170, dwMilliseconds=0xffffffff) Thread: id = 391 os_tid = 0x708 [0173.499] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0173.532] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x178) returned 0x0 [0173.532] RegSetValueExW (in: hKey=0x178, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0173.534] RegCloseKey (hKey=0x178) returned 0x0 [0173.534] Sleep (dwMilliseconds=0xe525) [0183.849] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0183.873] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x178) returned 0x0 [0183.873] RegSetValueExW (in: hKey=0x178, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0183.873] RegCloseKey (hKey=0x178) returned 0x0 [0183.874] Sleep (dwMilliseconds=0xe525) [0195.639] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0195.639] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x178) returned 0x0 [0195.640] RegSetValueExW (in: hKey=0x178, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0195.640] RegCloseKey (hKey=0x178) returned 0x0 [0195.640] Sleep (dwMilliseconds=0xe525) [0206.700] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0206.700] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x134) returned 0x0 [0206.700] RegSetValueExW (in: hKey=0x134, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0206.700] RegCloseKey (hKey=0x134) returned 0x0 [0206.700] Sleep (dwMilliseconds=0xe525) [0216.902] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0216.902] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x134) returned 0x0 [0216.902] RegSetValueExW (in: hKey=0x134, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0216.903] RegCloseKey (hKey=0x134) returned 0x0 [0216.903] Sleep (dwMilliseconds=0xe525) [0226.964] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0226.964] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x134) returned 0x0 [0226.964] RegSetValueExW (in: hKey=0x134, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0226.964] RegCloseKey (hKey=0x134) returned 0x0 [0226.964] Sleep (dwMilliseconds=0xe525) [0237.026] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0237.026] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x134) returned 0x0 [0237.026] RegSetValueExW (in: hKey=0x134, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0237.026] RegCloseKey (hKey=0x134) returned 0x0 [0237.026] Sleep (dwMilliseconds=0xe525) [0250.036] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0250.036] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x160) returned 0x0 [0250.036] RegSetValueExW (in: hKey=0x160, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0250.037] RegCloseKey (hKey=0x160) returned 0x0 [0250.037] Sleep (dwMilliseconds=0xe525) [0261.720] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0261.720] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x160) returned 0x0 [0261.721] RegSetValueExW (in: hKey=0x160, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0261.721] RegCloseKey (hKey=0x160) returned 0x0 [0261.721] Sleep (dwMilliseconds=0xe525) [0271.751] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x20 [0271.752] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x160) returned 0x0 [0271.752] RegSetValueExW (in: hKey=0x160, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe", cbData=0x48 | out: lpData="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe") returned 0x0 [0271.752] RegCloseKey (hKey=0x160) returned 0x0 [0271.752] Sleep (dwMilliseconds=0xe525) Process: id = "27" image_name = "ymiisqma.exe" filename = "c:\\programdata\\gsogosqc\\ymiisqma.exe" page_root = "0x14aed000" os_pid = "0x730" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x4c8" cmd_line = "\"C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ea5f" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 392 os_tid = 0x734 [0176.506] GetProcessHeap () returned 0x510000 [0176.506] GetProcessHeap () returned 0x510000 [0176.506] GetProcessHeap () returned 0x510000 [0176.506] GetProcessHeap () returned 0x510000 [0176.506] GetSystemDefaultLCID () returned 0x409 [0178.429] GetSystemDefaultLCID () returned 0x409 [0178.429] GetSystemDefaultLCID () returned 0x409 [0178.429] GetSystemDefaultLCID () returned 0x409 [0178.429] GetSystemDefaultLCID () returned 0x409 [0178.429] GetSystemDefaultLCID () returned 0x409 [0178.429] GetSystemDefaultLCID () returned 0x409 [0178.429] GetSystemDefaultLCID () returned 0x409 [0178.430] GetSystemDefaultLCID () returned 0x409 [0178.430] GetSystemDefaultLCID () returned 0x409 [0178.430] GetSystemDefaultLCID () returned 0x409 [0178.430] GetSystemDefaultLCID () returned 0x409 [0178.430] GetSystemDefaultLCID () returned 0x409 [0178.430] VirtualProtect (in: lpAddress=0x401400, dwSize=0x73ec8, flNewProtect=0x40, lpflOldProtect=0x18ff88 | out: lpflOldProtect=0x18ff88*=0x20) returned 1 [0178.476] GetSystemDefaultLCID () returned 0x409 [0178.480] GetSystemDefaultLCID () returned 0x409 [0178.480] GetSystemDefaultLCID () returned 0x409 [0178.482] GetSystemDefaultLCID () returned 0x409 [0178.486] GetSystemDefaultLCID () returned 0x409 [0178.509] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18ff80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18ff80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0178.722] GetVersionExA (in: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fef0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0178.772] GetProcAddress (hModule=0x75a70000, lpProcName="CreateToolhelp32Snapshot") returned 0x75aa735f [0178.772] GetProcAddress (hModule=0x75a70000, lpProcName="SetFileAttributesA") returned 0x75a9ecd3 [0178.773] GetProcAddress (hModule=0x75a70000, lpProcName="BeginUpdateResourceW") returned 0x75b13d6c [0178.773] GetProcAddress (hModule=0x75a70000, lpProcName="CopyFileW") returned 0x75aa830d [0178.773] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalAlloc") returned 0x75a8588e [0178.773] GetProcAddress (hModule=0x75a70000, lpProcName="WinExec") returned 0x75b02c21 [0178.773] GetProcAddress (hModule=0x75a70000, lpProcName="SetFileAttributesW") returned 0x75a9d4f7 [0178.773] GetProcAddress (hModule=0x75a70000, lpProcName="OpenProcess") returned 0x75a81986 [0178.773] GetProcAddress (hModule=0x75a70000, lpProcName="VirtualAlloc") returned 0x75a81856 [0178.773] GetProcAddress (hModule=0x75a70000, lpProcName="Sleep") returned 0x75a810ff [0178.774] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalUnlock") returned 0x75a9cfdf [0178.774] GetProcAddress (hModule=0x75a70000, lpProcName="LoadLibraryA") returned 0x75a849d7 [0178.774] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x75b80000 [0178.774] GetProcAddress (hModule=0x75b80000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x75b8a97d [0178.774] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleFileNameW") returned 0x75a84950 [0178.774] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75590000 [0179.030] GetProcAddress (hModule=0x75590000, lpProcName="CreateWindowExA") returned 0x755ad22e [0179.030] GetProcAddress (hModule=0x75a70000, lpProcName="BeginUpdateResourceA") returned 0x75b13f39 [0179.030] GetProcAddress (hModule=0x75590000, lpProcName="ShowWindow") returned 0x755b0dfb [0179.030] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x75360000 [0179.031] GetProcAddress (hModule=0x75360000, lpProcName="GetDIBits") returned 0x75376001 [0179.031] GetProcAddress (hModule=0x75a70000, lpProcName="SetEvent") returned 0x75a816c5 [0179.031] GetProcAddress (hModule=0x75a70000, lpProcName="GetFileSize") returned 0x75a8196e [0179.031] GetProcAddress (hModule=0x75a70000, lpProcName="UpdateResourceA") returned 0x75b1363d [0179.031] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleHandleW") returned 0x75a834b0 [0179.031] GetProcAddress (hModule=0x75360000, lpProcName="BitBlt") returned 0x75375ea6 [0179.031] GetProcAddress (hModule=0x75b80000, lpProcName="LogonUserW") returned 0x75b8c1a9 [0179.031] LoadLibraryA (lpLibFileName="wtsapi32.dll") returned 0x74ce0000 [0179.033] GetProcAddress (hModule=0x74ce0000, lpProcName="WTSFreeMemory") returned 0x74ce1b65 [0179.033] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x74cc0000 [0179.035] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetAddConnection2W") returned 0x74cc4744 [0179.035] GetProcAddress (hModule=0x75a70000, lpProcName="GetFileAttributesW") returned 0x75a81b18 [0179.035] GetProcAddress (hModule=0x75a70000, lpProcName="GetEnvironmentVariableW") returned 0x75a81b48 [0179.035] GetProcAddress (hModule=0x75590000, lpProcName="FillRect") returned 0x755b0eb6 [0179.035] GetProcAddress (hModule=0x75a70000, lpProcName="FreeLibrary") returned 0x75a834c8 [0179.035] GetProcAddress (hModule=0x75a70000, lpProcName="GetCommandLineW") returned 0x75a85223 [0179.035] GetProcAddress (hModule=0x75b80000, lpProcName="GetUserNameW") returned 0x75b9157a [0179.035] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76d90000 [0179.035] GetProcAddress (hModule=0x76d90000, lpProcName="socket") returned 0x76d93eb8 [0179.035] GetProcAddress (hModule=0x75a70000, lpProcName="GetLogicalDriveStringsA") returned 0x75a8e4dc [0179.036] GetProcAddress (hModule=0x75590000, lpProcName="CloseClipboard") returned 0x755b8e8d [0179.036] GetProcAddress (hModule=0x76d90000, lpProcName="listen") returned 0x76d9b001 [0179.036] GetProcAddress (hModule=0x75a70000, lpProcName="CreateProcessW") returned 0x75a8103d [0179.036] GetProcAddress (hModule=0x75590000, lpProcName="DrawIcon") returned 0x755b8deb [0179.036] GetProcAddress (hModule=0x75590000, lpProcName="GetKeyboardState") returned 0x755cec68 [0179.036] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x74e30000 [0179.043] GetProcAddress (hModule=0x74e30000, lpProcName="NetUserAdd") returned 0x74cf5648 [0179.044] GetProcAddress (hModule=0x75b80000, lpProcName="QueryServiceStatus") returned 0x75b92a86 [0179.044] GetProcAddress (hModule=0x76d90000, lpProcName="htonl") returned 0x76d92d57 [0179.044] GetProcAddress (hModule=0x75a70000, lpProcName="GetEnvironmentVariableA") returned 0x75a833a0 [0179.045] GetProcAddress (hModule=0x75a70000, lpProcName="GetCommandLineA") returned 0x75a851a1 [0179.045] GetProcAddress (hModule=0x75a70000, lpProcName="GetUserGeoID") returned 0x75aaacf0 [0179.045] GetProcAddress (hModule=0x75a70000, lpProcName="ReadFile") returned 0x75a83ed3 [0179.045] GetProcAddress (hModule=0x75b80000, lpProcName="SetEntriesInAclW") returned 0x75b92a66 [0179.045] GetProcAddress (hModule=0x75590000, lpProcName="InvalidateRect") returned 0x755b1381 [0179.045] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupDel") returned 0x74cf8d7c [0179.045] GetProcAddress (hModule=0x76d90000, lpProcName="bind") returned 0x76d94582 [0179.045] GetProcAddress (hModule=0x75a70000, lpProcName="DeleteFileW") returned 0x75a889b3 [0179.045] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalFree") returned 0x75a85558 [0179.046] GetProcAddress (hModule=0x76d90000, lpProcName="WSAStartup") returned 0x76d93ab2 [0179.046] GetProcAddress (hModule=0x75590000, lpProcName="FindWindowA") returned 0x755affe6 [0179.046] GetProcAddress (hModule=0x75590000, lpProcName="GetIconInfo") returned 0x755b49ea [0179.046] GetProcAddress (hModule=0x75b80000, lpProcName="RegOpenKeyExW") returned 0x75b9468d [0179.046] GetProcAddress (hModule=0x75b80000, lpProcName="CheckTokenMembership") returned 0x75b8df04 [0179.046] GetProcAddress (hModule=0x75a70000, lpProcName="CreateFileMappingA") returned 0x75a85506 [0179.046] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleHandleA") returned 0x75a81245 [0179.046] GetProcAddress (hModule=0x75a70000, lpProcName="GetLastError") returned 0x75a811c0 [0179.046] GetProcAddress (hModule=0x75590000, lpProcName="EndPaint") returned 0x755b1341 [0179.046] GetProcAddress (hModule=0x75b80000, lpProcName="RegOpenKeyExA") returned 0x75b94907 [0179.047] GetProcAddress (hModule=0x76d90000, lpProcName="ioctlsocket") returned 0x76d93084 [0179.047] GetProcAddress (hModule=0x75a70000, lpProcName="FindFirstFileW") returned 0x75a84435 [0179.047] GetProcAddress (hModule=0x75a70000, lpProcName="Process32Next") returned 0x75aa88a4 [0179.047] GetProcAddress (hModule=0x75590000, lpProcName="LoadIconA") returned 0x755adafb [0179.047] GetProcAddress (hModule=0x74ce0000, lpProcName="WTSEnumerateSessionsA") returned 0x74ce4023 [0179.047] GetProcAddress (hModule=0x74e30000, lpProcName="NetUserSetInfo") returned 0x74cf5d16 [0179.047] GetProcAddress (hModule=0x75b80000, lpProcName="FreeSid") returned 0x75b9412e [0179.047] GetProcAddress (hModule=0x75590000, lpProcName="GetForegroundWindow") returned 0x755b2320 [0179.047] GetProcAddress (hModule=0x75a70000, lpProcName="GetTickCount") returned 0x75a8110c [0179.047] GetProcAddress (hModule=0x75b80000, lpProcName="ConvertStringSidToSidA") returned 0x75ba0f23 [0179.048] GetProcAddress (hModule=0x75b80000, lpProcName="SetServiceStatus") returned 0x75b8c7a6 [0179.048] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetCancelConnection2W") returned 0x74cc8cd1 [0179.048] GetProcAddress (hModule=0x75360000, lpProcName="SetTextColor") returned 0x7537522d [0179.048] GetProcAddress (hModule=0x75590000, lpProcName="BeginPaint") returned 0x755b1361 [0179.048] GetProcAddress (hModule=0x75590000, lpProcName="OpenClipboard") returned 0x755b8ecb [0179.048] GetProcAddress (hModule=0x75360000, lpProcName="TextOutW") returned 0x7537d41c [0179.048] GetProcAddress (hModule=0x75a70000, lpProcName="VirtualFree") returned 0x75a8186e [0179.048] GetProcAddress (hModule=0x75590000, lpProcName="UnregisterClassA") returned 0x755adced [0179.048] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupDelMembers") returned 0x74cf9322 [0179.049] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetEnumResourceW") returned 0x74cc3058 [0179.049] GetProcAddress (hModule=0x75360000, lpProcName="DeleteObject") returned 0x75375689 [0179.049] GetProcAddress (hModule=0x75590000, lpProcName="InSendMessage") returned 0x755b3e46 [0179.049] GetProcAddress (hModule=0x75590000, lpProcName="SetClassLongA") returned 0x755bd5f9 [0179.049] GetProcAddress (hModule=0x75b80000, lpProcName="RegQueryValueExA") returned 0x75b948ef [0179.049] GetProcAddress (hModule=0x75a70000, lpProcName="CreateFileW") returned 0x75a83f5c [0179.049] GetProcAddress (hModule=0x75b80000, lpProcName="RegQueryValueExW") returned 0x75b946ad [0179.049] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x76010000 [0179.054] GetProcAddress (hModule=0x76010000, lpProcName="ExtractAssociatedIconW") returned 0x76214e1e [0179.054] GetProcAddress (hModule=0x75a70000, lpProcName="GetCurrentDirectoryW") returned 0x75a85611 [0179.054] GetProcAddress (hModule=0x75a70000, lpProcName="WaitForSingleObject") returned 0x75a81136 [0179.054] GetProcAddress (hModule=0x75b80000, lpProcName="InitializeSecurityDescriptor") returned 0x75b94620 [0179.054] GetProcAddress (hModule=0x75a70000, lpProcName="SetFilePointer") returned 0x75a817d1 [0179.054] GetProcAddress (hModule=0x75360000, lpProcName="CreateDIBSection") returned 0x7537ac46 [0179.055] GetProcAddress (hModule=0x75a70000, lpProcName="GetCurrentProcessId") returned 0x75a811f8 [0179.055] GetProcAddress (hModule=0x75a70000, lpProcName="GlobalLock") returned 0x75a9d0a7 [0179.055] GetProcAddress (hModule=0x75a70000, lpProcName="CreateThread") returned 0x75a834d5 [0179.055] GetProcAddress (hModule=0x75590000, lpProcName="SetTimer") returned 0x755a79fb [0179.055] GetProcAddress (hModule=0x75a70000, lpProcName="ExitProcess") returned 0x75a87a10 [0179.055] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x75c40000 [0179.061] GetProcAddress (hModule=0x75c40000, lpProcName="OleLoadPicture") returned 0x75ca7c49 [0179.062] GetProcAddress (hModule=0x76d90000, lpProcName="connect") returned 0x76d96bdd [0179.062] GetProcAddress (hModule=0x75a70000, lpProcName="DeleteFileA") returned 0x75a85444 [0179.062] GetProcAddress (hModule=0x75360000, lpProcName="CreateFontIndirectA") returned 0x7537cffd [0179.062] GetProcAddress (hModule=0x75590000, lpProcName="GetMessageA") returned 0x755a7bd3 [0179.062] GetProcAddress (hModule=0x75a70000, lpProcName="Process32First") returned 0x75aa8ae7 [0179.062] GetProcAddress (hModule=0x75590000, lpProcName="GetDC") returned 0x755a72c4 [0179.063] GetProcAddress (hModule=0x75360000, lpProcName="TextOutA") returned 0x7537eda3 [0179.063] GetProcAddress (hModule=0x75a70000, lpProcName="CreateFileA") returned 0x75a853c6 [0179.063] GetProcAddress (hModule=0x75590000, lpProcName="GetSystemMetrics") returned 0x755a7d2f [0179.063] GetProcAddress (hModule=0x75360000, lpProcName="GetObjectA") returned 0x753785d4 [0179.063] GetProcAddress (hModule=0x75b80000, lpProcName="AllocateAndInitializeSid") returned 0x75b940e6 [0179.063] GetProcAddress (hModule=0x75a70000, lpProcName="GetLogicalDriveStringsW") returned 0x75b0436f [0179.064] GetProcAddress (hModule=0x76d90000, lpProcName="closesocket") returned 0x76d93918 [0179.064] GetProcAddress (hModule=0x75b80000, lpProcName="OpenSCManagerW") returned 0x75b8ca64 [0179.064] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupAdd") returned 0x74cf8c32 [0179.064] GetProcAddress (hModule=0x75590000, lpProcName="DispatchMessageA") returned 0x755a7bbb [0179.064] GetProcAddress (hModule=0x75a70000, lpProcName="TerminateProcess") returned 0x75a9d802 [0179.064] GetProcAddress (hModule=0x76d90000, lpProcName="gethostbyname") returned 0x76da7673 [0179.065] GetProcAddress (hModule=0x75a70000, lpProcName="ProcessIdToSessionId") returned 0x75a81275 [0179.065] GetProcAddress (hModule=0x75a70000, lpProcName="LocalAlloc") returned 0x75a8168c [0179.065] GetProcAddress (hModule=0x75360000, lpProcName="SelectObject") returned 0x75374f70 [0179.065] GetProcAddress (hModule=0x75a70000, lpProcName="LocalFree") returned 0x75a82d3c [0179.065] GetProcAddress (hModule=0x75a70000, lpProcName="OpenThread") returned 0x75a91248 [0179.065] GetProcAddress (hModule=0x76d90000, lpProcName="recv") returned 0x76d96b0e [0179.066] GetProcAddress (hModule=0x75a70000, lpProcName="TerminateThread") returned 0x75a87a2f [0179.066] GetProcAddress (hModule=0x75a70000, lpProcName="SuspendThread") returned 0x75aa7d7e [0179.066] GetProcAddress (hModule=0x75590000, lpProcName="TranslateMessage") returned 0x755a7809 [0179.066] GetProcAddress (hModule=0x75a70000, lpProcName="MapViewOfFile") returned 0x75a818f1 [0179.066] GetProcAddress (hModule=0x75a70000, lpProcName="GetSystemTimeAsFileTime") returned 0x75a83509 [0179.066] GetProcAddress (hModule=0x76d90000, lpProcName="send") returned 0x76d96f01 [0179.066] GetProcAddress (hModule=0x75590000, lpProcName="SendMessageA") returned 0x755b612e [0179.067] GetProcAddress (hModule=0x75590000, lpProcName="SetClipboardData") returned 0x755e8e57 [0179.067] GetProcAddress (hModule=0x74e30000, lpProcName="NetApiBufferFree") returned 0x74d313d2 [0179.067] GetProcAddress (hModule=0x75b80000, lpProcName="LookupAccountNameW") returned 0x75b8e276 [0179.067] GetProcAddress (hModule=0x75b80000, lpProcName="CloseServiceHandle") returned 0x75b9369c [0179.067] GetProcAddress (hModule=0x75590000, lpProcName="FindWindowExA") returned 0x755b00d9 [0179.068] GetProcAddress (hModule=0x75b80000, lpProcName="CreateProcessWithLogonW") returned 0x75bc52e9 [0179.068] GetProcAddress (hModule=0x75590000, lpProcName="EmptyClipboard") returned 0x75607cb9 [0179.068] GetProcAddress (hModule=0x76d90000, lpProcName="accept") returned 0x76d968b6 [0179.068] GetProcAddress (hModule=0x75b80000, lpProcName="RegCloseKey") returned 0x75b9469d [0179.068] GetProcAddress (hModule=0x75a70000, lpProcName="CreateDirectoryW") returned 0x75a84259 [0179.068] GetProcAddress (hModule=0x75a70000, lpProcName="UnmapViewOfFile") returned 0x75a81826 [0179.069] GetProcAddress (hModule=0x75590000, lpProcName="DestroyIcon") returned 0x755b49b2 [0179.069] GetProcAddress (hModule=0x75a70000, lpProcName="ExitThread") returned 0x7738d598 [0179.069] GetProcAddress (hModule=0x74cc0000, lpProcName="WNetOpenEnumW") returned 0x74cc2f06 [0179.069] GetProcAddress (hModule=0x75590000, lpProcName="RegisterClassExA") returned 0x755adb98 [0179.069] GetProcAddress (hModule=0x75b80000, lpProcName="StartServiceW") returned 0x75b87974 [0179.069] GetProcAddress (hModule=0x75b80000, lpProcName="LookupAccountSidW") returned 0x75b94874 [0179.070] GetProcAddress (hModule=0x75590000, lpProcName="PostQuitMessage") returned 0x755a9abb [0179.070] GetProcAddress (hModule=0x76d90000, lpProcName="shutdown") returned 0x76d9449d [0179.070] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupAddMembers") returned 0x74cf92fe [0179.070] GetProcAddress (hModule=0x75a70000, lpProcName="WriteFile") returned 0x75a81282 [0179.070] GetProcAddress (hModule=0x75590000, lpProcName="DestroyWindow") returned 0x755a9a55 [0179.070] GetProcAddress (hModule=0x75a70000, lpProcName="CreateEventA") returned 0x75a8328c [0179.071] GetProcAddress (hModule=0x74ce0000, lpProcName="WTSLogoffSession") returned 0x74ce3d77 [0179.071] GetProcAddress (hModule=0x75590000, lpProcName="UpdateWindow") returned 0x755b3559 [0179.071] GetProcAddress (hModule=0x76d90000, lpProcName="select") returned 0x76d96989 [0179.071] GetProcAddress (hModule=0x75b80000, lpProcName="OpenServiceW") returned 0x75b8ca4c [0179.071] GetProcAddress (hModule=0x75a70000, lpProcName="CreateDirectoryA") returned 0x75aad526 [0179.071] GetProcAddress (hModule=0x75a70000, lpProcName="CopyFileA") returned 0x75aa58e5 [0179.134] GetProcAddress (hModule=0x75b80000, lpProcName="GetUserNameA") returned 0x75baa4b4 [0179.135] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x75200000 [0179.135] GetProcAddress (hModule=0x75200000, lpProcName="CreateStreamOnHGlobal") returned 0x7522363b [0179.136] GetProcAddress (hModule=0x75360000, lpProcName="CreateCompatibleBitmap") returned 0x75375f49 [0179.136] GetProcAddress (hModule=0x75360000, lpProcName="CreateSolidBrush") returned 0x75374f17 [0179.136] GetProcAddress (hModule=0x75b80000, lpProcName="ConvertSidToStringSidA") returned 0x75bb192a [0179.136] GetProcAddress (hModule=0x75b80000, lpProcName="RegSetValueExW") returned 0x75b914d6 [0179.136] GetProcAddress (hModule=0x75b80000, lpProcName="LsaAddAccountRights") returned 0x75bc8819 [0179.136] GetProcAddress (hModule=0x75a70000, lpProcName="EndUpdateResourceA") returned 0x75b13d34 [0179.137] GetProcAddress (hModule=0x76010000, lpProcName="ExtractIconExW") returned 0x7612f0bd [0179.137] GetProcAddress (hModule=0x75a70000, lpProcName="ResumeThread") returned 0x75a843ef [0179.137] GetProcAddress (hModule=0x75a70000, lpProcName="CreateMutexA") returned 0x75a84c6b [0179.137] GetProcAddress (hModule=0x75b80000, lpProcName="SetNamedSecurityInfoW") returned 0x75b89fe2 [0179.137] GetProcAddress (hModule=0x75b80000, lpProcName="SetSecurityDescriptorDacl") returned 0x75b9415e [0179.138] GetProcAddress (hModule=0x75a70000, lpProcName="RtlZeroMemory") returned 0x77393c10 [0179.138] GetProcAddress (hModule=0x75a70000, lpProcName="FindNextFileW") returned 0x75a854ee [0179.138] GetProcAddress (hModule=0x75b80000, lpProcName="CreateServiceW") returned 0x75ba712c [0179.138] GetProcAddress (hModule=0x75360000, lpProcName="CreateCompatibleDC") returned 0x753754f4 [0179.138] GetProcAddress (hModule=0x75590000, lpProcName="SetWindowPos") returned 0x755a8e4e [0179.138] GetProcAddress (hModule=0x75a70000, lpProcName="GetCurrentThreadId") returned 0x75a81450 [0179.139] GetProcAddress (hModule=0x75b80000, lpProcName="StartServiceCtrlDispatcherW") returned 0x75b8a965 [0179.139] GetProcAddress (hModule=0x75360000, lpProcName="SetBkColor") returned 0x753752d8 [0179.139] GetProcAddress (hModule=0x75590000, lpProcName="DefWindowProcA") returned 0x773724e0 [0179.139] GetProcAddress (hModule=0x76010000, lpProcName="ExtractAssociatedIconA") returned 0x76214efe [0179.139] GetProcAddress (hModule=0x75a70000, lpProcName="CloseHandle") returned 0x75a81410 [0179.139] GetProcAddress (hModule=0x75a70000, lpProcName="GetModuleFileNameA") returned 0x75a814b1 [0179.140] GetProcAddress (hModule=0x76d90000, lpProcName="htons") returned 0x76d92d8b [0179.140] GetProcAddress (hModule=0x75b80000, lpProcName="LsaOpenPolicy") returned 0x75ba077c [0179.140] GetProcAddress (hModule=0x75a70000, lpProcName="CreateProcessA") returned 0x75a81072 [0179.140] GetProcAddress (hModule=0x75360000, lpProcName="DeleteDC") returned 0x753758b3 [0179.140] GetProcAddress (hModule=0x76d90000, lpProcName="getsockname") returned 0x76d930af [0179.140] GetProcAddress (hModule=0x75b80000, lpProcName="SetEntriesInAclA") returned 0x75bd15e9 [0179.141] GetProcAddress (hModule=0x75590000, lpProcName="DrawTextW") returned 0x755b25cf [0179.141] GetProcAddress (hModule=0x75590000, lpProcName="GetKeyState") returned 0x755b291f [0179.141] GetProcAddress (hModule=0x76d90000, lpProcName="getpeername") returned 0x76d97147 [0179.141] GetProcAddress (hModule=0x74e30000, lpProcName="NetLocalGroupGetMembers") returned 0x74cf21be [0179.141] GetProcAddress (hModule=0x75a70000, lpProcName="ReleaseMutex") returned 0x75a8111e [0179.141] GetProcAddress (hModule=0x76010000, lpProcName="ShellExecuteExW") returned 0x76031e46 [0179.141] GetProcAddress (hModule=0x75a70000, lpProcName="FindClose") returned 0x75a84442 [0179.142] GetProcAddress (hModule=0x75590000, lpProcName="DrawTextA") returned 0x755baea1 [0179.142] GetProcAddress (hModule=0x75590000, lpProcName="LoadCursorA") returned 0x755adad5 [0179.142] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0179.142] VirtualAlloc (lpAddress=0x0, dwSize=0x73b6e, flAllocationType=0x1000, flProtect=0x40) returned 0x2b0000 [0179.157] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x526228 [0179.157] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x526228, dwRevision=0x1 | out: pSecurityDescriptor=0x526228) returned 1 [0179.157] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x526228, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x526228) returned 1 [0179.157] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x1d30000 [0179.385] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x220000 [0179.385] VirtualAlloc (lpAddress=0x0, dwSize=0x2300000, flAllocationType=0x3000, flProtect=0x40) returned 0x1e30000 [0179.386] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4130000 [0179.413] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4230000 [0179.539] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x40) returned 0x330000 [0179.540] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x330000, nSize=0x200 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24 [0179.552] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e16, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e0a | out: pSid=0x458e0a*=0x524550*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0179.552] AllocateAndInitializeSid (in: pIdentifierAuthority=0x458e28, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x458e1c | out: pSid=0x458e1c*=0x524568*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0179.552] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x340000 [0179.621] SetEntriesInAclA () returned 0x0 [0179.625] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x526248 [0179.625] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x526248, dwRevision=0x1 | out: pSecurityDescriptor=0x526248) returned 1 [0179.625] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x526248, bDaclPresent=1, pDacl=0x526a00, bDaclDefaulted=0 | out: pSecurityDescriptor=0x526248) returned 1 [0179.625] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x350000 [0179.625] SetEntriesInAclA () returned 0x0 [0179.625] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x526f40 [0179.625] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x526f40, dwRevision=0x1 | out: pSecurityDescriptor=0x526f40) returned 1 [0179.625] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x526f40, bDaclPresent=1, pDacl=0x526f98, bDaclDefaulted=0 | out: pSecurityDescriptor=0x526f40) returned 1 [0179.625] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x40) returned 0x360000 [0179.626] SetEntriesInAclA () returned 0x0 [0179.626] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x526f60 [0179.626] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x526f60, dwRevision=0x1 | out: pSecurityDescriptor=0x526f60) returned 1 [0179.626] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x526f60, bDaclPresent=1, pDacl=0x527010, bDaclDefaulted=0 | out: pSecurityDescriptor=0x526f60) returned 1 [0179.626] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x403110 | out: lpWSAData=0x403110) returned 0 [0179.641] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="uwkkwwAk") returned 0xf4 [0179.642] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="DakkIgow") returned 0xf8 [0179.642] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x370000 [0179.720] VirtualAlloc (lpAddress=0x0, dwSize=0x402, flAllocationType=0x3000, flProtect=0x40) returned 0x380000 [0179.720] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3a0000 [0179.721] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3b0000 [0179.721] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3c0000 [0179.721] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d0000 [0179.721] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3e0000 [0179.721] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3f0000 [0179.722] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x3a0000, nSize=0x1000 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0179.722] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x3b0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0179.725] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou"), lpSecurityAttributes=0x458dca) returned 0 [0179.742] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU", dwFileAttributes=0x6) returned 1 [0179.745] GetCurrentThreadId () returned 0x734 [0179.745] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xf19f07d0, dwHighDateTime=0x1d6076c)) [0179.745] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xf19f07d0, dwHighDateTime=0x1d6076c)) [0179.745] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0179.745] GetCurrentThreadId () returned 0x734 [0179.745] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou")) returned 0x16 [0179.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\duIwksoU\\BUccwoAg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\duiwksou\\buccwoag"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0179.745] CreateFileMappingA (hFile=0xfc, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x100 [0179.746] MapViewOfFile (hFileMappingObject=0x100, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x480000 [0179.746] ReleaseMutex (hMutex=0xf4) returned 1 [0179.746] CreateDirectoryW (lpPathName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc"), lpSecurityAttributes=0x458dca) returned 0 [0179.746] SetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc", dwFileAttributes=0x6) returned 1 [0179.746] GetCurrentThreadId () returned 0x734 [0179.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xf19f07d0, dwHighDateTime=0x1d6076c)) [0179.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe9c | out: lpSystemTimeAsFileTime=0x18fe9c*(dwLowDateTime=0xf19f07d0, dwHighDateTime=0x1d6076c)) [0179.746] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0179.746] GetCurrentThreadId () returned 0x734 [0179.746] GetFileAttributesW (lpFileName="C:\\ProgramData\\GSogosQc" (normalized: "c:\\programdata\\gsogosqc")) returned 0x16 [0179.746] CreateFileW (lpFileName="C:\\ProgramData\\GSogosQc\\YMIIsQMA" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0179.746] CreateFileMappingA (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40e, lpName=0x0) returned 0x108 [0179.746] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x490000 [0179.747] ReleaseMutex (hMutex=0xf4) returned 1 [0179.749] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x4a0000 [0179.830] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x4b0000 [0179.831] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x4c0000 [0179.831] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x4d0000 [0179.831] GetUserNameA (in: lpBuffer=0x4c001a, pcbBuffer=0x45db86 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45db86) returned 1 [0179.835] GetUserNameA (in: lpBuffer=0x4d001a, pcbBuffer=0x45db86 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45db86) returned 1 [0179.835] Sleep (dwMilliseconds=0xe5) [0180.152] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4e0000 [0180.168] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4f0000 [0180.168] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x4f0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0180.168] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x500000 [0180.168] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x50000d, nSize=0x1000 | out: lpBuffer="") returned 0xe [0180.169] GetEnvironmentVariableW (in: lpName="ALLUSERSPROFILE", lpBuffer=0x4e0000, nSize=0x1000 | out: lpBuffer="C:\\ProgramData") returned 0xe [0180.169] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4600000 [0180.174] LookupAccountNameW (in: lpSystemName=0x0, lpAccountName="gjpll9uxb4hpl9ud", Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed | out: Sid=0x0, cbSid=0x404878, ReferencedDomainName=0x0, cchReferencedDomainName=0x40487c, peUse=0x4049ed) returned 0 [0180.261] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x4750000 [0180.281] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0180.281] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x4750000, nSize=0x1000 | out: lpFilename="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x24 [0180.281] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0180.281] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x4750000, nSize=0x1000 | out: lpFilename="C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe" (normalized: "c:\\programdata\\gsogosqc\\ymiisqma.exe")) returned 0x24 [0180.281] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="software\\microsoft\\windows\\currentversion\\run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x4630ef | out: phkResult=0x4630ef*=0x150) returned 0x0 [0180.282] RegSetValueExW (hKey=0x150, lpValueName="YMIIsQMA.exe", Reserved=0x0, dwType=0x1, lpData=0x4750000, cbData=0x48) returned 0x5 [0180.282] RegCloseKey (hKey=0x150) returned 0x0 [0180.282] VirtualFree (lpAddress=0x4750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.286] GetCommandLineW () returned="\"C:\\ProgramData\\GSogosQc\\YMIIsQMA.exe\"" [0180.370] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4750000 [0180.377] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4850000 [0180.383] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4950000 [0180.390] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="è0@") returned 0x150 [0180.390] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="ð0@") returned 0x154 [0180.390] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="ø0@") returned 0x158 [0180.390] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="") returned 0x15c [0180.390] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="\x081@") returned 0x160 [0180.390] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x460360, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x7f0) returned 0x164 [0180.490] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x45e72a, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x7f4) returned 0x168 [0180.491] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x453eac, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x7f8) returned 0x16c [0180.492] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x7fc) returned 0x170 [0180.493] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40bba7, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x408) returned 0x174 [0180.494] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x410a5d, lpParameter=0x45f4f0, dwCreationFlags=0x0, lpThreadId=0x45db58 | out: lpThreadId=0x45db58*=0x394) returned 0x178 [0180.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf21149d0, dwHighDateTime=0x1d6076c)) [0180.510] Sleep (dwMilliseconds=0x12c) [0181.096] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf26bbe10, dwHighDateTime=0x1d6076c)) [0181.096] Sleep (dwMilliseconds=0x12c) [0181.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf2ba4b70, dwHighDateTime=0x1d6076c)) [0181.605] Sleep (dwMilliseconds=0x12c) [0181.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf2e9e6f0, dwHighDateTime=0x1d6076c)) [0181.938] Sleep (dwMilliseconds=0x12c) [0182.319] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf31e4530, dwHighDateTime=0x1d6076c)) [0182.319] Sleep (dwMilliseconds=0x12c) [0182.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf35504d0, dwHighDateTime=0x1d6076c)) [0182.689] Sleep (dwMilliseconds=0x12c) [0183.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf38e25d0, dwHighDateTime=0x1d6076c)) [0183.058] Sleep (dwMilliseconds=0x12c) [0183.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf3d32db0, dwHighDateTime=0x1d6076c)) [0183.513] Sleep (dwMilliseconds=0x12c) [0183.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf40c4eb0, dwHighDateTime=0x1d6076c)) [0183.890] Sleep (dwMilliseconds=0x12c) [0184.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf4456fb0, dwHighDateTime=0x1d6076c)) [0184.254] Sleep (dwMilliseconds=0x12c) [0184.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf47e90b0, dwHighDateTime=0x1d6076c)) [0184.805] Sleep (dwMilliseconds=0x12c) [0185.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf4b55050, dwHighDateTime=0x1d6076c)) [0185.797] Sleep (dwMilliseconds=0x12c) [0186.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf4e4ebd0, dwHighDateTime=0x1d6076c)) [0186.974] Sleep (dwMilliseconds=0x12c) [0187.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf5148750, dwHighDateTime=0x1d6076c)) [0187.278] Sleep (dwMilliseconds=0x12c) [0187.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf54422d0, dwHighDateTime=0x1d6076c)) [0187.592] Sleep (dwMilliseconds=0x12c) [0187.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf573be50, dwHighDateTime=0x1d6076c)) [0187.908] Sleep (dwMilliseconds=0x12c) [0188.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf5b1a210, dwHighDateTime=0x1d6076c)) [0188.308] Sleep (dwMilliseconds=0x12c) [0188.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf5e861b0, dwHighDateTime=0x1d6076c)) [0188.678] Sleep (dwMilliseconds=0x12c) [0189.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf6642930, dwHighDateTime=0x1d6076c)) [0189.489] Sleep (dwMilliseconds=0x12c) [0189.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf6a6cfb0, dwHighDateTime=0x1d6076c)) [0189.915] Sleep (dwMilliseconds=0x12c) [0190.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf6e714d0, dwHighDateTime=0x1d6076c)) [0190.336] Sleep (dwMilliseconds=0x12c) [0190.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf72035d0, dwHighDateTime=0x1d6076c)) [0190.712] Sleep (dwMilliseconds=0x12c) [0191.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf75956d0, dwHighDateTime=0x1d6076c)) [0191.089] Sleep (dwMilliseconds=0x12c) [0191.443] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf7901670, dwHighDateTime=0x1d6076c)) [0191.443] Sleep (dwMilliseconds=0x12c) [0191.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf7d05b90, dwHighDateTime=0x1d6076c)) [0191.870] Sleep (dwMilliseconds=0x12c) [0192.362] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf81a2630, dwHighDateTime=0x1d6076c)) [0192.363] Sleep (dwMilliseconds=0x12c) [0192.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf84c2310, dwHighDateTime=0x1d6076c)) [0192.677] Sleep (dwMilliseconds=0x12c) [0192.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf87bbe90, dwHighDateTime=0x1d6076c)) [0192.999] Sleep (dwMilliseconds=0x12c) [0193.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf8ab5a10, dwHighDateTime=0x1d6076c)) [0193.300] Sleep (dwMilliseconds=0x12c) [0193.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf8daf590, dwHighDateTime=0x1d6076c)) [0193.612] Sleep (dwMilliseconds=0x12c) [0193.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf90a9110, dwHighDateTime=0x1d6076c)) [0193.923] Sleep (dwMilliseconds=0x12c) [0194.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf93a2c90, dwHighDateTime=0x1d6076c)) [0194.235] Sleep (dwMilliseconds=0x12c) [0194.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf969c810, dwHighDateTime=0x1d6076c)) [0194.547] Sleep (dwMilliseconds=0x12c) [0194.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf99bc4f0, dwHighDateTime=0x1d6076c)) [0194.969] Sleep (dwMilliseconds=0x12c) [0195.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf9d02330, dwHighDateTime=0x1d6076c)) [0195.313] Sleep (dwMilliseconds=0x12c) [0195.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf9ffbeb0, dwHighDateTime=0x1d6076c)) [0195.624] Sleep (dwMilliseconds=0x12c) [0195.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfa2f5a30, dwHighDateTime=0x1d6076c)) [0195.951] Sleep (dwMilliseconds=0x12c) [0196.294] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfa6619d0, dwHighDateTime=0x1d6076c)) [0196.295] Sleep (dwMilliseconds=0x12c) [0196.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfa95b550, dwHighDateTime=0x1d6076c)) [0196.607] Sleep (dwMilliseconds=0x12c) [0196.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfac550d0, dwHighDateTime=0x1d6076c)) [0196.929] Sleep (dwMilliseconds=0x12c) [0197.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfaf74db0, dwHighDateTime=0x1d6076c)) [0197.248] Sleep (dwMilliseconds=0x12c) [0197.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfb294a90, dwHighDateTime=0x1d6076c)) [0197.580] Sleep (dwMilliseconds=0x12c) [0197.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfb5da8d0, dwHighDateTime=0x1d6076c)) [0197.931] Sleep (dwMilliseconds=0x12c) [0198.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfb920710, dwHighDateTime=0x1d6076c)) [0198.272] Sleep (dwMilliseconds=0x12c) [0198.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfbc66550, dwHighDateTime=0x1d6076c)) [0198.604] Sleep (dwMilliseconds=0x12c) [0198.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfbfac390, dwHighDateTime=0x1d6076c)) [0198.947] Sleep (dwMilliseconds=0x12c) [0199.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfc2a5f10, dwHighDateTime=0x1d6076c)) [0199.268] Sleep (dwMilliseconds=0x12c) [0199.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfc59fa90, dwHighDateTime=0x1d6076c)) [0199.570] Sleep (dwMilliseconds=0x12c) [0199.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfc899610, dwHighDateTime=0x1d6076c)) [0199.882] Sleep (dwMilliseconds=0x12c) [0200.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfcb93190, dwHighDateTime=0x1d6076c)) [0200.194] Sleep (dwMilliseconds=0x12c) [0200.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfce8cd10, dwHighDateTime=0x1d6076c)) [0200.510] Sleep (dwMilliseconds=0x12c) [0200.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfd186890, dwHighDateTime=0x1d6076c)) [0200.818] Sleep (dwMilliseconds=0x12c) [0201.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfd4a6570, dwHighDateTime=0x1d6076c)) [0201.146] Sleep (dwMilliseconds=0x12c) [0201.458] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfd7a00f0, dwHighDateTime=0x1d6076c)) [0201.458] Sleep (dwMilliseconds=0x12c) [0201.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfda99c70, dwHighDateTime=0x1d6076c)) [0201.773] Sleep (dwMilliseconds=0x12c) [0202.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfdd937f0, dwHighDateTime=0x1d6076c)) [0202.098] Sleep (dwMilliseconds=0x12c) [0202.443] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfe0d9630, dwHighDateTime=0x1d6076c)) [0202.443] Sleep (dwMilliseconds=0x12c) [0202.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfe3d31b0, dwHighDateTime=0x1d6076c)) [0202.753] Sleep (dwMilliseconds=0x12c) [0203.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfe6ccd30, dwHighDateTime=0x1d6076c)) [0203.065] Sleep (dwMilliseconds=0x12c) [0203.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfe9eca10, dwHighDateTime=0x1d6076c)) [0203.393] Sleep (dwMilliseconds=0x12c) [0203.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfece6590, dwHighDateTime=0x1d6076c)) [0203.704] Sleep (dwMilliseconds=0x12c) [0204.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xff02c3d0, dwHighDateTime=0x1d6076c)) [0204.047] Sleep (dwMilliseconds=0x12c) [0204.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xff325f50, dwHighDateTime=0x1d6076c)) [0204.360] Sleep (dwMilliseconds=0x12c) [0205.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xff645c30, dwHighDateTime=0x1d6076c)) [0205.717] Sleep (dwMilliseconds=0x12c) [0206.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xff93f7b0, dwHighDateTime=0x1d6076c)) [0206.033] Sleep (dwMilliseconds=0x12c) [0206.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xffc39330, dwHighDateTime=0x1d6076c)) [0206.341] Sleep (dwMilliseconds=0x12c) [0206.653] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfff32eb0, dwHighDateTime=0x1d6076c)) [0206.653] Sleep (dwMilliseconds=0x12c) [0206.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x22ca30, dwHighDateTime=0x1d6076d)) [0206.965] Sleep (dwMilliseconds=0x12c) [0207.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x5265b0, dwHighDateTime=0x1d6076d)) [0207.277] Sleep (dwMilliseconds=0x12c) [0207.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x820130, dwHighDateTime=0x1d6076d)) [0207.592] Sleep (dwMilliseconds=0x12c) [0207.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xb19cb0, dwHighDateTime=0x1d6076d)) [0207.901] Sleep (dwMilliseconds=0x12c) [0208.212] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xe13830, dwHighDateTime=0x1d6076d)) [0208.213] Sleep (dwMilliseconds=0x12c) [0208.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1159670, dwHighDateTime=0x1d6076d)) [0208.556] Sleep (dwMilliseconds=0x12c) [0208.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x14531f0, dwHighDateTime=0x1d6076d)) [0208.868] Sleep (dwMilliseconds=0x12c) [0209.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x174cd70, dwHighDateTime=0x1d6076d)) [0209.274] Sleep (dwMilliseconds=0x12c) [0209.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1a468f0, dwHighDateTime=0x1d6076d)) [0209.597] Sleep (dwMilliseconds=0x12c) [0209.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1d40470, dwHighDateTime=0x1d6076d)) [0209.911] Sleep (dwMilliseconds=0x12c) [0210.210] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2039ff0, dwHighDateTime=0x1d6076d)) [0210.211] Sleep (dwMilliseconds=0x12c) [0210.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x237fe30, dwHighDateTime=0x1d6076d)) [0210.553] Sleep (dwMilliseconds=0x12c) [0210.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26799b0, dwHighDateTime=0x1d6076d)) [0210.867] Sleep (dwMilliseconds=0x12c) [0211.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2973530, dwHighDateTime=0x1d6076d)) [0211.261] Sleep (dwMilliseconds=0x12c) [0211.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2c6d0b0, dwHighDateTime=0x1d6076d)) [0211.567] Sleep (dwMilliseconds=0x12c) [0211.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2f66c30, dwHighDateTime=0x1d6076d)) [0211.880] Sleep (dwMilliseconds=0x12c) [0212.222] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x32aca70, dwHighDateTime=0x1d6076d)) [0212.222] Sleep (dwMilliseconds=0x12c) [0212.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x35a65f0, dwHighDateTime=0x1d6076d)) [0212.550] Sleep (dwMilliseconds=0x12c) [0212.861] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x38a0170, dwHighDateTime=0x1d6076d)) [0212.861] Sleep (dwMilliseconds=0x12c) [0213.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x3b99cf0, dwHighDateTime=0x1d6076d)) [0213.174] Sleep (dwMilliseconds=0x12c) [0213.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x3eb99d0, dwHighDateTime=0x1d6076d)) [0213.502] Sleep (dwMilliseconds=0x12c) [0213.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x41b3550, dwHighDateTime=0x1d6076d)) [0213.822] Sleep (dwMilliseconds=0x12c) [0214.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x44ad0d0, dwHighDateTime=0x1d6076d)) [0214.125] Sleep (dwMilliseconds=0x12c) [0214.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x47f2f10, dwHighDateTime=0x1d6076d)) [0214.468] Sleep (dwMilliseconds=0x12c) [0214.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x4b12bf0, dwHighDateTime=0x1d6076d)) [0214.796] Sleep (dwMilliseconds=0x12c) [0215.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.108] Sleep (dwMilliseconds=0x12c) [0215.439] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x512c450, dwHighDateTime=0x1d6076d)) [0215.440] Sleep (dwMilliseconds=0x12c) [0215.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x5472290, dwHighDateTime=0x1d6076d)) [0215.781] Sleep (dwMilliseconds=0x12c) [0216.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x5791f70, dwHighDateTime=0x1d6076d)) [0216.107] Sleep (dwMilliseconds=0x12c) [0216.475] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x5afdf10, dwHighDateTime=0x1d6076d)) [0216.475] Sleep (dwMilliseconds=0x12c) [0216.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x5e43d50, dwHighDateTime=0x1d6076d)) [0216.809] Sleep (dwMilliseconds=0x12c) [0217.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x6189b90, dwHighDateTime=0x1d6076d)) [0217.152] Sleep (dwMilliseconds=0x12c) [0217.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x6483710, dwHighDateTime=0x1d6076d)) [0217.476] Sleep (dwMilliseconds=0x12c) [0217.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x677d290, dwHighDateTime=0x1d6076d)) [0217.776] Sleep (dwMilliseconds=0x12c) [0218.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x6b0f390, dwHighDateTime=0x1d6076d)) [0218.150] Sleep (dwMilliseconds=0x12c) [0218.462] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x6e08f10, dwHighDateTime=0x1d6076d)) [0218.462] Sleep (dwMilliseconds=0x12c) [0219.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.477] Sleep (dwMilliseconds=0x12c) [0219.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x7c77470, dwHighDateTime=0x1d6076d)) [0219.989] Sleep (dwMilliseconds=0x12c) [0220.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x7fe3410, dwHighDateTime=0x1d6076d)) [0220.334] Sleep (dwMilliseconds=0x12c) [0220.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x839b670, dwHighDateTime=0x1d6076d)) [0220.725] Sleep (dwMilliseconds=0x12c) [0221.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x86e14b0, dwHighDateTime=0x1d6076d)) [0221.068] Sleep (dwMilliseconds=0x12c) [0221.402] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x8a01190, dwHighDateTime=0x1d6076d)) [0221.402] Sleep (dwMilliseconds=0x12c) [0221.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x8d20e70, dwHighDateTime=0x1d6076d)) [0221.724] Sleep (dwMilliseconds=0x12c) [0222.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x9066cb0, dwHighDateTime=0x1d6076d)) [0222.066] Sleep (dwMilliseconds=0x12c) [0222.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x9360830, dwHighDateTime=0x1d6076d)) [0222.378] Sleep (dwMilliseconds=0x12c) [0222.721] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x96a6670, dwHighDateTime=0x1d6076d)) [0222.721] Sleep (dwMilliseconds=0x12c) [0223.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x99c6350, dwHighDateTime=0x1d6076d)) [0223.048] Sleep (dwMilliseconds=0x12c) [0223.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x9d0c190, dwHighDateTime=0x1d6076d)) [0223.394] Sleep (dwMilliseconds=0x12c) [0223.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa02be70, dwHighDateTime=0x1d6076d)) [0223.720] Sleep (dwMilliseconds=0x12c) [0224.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa34bb50, dwHighDateTime=0x1d6076d)) [0224.047] Sleep (dwMilliseconds=0x12c) [0224.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa66b830, dwHighDateTime=0x1d6076d)) [0224.380] Sleep (dwMilliseconds=0x12c) [0224.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xa98b510, dwHighDateTime=0x1d6076d)) [0224.703] Sleep (dwMilliseconds=0x12c) [0225.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xacab1f0, dwHighDateTime=0x1d6076d)) [0225.031] Sleep (dwMilliseconds=0x12c) [0225.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xafcaed0, dwHighDateTime=0x1d6076d)) [0225.361] Sleep (dwMilliseconds=0x12c) [0225.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xb2c4a50, dwHighDateTime=0x1d6076d)) [0225.670] Sleep (dwMilliseconds=0x12c) [0226.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xb6309f0, dwHighDateTime=0x1d6076d)) [0226.086] Sleep (dwMilliseconds=0x12c) [0226.418] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xb976830, dwHighDateTime=0x1d6076d)) [0226.418] Sleep (dwMilliseconds=0x12c) [0226.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xbce27d0, dwHighDateTime=0x1d6076d)) [0226.777] OpenThread (dwDesiredAccess=0x1, bInheritHandle=0, dwThreadId=0x7fc) returned 0x240 [0226.777] TerminateThread (hThread=0x240, dwExitCode=0x0) returned 1 [0226.783] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x244 [0226.784] Sleep (dwMilliseconds=0x12c) [0227.120] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xc028610, dwHighDateTime=0x1d6076d)) [0227.120] Sleep (dwMilliseconds=0x12c) [0227.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xc36e450, dwHighDateTime=0x1d6076d)) [0227.464] Sleep (dwMilliseconds=0x12c) [0227.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xc68e130, dwHighDateTime=0x1d6076d)) [0227.792] Sleep (dwMilliseconds=0x12c) [0228.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xc987cb0, dwHighDateTime=0x1d6076d)) [0228.109] Sleep (dwMilliseconds=0x12c) [0228.415] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xcc81830, dwHighDateTime=0x1d6076d)) [0228.415] Sleep (dwMilliseconds=0x12c) [0228.759] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xcfc7670, dwHighDateTime=0x1d6076d)) [0228.759] Sleep (dwMilliseconds=0x12c) [0229.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xd2e7350, dwHighDateTime=0x1d6076d)) [0229.086] Sleep (dwMilliseconds=0x12c) [0229.413] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xd607030, dwHighDateTime=0x1d6076d)) [0229.413] Sleep (dwMilliseconds=0x12c) [0229.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xd900bb0, dwHighDateTime=0x1d6076d)) [0229.730] Sleep (dwMilliseconds=0x12c) [0230.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xdbfa730, dwHighDateTime=0x1d6076d)) [0230.040] Sleep (dwMilliseconds=0x12c) [0230.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xdef42b0, dwHighDateTime=0x1d6076d)) [0230.365] Sleep (dwMilliseconds=0x12c) [0230.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xe1ede30, dwHighDateTime=0x1d6076d)) [0230.677] Sleep (dwMilliseconds=0x12c) [0231.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xe50db10, dwHighDateTime=0x1d6076d)) [0231.005] Sleep (dwMilliseconds=0x12c) [0231.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xe82d7f0, dwHighDateTime=0x1d6076d)) [0231.332] Sleep (dwMilliseconds=0x12c) [0231.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xeb73630, dwHighDateTime=0x1d6076d)) [0231.675] Sleep (dwMilliseconds=0x12c) [0231.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xee6d1b0, dwHighDateTime=0x1d6076d)) [0231.987] Sleep (dwMilliseconds=0x12c) [0232.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf166d30, dwHighDateTime=0x1d6076d)) [0232.299] Sleep (dwMilliseconds=0x12c) [0232.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf486a10, dwHighDateTime=0x1d6076d)) [0232.628] Sleep (dwMilliseconds=0x12c) [0232.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xf7a66f0, dwHighDateTime=0x1d6076d)) [0232.955] Sleep (dwMilliseconds=0x12c) [0233.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0xfaa0270, dwHighDateTime=0x1d6076d)) [0233.274] Sleep (dwMilliseconds=0x12c) [0233.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x10093970, dwHighDateTime=0x1d6076d)) [0233.904] Sleep (dwMilliseconds=0x12c) [0234.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x103d97b0, dwHighDateTime=0x1d6076d)) [0234.233] Sleep (dwMilliseconds=0x12c) [0234.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.624] Sleep (dwMilliseconds=0x12c) [0234.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x10ad7850, dwHighDateTime=0x1d6076d)) [0234.982] Sleep (dwMilliseconds=0x12c) [0235.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x10e437f0, dwHighDateTime=0x1d6076d)) [0235.342] Sleep (dwMilliseconds=0x12c) [0235.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x11189630, dwHighDateTime=0x1d6076d)) [0235.685] Sleep (dwMilliseconds=0x12c) [0236.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x114a9310, dwHighDateTime=0x1d6076d)) [0236.024] Sleep (dwMilliseconds=0x12c) [0236.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x117c8ff0, dwHighDateTime=0x1d6076d)) [0236.344] Sleep (dwMilliseconds=0x12c) [0236.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x11ac2b70, dwHighDateTime=0x1d6076d)) [0236.654] Sleep (dwMilliseconds=0x12c) [0236.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x11de2850, dwHighDateTime=0x1d6076d)) [0236.980] Sleep (dwMilliseconds=0x12c) [0237.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x120dc3d0, dwHighDateTime=0x1d6076d)) [0237.334] OpenThread (dwDesiredAccess=0x1, bInheritHandle=0, dwThreadId=0x580) returned 0x260 [0237.334] TerminateThread (hThread=0x260, dwExitCode=0x0) returned 1 [0237.334] shutdown (s=0x25c, how=2) returned 0 [0237.335] closesocket (s=0x25c) returned 0 [0237.335] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x25c [0237.336] Sleep (dwMilliseconds=0x12c) [0237.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x123d5f50, dwHighDateTime=0x1d6076d)) [0237.635] Sleep (dwMilliseconds=0x12c) [0237.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x126f5c30, dwHighDateTime=0x1d6076d)) [0237.978] Sleep (dwMilliseconds=0x12c) [0238.305] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x12a15910, dwHighDateTime=0x1d6076d)) [0238.305] Sleep (dwMilliseconds=0x12c) [0238.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x12d0f490, dwHighDateTime=0x1d6076d)) [0238.618] Sleep (dwMilliseconds=0x12c) [0238.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x13009010, dwHighDateTime=0x1d6076d)) [0238.940] Sleep (dwMilliseconds=0x12c) [0239.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x13302b90, dwHighDateTime=0x1d6076d)) [0239.241] Sleep (dwMilliseconds=0x12c) [0240.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x135fc710, dwHighDateTime=0x1d6076d)) [0240.879] Sleep (dwMilliseconds=0x12c) [0242.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x138f6290, dwHighDateTime=0x1d6076d)) [0242.532] Sleep (dwMilliseconds=0x12c) [0242.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x13befe10, dwHighDateTime=0x1d6076d)) [0242.907] Sleep (dwMilliseconds=0x12c) [0243.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x13ee9990, dwHighDateTime=0x1d6076d)) [0243.219] Sleep (dwMilliseconds=0x12c) [0243.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x141e3510, dwHighDateTime=0x1d6076d)) [0243.531] Sleep (dwMilliseconds=0x12c) [0244.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x144dd090, dwHighDateTime=0x1d6076d)) [0244.061] Sleep (dwMilliseconds=0x12c) [0244.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x147d6c10, dwHighDateTime=0x1d6076d)) [0244.373] Sleep (dwMilliseconds=0x12c) [0244.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x14ad0790, dwHighDateTime=0x1d6076d)) [0244.685] Sleep (dwMilliseconds=0x12c) [0244.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x14dca310, dwHighDateTime=0x1d6076d)) [0244.997] Sleep (dwMilliseconds=0x12c) [0245.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x150c3e90, dwHighDateTime=0x1d6076d)) [0245.309] Sleep (dwMilliseconds=0x12c) [0245.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x153bda10, dwHighDateTime=0x1d6076d)) [0245.621] Sleep (dwMilliseconds=0x12c) [0245.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x156b7590, dwHighDateTime=0x1d6076d)) [0245.933] Sleep (dwMilliseconds=0x12c) [0246.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x159b1110, dwHighDateTime=0x1d6076d)) [0246.245] Sleep (dwMilliseconds=0x12c) [0246.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x15caac90, dwHighDateTime=0x1d6076d)) [0246.559] Sleep (dwMilliseconds=0x12c) [0246.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x15fa4810, dwHighDateTime=0x1d6076d)) [0246.869] Sleep (dwMilliseconds=0x12c) [0247.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1629e390, dwHighDateTime=0x1d6076d)) [0247.181] Sleep (dwMilliseconds=0x12c) [0247.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x16597f10, dwHighDateTime=0x1d6076d)) [0247.493] Sleep (dwMilliseconds=0x12c) [0247.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x16891a90, dwHighDateTime=0x1d6076d)) [0247.805] Sleep (dwMilliseconds=0x12c) [0248.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x16b8b610, dwHighDateTime=0x1d6076d)) [0248.117] Sleep (dwMilliseconds=0x12c) [0248.429] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x16e85190, dwHighDateTime=0x1d6076d)) [0248.429] Sleep (dwMilliseconds=0x12c) [0248.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1717ed10, dwHighDateTime=0x1d6076d)) [0248.741] Sleep (dwMilliseconds=0x12c) [0249.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x17478890, dwHighDateTime=0x1d6076d)) [0249.054] Sleep (dwMilliseconds=0x12c) [0249.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x17772410, dwHighDateTime=0x1d6076d)) [0249.366] Sleep (dwMilliseconds=0x12c) [0249.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x17a6bf90, dwHighDateTime=0x1d6076d)) [0249.677] Sleep (dwMilliseconds=0x12c) [0249.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x17d65b10, dwHighDateTime=0x1d6076d)) [0249.989] Sleep (dwMilliseconds=0x12c) [0250.316] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1805f690, dwHighDateTime=0x1d6076d)) [0250.316] Sleep (dwMilliseconds=0x12c) [0250.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x18359210, dwHighDateTime=0x1d6076d)) [0250.613] OpenThread (dwDesiredAccess=0x1, bInheritHandle=0, dwThreadId=0x570) returned 0x214 [0250.613] TerminateThread (hThread=0x214, dwExitCode=0x0) returned 1 [0250.614] shutdown (s=0x12c, how=2) returned 0 [0250.614] closesocket (s=0x12c) returned 0 [0250.615] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12c [0250.615] Sleep (dwMilliseconds=0x12c) [0250.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x18652d90, dwHighDateTime=0x1d6076d)) [0250.925] Sleep (dwMilliseconds=0x12c) [0251.253] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1894c910, dwHighDateTime=0x1d6076d)) [0251.253] Sleep (dwMilliseconds=0x12c) [0251.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x18c46490, dwHighDateTime=0x1d6076d)) [0251.565] Sleep (dwMilliseconds=0x12c) [0251.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x18f40010, dwHighDateTime=0x1d6076d)) [0251.877] Sleep (dwMilliseconds=0x12c) [0252.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x19239b90, dwHighDateTime=0x1d6076d)) [0252.189] Sleep (dwMilliseconds=0x12c) [0252.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x19533710, dwHighDateTime=0x1d6076d)) [0252.501] Sleep (dwMilliseconds=0x12c) [0252.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1982d290, dwHighDateTime=0x1d6076d)) [0252.813] Sleep (dwMilliseconds=0x12c) [0253.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x19b26e10, dwHighDateTime=0x1d6076d)) [0253.125] Sleep (dwMilliseconds=0x12c) [0253.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x19e20990, dwHighDateTime=0x1d6076d)) [0253.437] Sleep (dwMilliseconds=0x12c) [0253.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1a11a510, dwHighDateTime=0x1d6076d)) [0253.749] Sleep (dwMilliseconds=0x12c) [0254.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1a414090, dwHighDateTime=0x1d6076d)) [0254.061] Sleep (dwMilliseconds=0x12c) [0254.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1a70dc10, dwHighDateTime=0x1d6076d)) [0254.373] Sleep (dwMilliseconds=0x12c) [0254.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1aa07790, dwHighDateTime=0x1d6076d)) [0254.685] Sleep (dwMilliseconds=0x12c) [0254.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1ad01310, dwHighDateTime=0x1d6076d)) [0254.997] Sleep (dwMilliseconds=0x12c) [0255.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1affae90, dwHighDateTime=0x1d6076d)) [0255.309] Sleep (dwMilliseconds=0x12c) [0255.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1b2f4a10, dwHighDateTime=0x1d6076d)) [0255.621] Sleep (dwMilliseconds=0x12c) [0255.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1b5ee590, dwHighDateTime=0x1d6076d)) [0255.933] Sleep (dwMilliseconds=0x12c) [0256.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1b8e8110, dwHighDateTime=0x1d6076d)) [0256.265] Sleep (dwMilliseconds=0x12c) [0256.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1bc07df0, dwHighDateTime=0x1d6076d)) [0256.573] Sleep (dwMilliseconds=0x12c) [0256.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1bf01970, dwHighDateTime=0x1d6076d)) [0256.885] Sleep (dwMilliseconds=0x12c) [0257.197] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1c1fb4f0, dwHighDateTime=0x1d6076d)) [0257.197] Sleep (dwMilliseconds=0x12c) [0258.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1c4f5070, dwHighDateTime=0x1d6076d)) [0258.772] Sleep (dwMilliseconds=0x12c) [0259.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1c7eebf0, dwHighDateTime=0x1d6076d)) [0259.084] Sleep (dwMilliseconds=0x12c) [0259.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1cae8770, dwHighDateTime=0x1d6076d)) [0259.397] Sleep (dwMilliseconds=0x12c) [0260.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1cde22f0, dwHighDateTime=0x1d6076d)) [0260.099] Sleep (dwMilliseconds=0x12c) [0260.410] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1d0dbe70, dwHighDateTime=0x1d6076d)) [0260.410] Sleep (dwMilliseconds=0x12c) [0260.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1d3d59f0, dwHighDateTime=0x1d6076d)) [0260.722] Sleep (dwMilliseconds=0x12c) [0261.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1d6cf570, dwHighDateTime=0x1d6076d)) [0261.035] Sleep (dwMilliseconds=0x12c) [0261.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1d9c90f0, dwHighDateTime=0x1d6076d)) [0261.348] Sleep (dwMilliseconds=0x12c) [0261.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1dcc2c70, dwHighDateTime=0x1d6076d)) [0261.661] Sleep (dwMilliseconds=0x12c) [0261.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1dfbc7f0, dwHighDateTime=0x1d6076d)) [0261.972] Sleep (dwMilliseconds=0x12c) [0262.294] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1e2b6370, dwHighDateTime=0x1d6076d)) [0262.295] Sleep (dwMilliseconds=0x12c) [0262.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1e5afef0, dwHighDateTime=0x1d6076d)) [0262.595] Sleep (dwMilliseconds=0x12c) [0262.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1e8a9a70, dwHighDateTime=0x1d6076d)) [0262.907] Sleep (dwMilliseconds=0x12c) [0263.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1eba35f0, dwHighDateTime=0x1d6076d)) [0263.219] Sleep (dwMilliseconds=0x12c) [0263.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1ee9d170, dwHighDateTime=0x1d6076d)) [0263.531] Sleep (dwMilliseconds=0x12c) [0263.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1f196cf0, dwHighDateTime=0x1d6076d)) [0263.843] Sleep (dwMilliseconds=0x12c) [0264.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1f490870, dwHighDateTime=0x1d6076d)) [0264.155] Sleep (dwMilliseconds=0x12c) [0264.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1f78a3f0, dwHighDateTime=0x1d6076d)) [0264.467] Sleep (dwMilliseconds=0x12c) [0264.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1fa83f70, dwHighDateTime=0x1d6076d)) [0264.779] Sleep (dwMilliseconds=0x12c) [0265.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x1fd7daf0, dwHighDateTime=0x1d6076d)) [0265.090] Sleep (dwMilliseconds=0x12c) [0265.430] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2009d7d0, dwHighDateTime=0x1d6076d)) [0265.430] Sleep (dwMilliseconds=0x12c) [0265.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x20397350, dwHighDateTime=0x1d6076d)) [0265.730] Sleep (dwMilliseconds=0x12c) [0266.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x20690ed0, dwHighDateTime=0x1d6076d)) [0266.043] Sleep (dwMilliseconds=0x12c) [0266.354] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2098aa50, dwHighDateTime=0x1d6076d)) [0266.355] Sleep (dwMilliseconds=0x12c) [0266.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x20c845d0, dwHighDateTime=0x1d6076d)) [0266.666] Sleep (dwMilliseconds=0x12c) [0267.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x20fa42b0, dwHighDateTime=0x1d6076d)) [0267.003] Sleep (dwMilliseconds=0x12c) [0267.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2129de30, dwHighDateTime=0x1d6076d)) [0267.306] Sleep (dwMilliseconds=0x12c) [0267.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x215979b0, dwHighDateTime=0x1d6076d)) [0267.618] Sleep (dwMilliseconds=0x12c) [0267.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x21891530, dwHighDateTime=0x1d6076d)) [0267.930] Sleep (dwMilliseconds=0x12c) [0268.242] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x21b8b0b0, dwHighDateTime=0x1d6076d)) [0268.242] Sleep (dwMilliseconds=0x12c) [0268.554] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x21e84c30, dwHighDateTime=0x1d6076d)) [0268.555] Sleep (dwMilliseconds=0x12c) [0268.918] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x221f0bd0, dwHighDateTime=0x1d6076d)) [0268.918] Sleep (dwMilliseconds=0x12c) [0269.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x224ea750, dwHighDateTime=0x1d6076d)) [0269.230] Sleep (dwMilliseconds=0x12c) [0269.537] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x227e42d0, dwHighDateTime=0x1d6076d)) [0269.537] Sleep (dwMilliseconds=0x12c) [0269.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x22adde50, dwHighDateTime=0x1d6076d)) [0269.849] Sleep (dwMilliseconds=0x12c) [0270.160] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x22dd79d0, dwHighDateTime=0x1d6076d)) [0270.161] Sleep (dwMilliseconds=0x12c) [0270.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x230d1550, dwHighDateTime=0x1d6076d)) [0270.474] Sleep (dwMilliseconds=0x12c) [0270.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x233cb0d0, dwHighDateTime=0x1d6076d)) [0270.786] Sleep (dwMilliseconds=0x12c) [0271.113] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x236c4c50, dwHighDateTime=0x1d6076d)) [0271.113] Sleep (dwMilliseconds=0x12c) [0271.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x239be7d0, dwHighDateTime=0x1d6076d)) [0271.425] Sleep (dwMilliseconds=0x12c) [0271.736] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x23cb8350, dwHighDateTime=0x1d6076d)) [0271.736] Sleep (dwMilliseconds=0x12c) [0272.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x23fb1ed0, dwHighDateTime=0x1d6076d)) [0272.048] Sleep (dwMilliseconds=0x12c) [0272.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x242aba50, dwHighDateTime=0x1d6076d)) [0272.365] Sleep (dwMilliseconds=0x12c) [0272.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x245a55d0, dwHighDateTime=0x1d6076d)) [0272.673] OpenThread (dwDesiredAccess=0x1, bInheritHandle=0, dwThreadId=0x538) returned 0x2a4 [0272.673] TerminateThread (hThread=0x2a4, dwExitCode=0x0) returned 1 [0272.674] shutdown (s=0x2a0, how=2) returned 0 [0272.674] closesocket (s=0x2a0) returned 0 [0272.675] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40ef12, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2a0 [0272.676] Sleep (dwMilliseconds=0x12c) [0272.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2489f150, dwHighDateTime=0x1d6076d)) [0272.991] Sleep (dwMilliseconds=0x12c) [0273.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x24b98cd0, dwHighDateTime=0x1d6076d)) [0273.296] Sleep (dwMilliseconds=0x12c) [0273.608] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x24e92850, dwHighDateTime=0x1d6076d)) [0273.608] Sleep (dwMilliseconds=0x12c) [0273.920] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2518c3d0, dwHighDateTime=0x1d6076d)) [0273.920] Sleep (dwMilliseconds=0x12c) [0274.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x25485f50, dwHighDateTime=0x1d6076d)) [0274.232] Sleep (dwMilliseconds=0x12c) [0274.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2577fad0, dwHighDateTime=0x1d6076d)) [0274.544] Sleep (dwMilliseconds=0x12c) [0274.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x25a79650, dwHighDateTime=0x1d6076d)) [0274.856] Sleep (dwMilliseconds=0x12c) [0275.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x25d731d0, dwHighDateTime=0x1d6076d)) [0275.169] Sleep (dwMilliseconds=0x12c) [0275.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26092eb0, dwHighDateTime=0x1d6076d)) [0275.504] Sleep (dwMilliseconds=0x12c) [0275.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2638ca30, dwHighDateTime=0x1d6076d)) [0275.807] Sleep (dwMilliseconds=0x12c) [0276.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x266865b0, dwHighDateTime=0x1d6076d)) [0276.120] Sleep (dwMilliseconds=0x12c) [0276.432] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26980130, dwHighDateTime=0x1d6076d)) [0276.432] Sleep (dwMilliseconds=0x12c) [0276.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26c9fe10, dwHighDateTime=0x1d6076d)) [0276.770] Sleep (dwMilliseconds=0x12c) [0277.071] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x26f99990, dwHighDateTime=0x1d6076d)) [0277.071] Sleep (dwMilliseconds=0x12c) [0277.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x27293510, dwHighDateTime=0x1d6076d)) [0277.383] Sleep (dwMilliseconds=0x12c) [0277.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x2758d090, dwHighDateTime=0x1d6076d)) [0277.696] Sleep (dwMilliseconds=0x12c) [0278.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff64 | out: lpSystemTimeAsFileTime=0x18ff64*(dwLowDateTime=0x278f9030, dwHighDateTime=0x1d6076d)) [0278.054] Sleep (dwMilliseconds=0x12c) Thread: id = 393 os_tid = 0x7e0 Thread: id = 394 os_tid = 0x7f0 [0180.460] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0180.476] ReleaseMutex (hMutex=0x154) returned 1 [0180.476] GetCurrentThreadId () returned 0x7f0 [0180.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.477] GetCurrentThreadId () returned 0x7f0 [0180.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.477] GetCurrentThreadId () returned 0x7f0 [0180.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.477] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0180.477] GetCurrentThreadId () returned 0x7f0 [0180.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.477] GetTickCount () returned 0x1135cb1 [0180.477] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0180.477] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4b90000 [0180.478] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ba0000 [0180.480] VirtualFree (lpAddress=0x4ba0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.480] VirtualFree (lpAddress=0x4b90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.481] ReleaseMutex (hMutex=0x150) returned 1 [0180.481] GetCurrentThreadId () returned 0x7f0 [0180.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.481] GetCurrentThreadId () returned 0x7f0 [0180.481] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0180.481] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4b90000 [0180.481] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ba0000 [0180.483] VirtualFree (lpAddress=0x4ba0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.484] VirtualFree (lpAddress=0x4b90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.484] ReleaseMutex (hMutex=0x150) returned 1 [0180.484] ReleaseMutex (hMutex=0xf4) returned 1 [0180.484] GetCurrentThreadId () returned 0x7f0 [0180.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.484] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0180.484] GetCurrentThreadId () returned 0x7f0 [0180.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.484] GetTickCount () returned 0x1135cb1 [0180.484] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0180.484] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4b90000 [0180.485] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ba0000 [0180.486] VirtualFree (lpAddress=0x4ba0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.487] VirtualFree (lpAddress=0x4b90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.487] ReleaseMutex (hMutex=0x150) returned 1 [0180.487] GetCurrentThreadId () returned 0x7f0 [0180.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.487] GetCurrentThreadId () returned 0x7f0 [0180.487] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0180.487] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4b90000 [0180.488] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4ba0000 [0180.489] VirtualFree (lpAddress=0x4ba0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.490] VirtualFree (lpAddress=0x4b90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.490] ReleaseMutex (hMutex=0x150) returned 1 [0180.490] ReleaseMutex (hMutex=0xf4) returned 1 [0180.490] GetCurrentThreadId () returned 0x7f0 [0180.490] GetCurrentThreadId () returned 0x7f0 [0180.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xf20ee870, dwHighDateTime=0x1d6076c)) [0180.490] Sleep (dwMilliseconds=0xd33) [0183.960] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0183.979] ReleaseMutex (hMutex=0x154) returned 1 [0183.979] GetCurrentThreadId () returned 0x7f0 [0183.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xf41a96f0, dwHighDateTime=0x1d6076c)) [0183.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xf41a96f0, dwHighDateTime=0x1d6076c)) [0183.981] GetCurrentThreadId () returned 0x7f0 [0183.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xf41a96f0, dwHighDateTime=0x1d6076c)) [0183.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xf41a96f0, dwHighDateTime=0x1d6076c)) [0183.981] GetCurrentThreadId () returned 0x7f0 [0183.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf41a96f0, dwHighDateTime=0x1d6076c)) [0183.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf41a96f0, dwHighDateTime=0x1d6076c)) [0183.981] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0183.995] GetCurrentThreadId () returned 0x7f0 [0183.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xf41cf850, dwHighDateTime=0x1d6076c)) [0183.995] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xf41cf850, dwHighDateTime=0x1d6076c)) [0183.995] GetTickCount () returned 0x1136a29 [0183.995] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0183.996] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0183.996] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0183.998] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.998] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.998] ReleaseMutex (hMutex=0x150) returned 1 [0183.998] GetCurrentThreadId () returned 0x7f0 [0183.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf41cf850, dwHighDateTime=0x1d6076c)) [0183.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf41cf850, dwHighDateTime=0x1d6076c)) [0183.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xf41cf850, dwHighDateTime=0x1d6076c)) [0183.999] GetCurrentThreadId () returned 0x7f0 [0183.999] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0183.999] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0183.999] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0184.061] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.062] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.062] ReleaseMutex (hMutex=0x150) returned 1 [0184.062] ReleaseMutex (hMutex=0xf4) returned 1 [0184.062] GetCurrentThreadId () returned 0x7f0 [0184.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.062] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0184.063] GetCurrentThreadId () returned 0x7f0 [0184.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xf4267dd0, dwHighDateTime=0x1d6076c)) [0184.063] GetTickCount () returned 0x1136a67 [0184.063] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0184.063] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0184.063] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0184.066] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.066] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.067] ReleaseMutex (hMutex=0x150) returned 1 [0184.067] GetCurrentThreadId () returned 0x7f0 [0184.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf428df30, dwHighDateTime=0x1d6076c)) [0184.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf428df30, dwHighDateTime=0x1d6076c)) [0184.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xf428df30, dwHighDateTime=0x1d6076c)) [0184.067] GetCurrentThreadId () returned 0x7f0 [0184.067] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0184.067] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0184.067] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0184.070] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.070] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.071] ReleaseMutex (hMutex=0x150) returned 1 [0184.071] ReleaseMutex (hMutex=0xf4) returned 1 [0184.071] GetCurrentThreadId () returned 0x7f0 [0184.071] GetCurrentThreadId () returned 0x7f0 [0184.071] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xf428df30, dwHighDateTime=0x1d6076c)) [0184.071] Sleep (dwMilliseconds=0x9ee) [0188.320] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0188.320] ReleaseMutex (hMutex=0x154) returned 1 [0188.320] GetCurrentThreadId () returned 0x7f0 [0188.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xf5b1a210, dwHighDateTime=0x1d6076c)) [0188.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xf5b1a210, dwHighDateTime=0x1d6076c)) [0188.320] GetCurrentThreadId () returned 0x7f0 [0188.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xf5b1a210, dwHighDateTime=0x1d6076c)) [0188.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xf5b1a210, dwHighDateTime=0x1d6076c)) [0188.320] GetCurrentThreadId () returned 0x7f0 [0188.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf5b1a210, dwHighDateTime=0x1d6076c)) [0188.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf5b1a210, dwHighDateTime=0x1d6076c)) [0188.321] Sleep (dwMilliseconds=0x32) [0188.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf5c96fd0, dwHighDateTime=0x1d6076c)) [0188.463] Sleep (dwMilliseconds=0x32) [0188.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf5d7b810, dwHighDateTime=0x1d6076c)) [0188.560] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0188.561] GetCurrentThreadId () returned 0x7f0 [0188.561] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xf5d7b810, dwHighDateTime=0x1d6076c)) [0188.561] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xf5d7b810, dwHighDateTime=0x1d6076c)) [0188.561] GetTickCount () returned 0x113757e [0188.562] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0188.562] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0188.585] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0188.604] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.605] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.606] ReleaseMutex (hMutex=0x150) returned 1 [0188.606] GetCurrentThreadId () returned 0x7f0 [0188.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.606] GetCurrentThreadId () returned 0x7f0 [0188.606] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0188.606] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0188.606] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0188.609] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.609] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.610] ReleaseMutex (hMutex=0x150) returned 1 [0188.610] ReleaseMutex (hMutex=0xf4) returned 1 [0188.610] GetCurrentThreadId () returned 0x7f0 [0188.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.610] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0188.610] GetCurrentThreadId () returned 0x7f0 [0188.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.610] GetTickCount () returned 0x11375ad [0188.610] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0188.610] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0188.611] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0188.613] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.613] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.614] ReleaseMutex (hMutex=0x150) returned 1 [0188.614] GetCurrentThreadId () returned 0x7f0 [0188.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.614] GetCurrentThreadId () returned 0x7f0 [0188.614] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0188.614] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0188.614] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0188.617] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.617] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.617] ReleaseMutex (hMutex=0x150) returned 1 [0188.618] ReleaseMutex (hMutex=0xf4) returned 1 [0188.618] GetCurrentThreadId () returned 0x7f0 [0188.618] GetCurrentThreadId () returned 0x7f0 [0188.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xf5dedc30, dwHighDateTime=0x1d6076c)) [0188.618] Sleep (dwMilliseconds=0xb2c) [0191.631] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0191.631] ReleaseMutex (hMutex=0x154) returned 1 [0191.631] GetCurrentThreadId () returned 0x7f0 [0191.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.631] GetCurrentThreadId () returned 0x7f0 [0191.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.632] GetCurrentThreadId () returned 0x7f0 [0191.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.632] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0191.632] GetCurrentThreadId () returned 0x7f0 [0191.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.632] GetTickCount () returned 0x113817f [0191.632] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0191.632] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0191.633] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0191.635] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0191.636] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0191.636] ReleaseMutex (hMutex=0x150) returned 1 [0191.636] GetCurrentThreadId () returned 0x7f0 [0191.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.636] GetCurrentThreadId () returned 0x7f0 [0191.636] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0191.637] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0191.637] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0191.639] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0191.640] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0191.640] ReleaseMutex (hMutex=0x150) returned 1 [0191.640] ReleaseMutex (hMutex=0xf4) returned 1 [0191.640] GetCurrentThreadId () returned 0x7f0 [0191.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.640] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0191.640] GetCurrentThreadId () returned 0x7f0 [0191.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.640] GetTickCount () returned 0x113817f [0191.640] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0191.640] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0191.641] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0191.642] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0191.642] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0191.643] ReleaseMutex (hMutex=0x150) returned 1 [0191.643] GetCurrentThreadId () returned 0x7f0 [0191.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.643] GetCurrentThreadId () returned 0x7f0 [0191.643] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0191.643] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0191.643] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0191.645] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0191.646] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0191.646] ReleaseMutex (hMutex=0x150) returned 1 [0191.646] ReleaseMutex (hMutex=0xf4) returned 1 [0191.646] GetCurrentThreadId () returned 0x7f0 [0191.646] GetCurrentThreadId () returned 0x7f0 [0191.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xf7af0850, dwHighDateTime=0x1d6076c)) [0191.646] Sleep (dwMilliseconds=0xe10) [0195.358] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0195.358] ReleaseMutex (hMutex=0x154) returned 1 [0195.358] GetCurrentThreadId () returned 0x7f0 [0195.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.358] GetCurrentThreadId () returned 0x7f0 [0195.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.358] GetCurrentThreadId () returned 0x7f0 [0195.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf9d74750, dwHighDateTime=0x1d6076c)) [0195.359] Sleep (dwMilliseconds=0x32) [0195.451] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf9e58f90, dwHighDateTime=0x1d6076c)) [0195.452] Sleep (dwMilliseconds=0x32) [0195.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf9f17670, dwHighDateTime=0x1d6076c)) [0195.530] Sleep (dwMilliseconds=0x32) [0195.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xf9ffbeb0, dwHighDateTime=0x1d6076c)) [0195.623] Sleep (dwMilliseconds=0x32) [0195.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfa106850, dwHighDateTime=0x1d6076c)) [0195.746] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0195.746] GetCurrentThreadId () returned 0x7f0 [0195.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xfa106850, dwHighDateTime=0x1d6076c)) [0195.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xfa106850, dwHighDateTime=0x1d6076c)) [0195.746] GetTickCount () returned 0x1139129 [0195.747] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0195.747] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0195.747] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0195.750] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.750] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.751] ReleaseMutex (hMutex=0x150) returned 1 [0195.751] GetCurrentThreadId () returned 0x7f0 [0195.751] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.751] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.751] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.751] GetCurrentThreadId () returned 0x7f0 [0195.751] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0195.751] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0195.751] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0195.754] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.754] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.755] ReleaseMutex (hMutex=0x150) returned 1 [0195.755] ReleaseMutex (hMutex=0xf4) returned 1 [0195.755] GetCurrentThreadId () returned 0x7f0 [0195.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.755] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0195.755] GetCurrentThreadId () returned 0x7f0 [0195.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.755] GetTickCount () returned 0x1139138 [0195.755] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0195.755] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0195.756] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0195.758] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.758] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.759] ReleaseMutex (hMutex=0x150) returned 1 [0195.759] GetCurrentThreadId () returned 0x7f0 [0195.759] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.759] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.759] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.759] GetCurrentThreadId () returned 0x7f0 [0195.759] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0195.759] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0195.760] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0195.762] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.762] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.763] ReleaseMutex (hMutex=0x150) returned 1 [0195.763] ReleaseMutex (hMutex=0xf4) returned 1 [0195.763] GetCurrentThreadId () returned 0x7f0 [0195.763] GetCurrentThreadId () returned 0x7f0 [0195.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xfa12c9b0, dwHighDateTime=0x1d6076c)) [0195.763] Sleep (dwMilliseconds=0x9e8) [0198.323] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0198.323] ReleaseMutex (hMutex=0x154) returned 1 [0198.323] GetCurrentThreadId () returned 0x7f0 [0198.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.324] GetCurrentThreadId () returned 0x7f0 [0198.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.324] GetCurrentThreadId () returned 0x7f0 [0198.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.324] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0198.324] GetCurrentThreadId () returned 0x7f0 [0198.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.324] GetTickCount () returned 0x1139b46 [0198.324] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0198.324] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0198.325] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0198.327] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.328] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.328] ReleaseMutex (hMutex=0x150) returned 1 [0198.328] GetCurrentThreadId () returned 0x7f0 [0198.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.328] GetCurrentThreadId () returned 0x7f0 [0198.328] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0198.329] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0198.329] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0198.331] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.332] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.332] ReleaseMutex (hMutex=0x150) returned 1 [0198.333] ReleaseMutex (hMutex=0xf4) returned 1 [0198.333] GetCurrentThreadId () returned 0x7f0 [0198.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.333] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0198.333] GetCurrentThreadId () returned 0x7f0 [0198.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.333] GetTickCount () returned 0x1139b46 [0198.333] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0198.333] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0198.333] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0198.336] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.336] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.337] ReleaseMutex (hMutex=0x150) returned 1 [0198.337] GetCurrentThreadId () returned 0x7f0 [0198.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xfb9b8c90, dwHighDateTime=0x1d6076c)) [0198.337] GetCurrentThreadId () returned 0x7f0 [0198.337] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0198.337] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0198.338] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0198.340] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.341] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.341] ReleaseMutex (hMutex=0x150) returned 1 [0198.341] ReleaseMutex (hMutex=0xf4) returned 1 [0198.341] GetCurrentThreadId () returned 0x7f0 [0198.341] GetCurrentThreadId () returned 0x7f0 [0198.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xfb9dedf0, dwHighDateTime=0x1d6076c)) [0198.342] Sleep (dwMilliseconds=0xe30) [0201.988] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0201.988] ReleaseMutex (hMutex=0x154) returned 1 [0201.988] GetCurrentThreadId () returned 0x7f0 [0201.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.989] GetCurrentThreadId () returned 0x7f0 [0201.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.989] GetCurrentThreadId () returned 0x7f0 [0201.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.989] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0201.989] GetCurrentThreadId () returned 0x7f0 [0201.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.989] GetTickCount () returned 0x113a989 [0201.989] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0201.989] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0201.990] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0201.992] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.993] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.993] ReleaseMutex (hMutex=0x150) returned 1 [0201.993] GetCurrentThreadId () returned 0x7f0 [0201.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.994] GetCurrentThreadId () returned 0x7f0 [0201.994] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0201.994] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0201.994] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0201.997] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.997] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0201.998] ReleaseMutex (hMutex=0x150) returned 1 [0201.998] ReleaseMutex (hMutex=0xf4) returned 1 [0201.998] GetCurrentThreadId () returned 0x7f0 [0201.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.998] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0201.998] GetCurrentThreadId () returned 0x7f0 [0201.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0201.998] GetTickCount () returned 0x113a989 [0201.998] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0201.998] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0201.999] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0202.001] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.002] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.002] ReleaseMutex (hMutex=0x150) returned 1 [0202.002] GetCurrentThreadId () returned 0x7f0 [0202.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0202.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0202.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xfdc88e50, dwHighDateTime=0x1d6076c)) [0202.002] GetCurrentThreadId () returned 0x7f0 [0202.003] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0202.003] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0202.003] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0202.006] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.006] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.007] ReleaseMutex (hMutex=0x150) returned 1 [0202.007] ReleaseMutex (hMutex=0xf4) returned 1 [0202.007] GetCurrentThreadId () returned 0x7f0 [0202.007] GetCurrentThreadId () returned 0x7f0 [0202.007] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xfdcaefb0, dwHighDateTime=0x1d6076c)) [0202.007] Sleep (dwMilliseconds=0xb76) [0205.982] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0205.982] ReleaseMutex (hMutex=0x154) returned 1 [0205.982] GetCurrentThreadId () returned 0x7f0 [0205.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.982] GetCurrentThreadId () returned 0x7f0 [0205.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.982] GetCurrentThreadId () returned 0x7f0 [0205.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.982] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0205.982] GetCurrentThreadId () returned 0x7f0 [0205.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.982] GetTickCount () returned 0x113b51d [0205.982] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0205.982] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0205.983] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0205.985] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0205.986] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0205.986] ReleaseMutex (hMutex=0x150) returned 1 [0205.986] GetCurrentThreadId () returned 0x7f0 [0205.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.986] GetCurrentThreadId () returned 0x7f0 [0205.986] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0205.986] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0205.990] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0205.993] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0205.993] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0205.994] ReleaseMutex (hMutex=0x150) returned 1 [0205.994] ReleaseMutex (hMutex=0xf4) returned 1 [0205.994] GetCurrentThreadId () returned 0x7f0 [0205.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.994] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0205.994] GetCurrentThreadId () returned 0x7f0 [0205.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xff8cd390, dwHighDateTime=0x1d6076c)) [0205.994] GetTickCount () returned 0x113b51d [0205.994] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0205.994] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0205.994] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0205.997] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0205.997] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0205.997] ReleaseMutex (hMutex=0x150) returned 1 [0205.998] GetCurrentThreadId () returned 0x7f0 [0205.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xff8f34f0, dwHighDateTime=0x1d6076c)) [0205.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xff8f34f0, dwHighDateTime=0x1d6076c)) [0205.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xff8f34f0, dwHighDateTime=0x1d6076c)) [0205.998] GetCurrentThreadId () returned 0x7f0 [0205.998] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0205.998] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0205.998] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0206.000] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.001] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.001] ReleaseMutex (hMutex=0x150) returned 1 [0206.001] ReleaseMutex (hMutex=0xf4) returned 1 [0206.001] GetCurrentThreadId () returned 0x7f0 [0206.001] GetCurrentThreadId () returned 0x7f0 [0206.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xff8f34f0, dwHighDateTime=0x1d6076c)) [0206.001] Sleep (dwMilliseconds=0x9dd) [0208.540] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0208.540] ReleaseMutex (hMutex=0x154) returned 1 [0208.540] GetCurrentThreadId () returned 0x7f0 [0208.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.540] GetCurrentThreadId () returned 0x7f0 [0208.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.540] GetCurrentThreadId () returned 0x7f0 [0208.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.541] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0208.541] GetCurrentThreadId () returned 0x7f0 [0208.541] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.541] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.541] GetTickCount () returned 0x113bf1b [0208.541] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0208.541] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0208.541] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0208.543] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.544] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.544] ReleaseMutex (hMutex=0x150) returned 1 [0208.544] GetCurrentThreadId () returned 0x7f0 [0208.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.544] GetCurrentThreadId () returned 0x7f0 [0208.544] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0208.544] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0208.544] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0208.546] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.547] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.547] ReleaseMutex (hMutex=0x150) returned 1 [0208.547] ReleaseMutex (hMutex=0xf4) returned 1 [0208.547] GetCurrentThreadId () returned 0x7f0 [0208.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.547] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0208.548] GetCurrentThreadId () returned 0x7f0 [0208.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.548] GetTickCount () returned 0x113bf1b [0208.548] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0208.548] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0208.548] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0208.550] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.551] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.551] ReleaseMutex (hMutex=0x150) returned 1 [0208.551] GetCurrentThreadId () returned 0x7f0 [0208.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.552] GetCurrentThreadId () returned 0x7f0 [0208.552] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0208.552] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0208.552] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0208.554] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.555] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0208.555] ReleaseMutex (hMutex=0x150) returned 1 [0208.555] ReleaseMutex (hMutex=0xf4) returned 1 [0208.555] GetCurrentThreadId () returned 0x7f0 [0208.555] GetCurrentThreadId () returned 0x7f0 [0208.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x1133510, dwHighDateTime=0x1d6076d)) [0208.555] Sleep (dwMilliseconds=0xb72) [0211.672] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0211.672] ReleaseMutex (hMutex=0x154) returned 1 [0211.672] GetCurrentThreadId () returned 0x7f0 [0211.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x2d518f0, dwHighDateTime=0x1d6076d)) [0211.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x2d518f0, dwHighDateTime=0x1d6076d)) [0211.672] GetCurrentThreadId () returned 0x7f0 [0211.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x2d518f0, dwHighDateTime=0x1d6076d)) [0211.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x2d518f0, dwHighDateTime=0x1d6076d)) [0211.672] GetCurrentThreadId () returned 0x7f0 [0211.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2d518f0, dwHighDateTime=0x1d6076d)) [0211.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2d518f0, dwHighDateTime=0x1d6076d)) [0211.672] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0211.672] GetCurrentThreadId () returned 0x7f0 [0211.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x2d518f0, dwHighDateTime=0x1d6076d)) [0211.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x2d518f0, dwHighDateTime=0x1d6076d)) [0211.672] GetTickCount () returned 0x113caa0 [0211.672] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0211.672] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0211.673] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0211.675] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0211.676] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0211.676] ReleaseMutex (hMutex=0x150) returned 1 [0211.676] GetCurrentThreadId () returned 0x7f0 [0211.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.676] GetCurrentThreadId () returned 0x7f0 [0211.676] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0211.676] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0211.677] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0211.679] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0211.680] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0211.680] ReleaseMutex (hMutex=0x150) returned 1 [0211.680] ReleaseMutex (hMutex=0xf4) returned 1 [0211.680] GetCurrentThreadId () returned 0x7f0 [0211.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.680] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0211.680] GetCurrentThreadId () returned 0x7f0 [0211.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.680] GetTickCount () returned 0x113caaf [0211.680] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0211.680] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0211.681] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0211.683] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0211.683] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0211.684] ReleaseMutex (hMutex=0x150) returned 1 [0211.684] GetCurrentThreadId () returned 0x7f0 [0211.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.684] GetCurrentThreadId () returned 0x7f0 [0211.684] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0211.684] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0211.685] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x51e0000 [0211.687] VirtualFree (lpAddress=0x51e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0211.687] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0211.687] ReleaseMutex (hMutex=0x150) returned 1 [0211.688] ReleaseMutex (hMutex=0xf4) returned 1 [0211.688] GetCurrentThreadId () returned 0x7f0 [0211.688] GetCurrentThreadId () returned 0x7f0 [0211.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x2d77a50, dwHighDateTime=0x1d6076d)) [0211.688] Sleep (dwMilliseconds=0xd10) [0215.108] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0215.108] ReleaseMutex (hMutex=0x154) returned 1 [0215.108] GetCurrentThreadId () returned 0x7f0 [0215.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.108] GetCurrentThreadId () returned 0x7f0 [0215.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.108] GetCurrentThreadId () returned 0x7f0 [0215.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x4e0c770, dwHighDateTime=0x1d6076d)) [0215.108] Sleep (dwMilliseconds=0x32) [0215.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x4ef0fb0, dwHighDateTime=0x1d6076d)) [0215.202] Sleep (dwMilliseconds=0x32) [0215.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x4ffb950, dwHighDateTime=0x1d6076d)) [0215.314] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0215.314] GetCurrentThreadId () returned 0x7f0 [0215.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x4ffb950, dwHighDateTime=0x1d6076d)) [0215.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x4ffb950, dwHighDateTime=0x1d6076d)) [0215.314] GetTickCount () returned 0x113d8d2 [0215.315] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0215.315] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0215.315] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0215.317] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0215.318] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0215.318] ReleaseMutex (hMutex=0x150) returned 1 [0215.318] GetCurrentThreadId () returned 0x7f0 [0215.318] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x4ffb950, dwHighDateTime=0x1d6076d)) [0215.318] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x4ffb950, dwHighDateTime=0x1d6076d)) [0215.318] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x4ffb950, dwHighDateTime=0x1d6076d)) [0215.318] GetCurrentThreadId () returned 0x7f0 [0215.318] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0215.320] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0215.320] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0215.322] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0215.322] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0215.323] ReleaseMutex (hMutex=0x150) returned 1 [0215.323] ReleaseMutex (hMutex=0xf4) returned 1 [0215.323] GetCurrentThreadId () returned 0x7f0 [0215.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x4ffb950, dwHighDateTime=0x1d6076d)) [0215.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x4ffb950, dwHighDateTime=0x1d6076d)) [0215.323] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0215.323] GetCurrentThreadId () returned 0x7f0 [0215.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x4ffb950, dwHighDateTime=0x1d6076d)) [0215.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x4ffb950, dwHighDateTime=0x1d6076d)) [0215.323] GetTickCount () returned 0x113d8d2 [0215.323] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0215.323] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0215.323] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0215.325] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0215.325] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0215.326] ReleaseMutex (hMutex=0x150) returned 1 [0215.326] GetCurrentThreadId () returned 0x7f0 [0215.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x5021ab0, dwHighDateTime=0x1d6076d)) [0215.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x5021ab0, dwHighDateTime=0x1d6076d)) [0215.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x5021ab0, dwHighDateTime=0x1d6076d)) [0215.326] GetCurrentThreadId () returned 0x7f0 [0215.326] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0215.326] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0215.326] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0215.328] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0215.328] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0215.329] ReleaseMutex (hMutex=0x150) returned 1 [0215.329] ReleaseMutex (hMutex=0xf4) returned 1 [0215.329] GetCurrentThreadId () returned 0x7f0 [0215.329] GetCurrentThreadId () returned 0x7f0 [0215.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x5021ab0, dwHighDateTime=0x1d6076d)) [0215.329] Sleep (dwMilliseconds=0xaf0) [0218.150] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0218.150] ReleaseMutex (hMutex=0x154) returned 1 [0218.150] GetCurrentThreadId () returned 0x7f0 [0218.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x6b0f390, dwHighDateTime=0x1d6076d)) [0218.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x6b0f390, dwHighDateTime=0x1d6076d)) [0218.151] GetCurrentThreadId () returned 0x7f0 [0218.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x6b0f390, dwHighDateTime=0x1d6076d)) [0218.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x6b0f390, dwHighDateTime=0x1d6076d)) [0218.151] GetCurrentThreadId () returned 0x7f0 [0218.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x6b0f390, dwHighDateTime=0x1d6076d)) [0218.151] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x6b0f390, dwHighDateTime=0x1d6076d)) [0218.151] Sleep (dwMilliseconds=0x32) [0218.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x6ba7910, dwHighDateTime=0x1d6076d)) [0218.225] Sleep (dwMilliseconds=0x32) [0218.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x6c3fe90, dwHighDateTime=0x1d6076d)) [0218.274] Sleep (dwMilliseconds=0x32) [0218.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x6cd8410, dwHighDateTime=0x1d6076d)) [0218.337] Sleep (dwMilliseconds=0x32) [0218.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x6d70990, dwHighDateTime=0x1d6076d)) [0218.401] Sleep (dwMilliseconds=0x32) [0218.462] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x6e08f10, dwHighDateTime=0x1d6076d)) [0218.462] Sleep (dwMilliseconds=0x32) [0218.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.524] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0218.524] GetCurrentThreadId () returned 0x7f0 [0218.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.524] GetTickCount () returned 0x113e560 [0218.524] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0218.524] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0218.525] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0218.527] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0218.527] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0218.528] ReleaseMutex (hMutex=0x150) returned 1 [0218.528] GetCurrentThreadId () returned 0x7f0 [0218.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.528] GetCurrentThreadId () returned 0x7f0 [0218.528] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0218.528] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0218.528] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0218.531] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0218.531] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0218.531] ReleaseMutex (hMutex=0x150) returned 1 [0218.532] ReleaseMutex (hMutex=0xf4) returned 1 [0218.532] GetCurrentThreadId () returned 0x7f0 [0218.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.532] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0218.532] GetCurrentThreadId () returned 0x7f0 [0218.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.532] GetTickCount () returned 0x113e560 [0218.532] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0218.532] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0218.532] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0218.534] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0218.534] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0218.535] ReleaseMutex (hMutex=0x150) returned 1 [0218.535] GetCurrentThreadId () returned 0x7f0 [0218.535] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.535] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.535] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.535] GetCurrentThreadId () returned 0x7f0 [0218.535] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0218.535] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0218.536] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0218.538] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0218.538] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0218.538] ReleaseMutex (hMutex=0x150) returned 1 [0218.538] ReleaseMutex (hMutex=0xf4) returned 1 [0218.538] GetCurrentThreadId () returned 0x7f0 [0218.538] GetCurrentThreadId () returned 0x7f0 [0218.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x6ea1490, dwHighDateTime=0x1d6076d)) [0218.539] Sleep (dwMilliseconds=0xa4a) [0221.177] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0221.177] ReleaseMutex (hMutex=0x154) returned 1 [0221.178] GetCurrentThreadId () returned 0x7f0 [0221.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.178] GetCurrentThreadId () returned 0x7f0 [0221.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.178] GetCurrentThreadId () returned 0x7f0 [0221.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.178] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0221.178] GetCurrentThreadId () returned 0x7f0 [0221.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.178] GetTickCount () returned 0x113efbc [0221.178] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0221.178] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0221.179] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0221.181] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0221.182] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0221.182] ReleaseMutex (hMutex=0x150) returned 1 [0221.182] GetCurrentThreadId () returned 0x7f0 [0221.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.182] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.182] GetCurrentThreadId () returned 0x7f0 [0221.182] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0221.183] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0221.183] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0221.185] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0221.185] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0221.186] ReleaseMutex (hMutex=0x150) returned 1 [0221.186] ReleaseMutex (hMutex=0xf4) returned 1 [0221.186] GetCurrentThreadId () returned 0x7f0 [0221.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.186] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0221.186] GetCurrentThreadId () returned 0x7f0 [0221.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.186] GetTickCount () returned 0x113efbc [0221.186] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0221.186] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0221.187] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0221.189] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0221.190] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0221.190] ReleaseMutex (hMutex=0x150) returned 1 [0221.190] GetCurrentThreadId () returned 0x7f0 [0221.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x87ebe50, dwHighDateTime=0x1d6076d)) [0221.190] GetCurrentThreadId () returned 0x7f0 [0221.190] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0221.190] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0221.191] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0221.193] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0221.194] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0221.194] ReleaseMutex (hMutex=0x150) returned 1 [0221.194] ReleaseMutex (hMutex=0xf4) returned 1 [0221.194] GetCurrentThreadId () returned 0x7f0 [0221.194] GetCurrentThreadId () returned 0x7f0 [0221.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x8811fb0, dwHighDateTime=0x1d6076d)) [0221.194] Sleep (dwMilliseconds=0xe16) [0224.842] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0224.843] ReleaseMutex (hMutex=0x154) returned 1 [0224.843] GetCurrentThreadId () returned 0x7f0 [0224.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.843] GetCurrentThreadId () returned 0x7f0 [0224.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.843] GetCurrentThreadId () returned 0x7f0 [0224.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.843] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0224.843] GetCurrentThreadId () returned 0x7f0 [0224.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.843] GetTickCount () returned 0x113fe0e [0224.843] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0224.843] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0224.844] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0224.846] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0224.847] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0224.847] ReleaseMutex (hMutex=0x150) returned 1 [0224.847] GetCurrentThreadId () returned 0x7f0 [0224.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.847] GetCurrentThreadId () returned 0x7f0 [0224.847] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0224.848] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0224.848] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0224.850] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0224.850] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0224.851] ReleaseMutex (hMutex=0x150) returned 1 [0224.851] ReleaseMutex (hMutex=0xf4) returned 1 [0224.851] GetCurrentThreadId () returned 0x7f0 [0224.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.851] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0224.851] GetCurrentThreadId () returned 0x7f0 [0224.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.851] GetTickCount () returned 0x113fe0e [0224.851] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0224.851] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0224.851] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0224.853] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0224.854] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0224.854] ReleaseMutex (hMutex=0x150) returned 1 [0224.854] GetCurrentThreadId () returned 0x7f0 [0224.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xaae2170, dwHighDateTime=0x1d6076d)) [0224.854] GetCurrentThreadId () returned 0x7f0 [0224.854] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0224.854] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0224.855] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0224.856] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0224.857] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0224.857] ReleaseMutex (hMutex=0x150) returned 1 [0224.857] ReleaseMutex (hMutex=0xf4) returned 1 [0224.858] GetCurrentThreadId () returned 0x7f0 [0224.858] GetCurrentThreadId () returned 0x7f0 [0224.858] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xab082d0, dwHighDateTime=0x1d6076d)) [0224.858] Sleep (dwMilliseconds=0xc90) [0228.135] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0228.135] ReleaseMutex (hMutex=0x154) returned 1 [0228.135] GetCurrentThreadId () returned 0x7f0 [0228.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.135] GetCurrentThreadId () returned 0x7f0 [0228.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.136] GetCurrentThreadId () returned 0x7f0 [0228.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.136] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0228.136] GetCurrentThreadId () returned 0x7f0 [0228.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xc9d3f70, dwHighDateTime=0x1d6076d)) [0228.136] GetTickCount () returned 0x1140abb [0228.139] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0228.156] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0228.156] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0228.159] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0228.159] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0228.160] ReleaseMutex (hMutex=0x150) returned 1 [0228.160] GetCurrentThreadId () returned 0x7f0 [0228.160] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xc9fa0d0, dwHighDateTime=0x1d6076d)) [0228.160] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xc9fa0d0, dwHighDateTime=0x1d6076d)) [0228.160] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xc9fa0d0, dwHighDateTime=0x1d6076d)) [0228.160] GetCurrentThreadId () returned 0x7f0 [0228.160] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0228.160] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0228.161] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0228.163] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0228.163] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0228.164] ReleaseMutex (hMutex=0x150) returned 1 [0228.164] ReleaseMutex (hMutex=0xf4) returned 1 [0228.164] GetCurrentThreadId () returned 0x7f0 [0228.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xc9fa0d0, dwHighDateTime=0x1d6076d)) [0228.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xc9fa0d0, dwHighDateTime=0x1d6076d)) [0228.164] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0228.164] GetCurrentThreadId () returned 0x7f0 [0228.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xc9fa0d0, dwHighDateTime=0x1d6076d)) [0228.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xc9fa0d0, dwHighDateTime=0x1d6076d)) [0228.164] GetTickCount () returned 0x1140aca [0228.164] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0228.165] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0228.165] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0228.168] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0228.168] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0228.169] ReleaseMutex (hMutex=0x150) returned 1 [0228.169] GetCurrentThreadId () returned 0x7f0 [0228.169] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.169] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.169] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.169] GetCurrentThreadId () returned 0x7f0 [0228.169] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0228.169] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0228.169] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0228.176] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0228.176] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0228.176] ReleaseMutex (hMutex=0x150) returned 1 [0228.177] ReleaseMutex (hMutex=0xf4) returned 1 [0228.177] GetCurrentThreadId () returned 0x7f0 [0228.177] GetCurrentThreadId () returned 0x7f0 [0228.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xca20230, dwHighDateTime=0x1d6076d)) [0228.177] Sleep (dwMilliseconds=0xe06) [0231.784] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0231.784] ReleaseMutex (hMutex=0x154) returned 1 [0231.784] GetCurrentThreadId () returned 0x7f0 [0231.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.784] GetCurrentThreadId () returned 0x7f0 [0231.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.785] GetCurrentThreadId () returned 0x7f0 [0231.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.785] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0231.785] GetCurrentThreadId () returned 0x7f0 [0231.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.785] GetTickCount () returned 0x11418ee [0231.785] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0231.785] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0231.786] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0231.788] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0231.788] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0231.789] ReleaseMutex (hMutex=0x150) returned 1 [0231.789] GetCurrentThreadId () returned 0x7f0 [0231.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.789] GetCurrentThreadId () returned 0x7f0 [0231.789] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0231.789] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0231.790] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0231.792] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0231.792] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0231.792] ReleaseMutex (hMutex=0x150) returned 1 [0231.792] ReleaseMutex (hMutex=0xf4) returned 1 [0231.793] GetCurrentThreadId () returned 0x7f0 [0231.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.793] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0231.793] GetCurrentThreadId () returned 0x7f0 [0231.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.793] GetTickCount () returned 0x11418ee [0231.793] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0231.793] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0231.793] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0231.795] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0231.796] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0231.796] ReleaseMutex (hMutex=0x150) returned 1 [0231.796] GetCurrentThreadId () returned 0x7f0 [0231.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0xec7dfd0, dwHighDateTime=0x1d6076d)) [0231.797] GetCurrentThreadId () returned 0x7f0 [0231.797] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0231.797] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0231.797] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0231.799] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0231.800] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0231.800] ReleaseMutex (hMutex=0x150) returned 1 [0231.800] ReleaseMutex (hMutex=0xf4) returned 1 [0231.800] GetCurrentThreadId () returned 0x7f0 [0231.800] GetCurrentThreadId () returned 0x7f0 [0231.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0xeca4130, dwHighDateTime=0x1d6076d)) [0231.800] Sleep (dwMilliseconds=0xa92) [0234.532] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0234.558] ReleaseMutex (hMutex=0x154) returned 1 [0234.561] GetCurrentThreadId () returned 0x7f0 [0234.561] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x106f9490, dwHighDateTime=0x1d6076d)) [0234.561] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x106f9490, dwHighDateTime=0x1d6076d)) [0234.564] GetCurrentThreadId () returned 0x7f0 [0234.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x106f9490, dwHighDateTime=0x1d6076d)) [0234.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x106f9490, dwHighDateTime=0x1d6076d)) [0234.564] GetCurrentThreadId () returned 0x7f0 [0234.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x106f9490, dwHighDateTime=0x1d6076d)) [0234.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x106f9490, dwHighDateTime=0x1d6076d)) [0234.564] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0234.625] GetCurrentThreadId () returned 0x7f0 [0234.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.625] GetTickCount () returned 0x1142405 [0234.625] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0234.625] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0234.626] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0234.628] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0234.629] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0234.629] ReleaseMutex (hMutex=0x150) returned 1 [0234.629] GetCurrentThreadId () returned 0x7f0 [0234.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.630] GetCurrentThreadId () returned 0x7f0 [0234.630] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0234.630] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0234.630] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0234.633] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0234.633] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0234.634] ReleaseMutex (hMutex=0x150) returned 1 [0234.634] ReleaseMutex (hMutex=0xf4) returned 1 [0234.634] GetCurrentThreadId () returned 0x7f0 [0234.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.634] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0234.634] GetCurrentThreadId () returned 0x7f0 [0234.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.634] GetTickCount () returned 0x1142405 [0234.634] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0234.634] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0234.635] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0234.637] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0234.638] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0234.638] ReleaseMutex (hMutex=0x150) returned 1 [0234.638] GetCurrentThreadId () returned 0x7f0 [0234.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.638] GetCurrentThreadId () returned 0x7f0 [0234.638] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0234.638] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0234.639] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0234.641] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0234.642] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0234.642] ReleaseMutex (hMutex=0x150) returned 1 [0234.642] ReleaseMutex (hMutex=0xf4) returned 1 [0234.642] GetCurrentThreadId () returned 0x7f0 [0234.642] GetCurrentThreadId () returned 0x7f0 [0234.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x107b7b70, dwHighDateTime=0x1d6076d)) [0234.643] Sleep (dwMilliseconds=0xaae) [0237.525] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0237.526] ReleaseMutex (hMutex=0x154) returned 1 [0237.526] GetCurrentThreadId () returned 0x7f0 [0237.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x122cb5b0, dwHighDateTime=0x1d6076d)) [0237.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x122cb5b0, dwHighDateTime=0x1d6076d)) [0237.526] GetCurrentThreadId () returned 0x7f0 [0237.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x122cb5b0, dwHighDateTime=0x1d6076d)) [0237.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x122cb5b0, dwHighDateTime=0x1d6076d)) [0237.526] GetCurrentThreadId () returned 0x7f0 [0237.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x122cb5b0, dwHighDateTime=0x1d6076d)) [0237.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x122cb5b0, dwHighDateTime=0x1d6076d)) [0237.526] Sleep (dwMilliseconds=0x32) [0237.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.590] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0237.590] GetCurrentThreadId () returned 0x7f0 [0237.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.590] GetTickCount () returned 0x1142f6a [0237.590] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0237.590] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0237.591] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0237.592] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0237.593] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0237.593] ReleaseMutex (hMutex=0x150) returned 1 [0237.593] GetCurrentThreadId () returned 0x7f0 [0237.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.593] GetCurrentThreadId () returned 0x7f0 [0237.593] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0237.593] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0237.594] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0237.595] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0237.596] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0237.596] ReleaseMutex (hMutex=0x150) returned 1 [0237.596] ReleaseMutex (hMutex=0xf4) returned 1 [0237.596] GetCurrentThreadId () returned 0x7f0 [0237.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.596] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0237.596] GetCurrentThreadId () returned 0x7f0 [0237.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.596] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.596] GetTickCount () returned 0x1142f6a [0237.596] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0237.596] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0237.596] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0237.598] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0237.598] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0237.598] ReleaseMutex (hMutex=0x150) returned 1 [0237.598] GetCurrentThreadId () returned 0x7f0 [0237.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.599] GetCurrentThreadId () returned 0x7f0 [0237.599] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0237.599] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0237.599] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0237.601] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0237.601] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0237.601] ReleaseMutex (hMutex=0x150) returned 1 [0237.601] ReleaseMutex (hMutex=0xf4) returned 1 [0237.601] GetCurrentThreadId () returned 0x7f0 [0237.601] GetCurrentThreadId () returned 0x7f0 [0237.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.601] Sleep (dwMilliseconds=0xdbe) [0244.077] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0244.077] ReleaseMutex (hMutex=0x154) returned 1 [0244.077] GetCurrentThreadId () returned 0x7f0 [0244.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x145031f0, dwHighDateTime=0x1d6076d)) [0244.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x145031f0, dwHighDateTime=0x1d6076d)) [0244.077] GetCurrentThreadId () returned 0x7f0 [0244.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x145031f0, dwHighDateTime=0x1d6076d)) [0244.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x145031f0, dwHighDateTime=0x1d6076d)) [0244.077] GetCurrentThreadId () returned 0x7f0 [0244.078] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x145031f0, dwHighDateTime=0x1d6076d)) [0244.078] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x145031f0, dwHighDateTime=0x1d6076d)) [0244.078] Sleep (dwMilliseconds=0x32) [0244.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1459b770, dwHighDateTime=0x1d6076d)) [0244.139] Sleep (dwMilliseconds=0x32) [0244.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x14633cf0, dwHighDateTime=0x1d6076d)) [0244.202] Sleep (dwMilliseconds=0x32) [0244.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x146cc270, dwHighDateTime=0x1d6076d)) [0244.276] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0244.276] GetCurrentThreadId () returned 0x7f0 [0244.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x146cc270, dwHighDateTime=0x1d6076d)) [0244.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x146cc270, dwHighDateTime=0x1d6076d)) [0244.276] GetTickCount () returned 0x1143deb [0244.276] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0244.276] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0244.277] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0244.278] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0244.279] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0244.279] ReleaseMutex (hMutex=0x150) returned 1 [0244.279] GetCurrentThreadId () returned 0x7f0 [0244.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x146cc270, dwHighDateTime=0x1d6076d)) [0244.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x146cc270, dwHighDateTime=0x1d6076d)) [0244.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x146cc270, dwHighDateTime=0x1d6076d)) [0244.279] GetCurrentThreadId () returned 0x7f0 [0244.279] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0244.279] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0244.279] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0244.286] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0244.286] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0244.286] ReleaseMutex (hMutex=0x150) returned 1 [0244.286] ReleaseMutex (hMutex=0xf4) returned 1 [0244.287] GetCurrentThreadId () returned 0x7f0 [0244.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x146f23d0, dwHighDateTime=0x1d6076d)) [0244.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x146f23d0, dwHighDateTime=0x1d6076d)) [0244.287] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0244.287] GetCurrentThreadId () returned 0x7f0 [0244.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x146f23d0, dwHighDateTime=0x1d6076d)) [0244.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x146f23d0, dwHighDateTime=0x1d6076d)) [0244.287] GetTickCount () returned 0x1143dfb [0244.287] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0244.287] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0244.287] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0244.289] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0244.289] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0244.289] ReleaseMutex (hMutex=0x150) returned 1 [0244.289] GetCurrentThreadId () returned 0x7f0 [0244.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x146f23d0, dwHighDateTime=0x1d6076d)) [0244.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x146f23d0, dwHighDateTime=0x1d6076d)) [0244.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x146f23d0, dwHighDateTime=0x1d6076d)) [0244.289] GetCurrentThreadId () returned 0x7f0 [0244.289] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0244.289] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0244.289] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0244.291] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0244.291] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0244.291] ReleaseMutex (hMutex=0x150) returned 1 [0244.291] ReleaseMutex (hMutex=0xf4) returned 1 [0244.291] GetCurrentThreadId () returned 0x7f0 [0244.291] GetCurrentThreadId () returned 0x7f0 [0244.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x146f23d0, dwHighDateTime=0x1d6076d)) [0244.291] Sleep (dwMilliseconds=0xc7c) [0247.478] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0247.478] ReleaseMutex (hMutex=0x154) returned 1 [0247.478] GetCurrentThreadId () returned 0x7f0 [0247.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.478] GetCurrentThreadId () returned 0x7f0 [0247.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.478] GetCurrentThreadId () returned 0x7f0 [0247.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.478] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0247.478] GetCurrentThreadId () returned 0x7f0 [0247.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.478] GetTickCount () returned 0x1144a79 [0247.478] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0247.478] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0247.479] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0247.480] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0247.480] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0247.481] ReleaseMutex (hMutex=0x150) returned 1 [0247.481] GetCurrentThreadId () returned 0x7f0 [0247.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.481] GetCurrentThreadId () returned 0x7f0 [0247.481] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0247.481] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0247.481] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0247.483] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0247.483] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0247.483] ReleaseMutex (hMutex=0x150) returned 1 [0247.483] ReleaseMutex (hMutex=0xf4) returned 1 [0247.483] GetCurrentThreadId () returned 0x7f0 [0247.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.483] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0247.483] GetCurrentThreadId () returned 0x7f0 [0247.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.483] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.483] GetTickCount () returned 0x1144a79 [0247.483] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0247.483] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0247.484] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0247.486] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0247.486] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0247.486] ReleaseMutex (hMutex=0x150) returned 1 [0247.486] GetCurrentThreadId () returned 0x7f0 [0247.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.486] GetCurrentThreadId () returned 0x7f0 [0247.486] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0247.486] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0247.486] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x4e20000 [0247.488] VirtualFree (lpAddress=0x4e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0247.488] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0247.488] ReleaseMutex (hMutex=0x150) returned 1 [0247.488] ReleaseMutex (hMutex=0xf4) returned 1 [0247.488] GetCurrentThreadId () returned 0x7f0 [0247.488] GetCurrentThreadId () returned 0x7f0 [0247.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x16571db0, dwHighDateTime=0x1d6076d)) [0247.488] Sleep (dwMilliseconds=0xd20) [0250.847] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0250.847] ReleaseMutex (hMutex=0x154) returned 1 [0250.847] GetCurrentThreadId () returned 0x7f0 [0250.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x185946b0, dwHighDateTime=0x1d6076d)) [0250.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x185946b0, dwHighDateTime=0x1d6076d)) [0250.848] GetCurrentThreadId () returned 0x7f0 [0250.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x185946b0, dwHighDateTime=0x1d6076d)) [0250.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x185946b0, dwHighDateTime=0x1d6076d)) [0250.848] GetCurrentThreadId () returned 0x7f0 [0250.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x185946b0, dwHighDateTime=0x1d6076d)) [0250.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x185946b0, dwHighDateTime=0x1d6076d)) [0250.848] Sleep (dwMilliseconds=0x32) [0250.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1862cc30, dwHighDateTime=0x1d6076d)) [0250.910] Sleep (dwMilliseconds=0x32) [0250.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x186c51b0, dwHighDateTime=0x1d6076d)) [0250.988] Sleep (dwMilliseconds=0x32) [0251.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.050] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0251.050] GetCurrentThreadId () returned 0x7f0 [0251.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.050] GetTickCount () returned 0x114585d [0251.050] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0251.050] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0251.051] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0251.053] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0251.054] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0251.054] ReleaseMutex (hMutex=0x150) returned 1 [0251.054] GetCurrentThreadId () returned 0x7f0 [0251.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.054] GetCurrentThreadId () returned 0x7f0 [0251.054] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0251.054] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0251.055] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0251.057] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0251.057] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0251.057] ReleaseMutex (hMutex=0x150) returned 1 [0251.058] ReleaseMutex (hMutex=0xf4) returned 1 [0251.058] GetCurrentThreadId () returned 0x7f0 [0251.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.058] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0251.058] GetCurrentThreadId () returned 0x7f0 [0251.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.058] GetTickCount () returned 0x114585d [0251.058] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0251.058] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0251.058] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0251.061] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0251.061] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0251.062] ReleaseMutex (hMutex=0x150) returned 1 [0251.062] GetCurrentThreadId () returned 0x7f0 [0251.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x1875d730, dwHighDateTime=0x1d6076d)) [0251.062] GetCurrentThreadId () returned 0x7f0 [0251.062] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0251.062] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0251.062] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0251.065] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0251.065] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0251.065] ReleaseMutex (hMutex=0x150) returned 1 [0251.066] ReleaseMutex (hMutex=0xf4) returned 1 [0251.066] GetCurrentThreadId () returned 0x7f0 [0251.066] GetCurrentThreadId () returned 0x7f0 [0251.066] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x18783890, dwHighDateTime=0x1d6076d)) [0251.066] Sleep (dwMilliseconds=0xd50) [0254.482] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0254.482] ReleaseMutex (hMutex=0x154) returned 1 [0254.482] GetCurrentThreadId () returned 0x7f0 [0254.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x1a8185b0, dwHighDateTime=0x1d6076d)) [0254.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x1a8185b0, dwHighDateTime=0x1d6076d)) [0254.482] GetCurrentThreadId () returned 0x7f0 [0254.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x1a8185b0, dwHighDateTime=0x1d6076d)) [0254.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x1a8185b0, dwHighDateTime=0x1d6076d)) [0254.482] GetCurrentThreadId () returned 0x7f0 [0254.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1a8185b0, dwHighDateTime=0x1d6076d)) [0254.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1a8185b0, dwHighDateTime=0x1d6076d)) [0254.483] Sleep (dwMilliseconds=0x32) [0254.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1a8b0b30, dwHighDateTime=0x1d6076d)) [0254.544] Sleep (dwMilliseconds=0x32) [0254.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1a9490b0, dwHighDateTime=0x1d6076d)) [0254.607] Sleep (dwMilliseconds=0x32) [0254.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1a9e1630, dwHighDateTime=0x1d6076d)) [0254.669] Sleep (dwMilliseconds=0x32) [0254.732] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1aa79bb0, dwHighDateTime=0x1d6076d)) [0254.732] Sleep (dwMilliseconds=0x32) [0254.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ab12130, dwHighDateTime=0x1d6076d)) [0254.799] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0254.799] GetCurrentThreadId () returned 0x7f0 [0254.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x1ab12130, dwHighDateTime=0x1d6076d)) [0254.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x1ab12130, dwHighDateTime=0x1d6076d)) [0254.799] GetTickCount () returned 0x11466fd [0254.799] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0254.799] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0254.800] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0254.802] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.802] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.803] ReleaseMutex (hMutex=0x150) returned 1 [0254.803] GetCurrentThreadId () returned 0x7f0 [0254.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1ab12130, dwHighDateTime=0x1d6076d)) [0254.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1ab12130, dwHighDateTime=0x1d6076d)) [0254.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x1ab12130, dwHighDateTime=0x1d6076d)) [0254.803] GetCurrentThreadId () returned 0x7f0 [0254.803] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0254.803] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0254.804] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0254.806] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.806] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.806] ReleaseMutex (hMutex=0x150) returned 1 [0254.806] ReleaseMutex (hMutex=0xf4) returned 1 [0254.806] GetCurrentThreadId () returned 0x7f0 [0254.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ab12130, dwHighDateTime=0x1d6076d)) [0254.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ab12130, dwHighDateTime=0x1d6076d)) [0254.807] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0254.807] GetCurrentThreadId () returned 0x7f0 [0254.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x1ab12130, dwHighDateTime=0x1d6076d)) [0254.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x1ab12130, dwHighDateTime=0x1d6076d)) [0254.807] GetTickCount () returned 0x11466fd [0254.807] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0254.807] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0254.807] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0254.809] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.810] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.810] ReleaseMutex (hMutex=0x150) returned 1 [0254.810] GetCurrentThreadId () returned 0x7f0 [0254.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1ab38290, dwHighDateTime=0x1d6076d)) [0254.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1ab38290, dwHighDateTime=0x1d6076d)) [0254.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x1ab38290, dwHighDateTime=0x1d6076d)) [0254.810] GetCurrentThreadId () returned 0x7f0 [0254.810] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0254.810] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0254.811] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0254.813] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.813] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.814] ReleaseMutex (hMutex=0x150) returned 1 [0254.814] ReleaseMutex (hMutex=0xf4) returned 1 [0254.814] GetCurrentThreadId () returned 0x7f0 [0254.814] GetCurrentThreadId () returned 0x7f0 [0254.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x1ab38290, dwHighDateTime=0x1d6076d)) [0254.814] Sleep (dwMilliseconds=0xda0) [0259.993] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0259.993] ReleaseMutex (hMutex=0x154) returned 1 [0259.993] GetCurrentThreadId () returned 0x7f0 [0259.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.993] GetCurrentThreadId () returned 0x7f0 [0259.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.993] GetCurrentThreadId () returned 0x7f0 [0259.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.994] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0259.994] GetCurrentThreadId () returned 0x7f0 [0259.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.994] GetTickCount () returned 0x11474d3 [0259.994] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0259.994] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0259.994] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0259.997] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0259.997] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0259.997] ReleaseMutex (hMutex=0x150) returned 1 [0259.997] GetCurrentThreadId () returned 0x7f0 [0259.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.998] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0259.998] GetCurrentThreadId () returned 0x7f0 [0259.998] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0259.998] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0259.998] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0260.000] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0260.001] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0260.001] ReleaseMutex (hMutex=0x150) returned 1 [0260.001] ReleaseMutex (hMutex=0xf4) returned 1 [0260.001] GetCurrentThreadId () returned 0x7f0 [0260.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0260.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0260.001] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0260.001] GetCurrentThreadId () returned 0x7f0 [0260.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0260.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x1ccd7950, dwHighDateTime=0x1d6076d)) [0260.001] GetTickCount () returned 0x11474d3 [0260.001] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0260.002] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0260.002] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0260.004] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0260.004] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0260.023] ReleaseMutex (hMutex=0x150) returned 1 [0260.023] GetCurrentThreadId () returned 0x7f0 [0260.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1cd23c10, dwHighDateTime=0x1d6076d)) [0260.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1cd23c10, dwHighDateTime=0x1d6076d)) [0260.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x1cd23c10, dwHighDateTime=0x1d6076d)) [0260.023] GetCurrentThreadId () returned 0x7f0 [0260.023] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0260.023] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0260.024] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0260.026] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0260.027] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0260.027] ReleaseMutex (hMutex=0x150) returned 1 [0260.027] ReleaseMutex (hMutex=0xf4) returned 1 [0260.027] GetCurrentThreadId () returned 0x7f0 [0260.027] GetCurrentThreadId () returned 0x7f0 [0260.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x1cd23c10, dwHighDateTime=0x1d6076d)) [0260.027] Sleep (dwMilliseconds=0xbf4) [0263.111] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0263.111] ReleaseMutex (hMutex=0x154) returned 1 [0263.111] GetCurrentThreadId () returned 0x7f0 [0263.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.112] GetCurrentThreadId () returned 0x7f0 [0263.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.112] GetCurrentThreadId () returned 0x7f0 [0263.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.112] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0263.112] GetCurrentThreadId () returned 0x7f0 [0263.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.112] GetTickCount () returned 0x1148103 [0263.112] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0263.112] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0263.113] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0263.115] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0263.115] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0263.115] ReleaseMutex (hMutex=0x150) returned 1 [0263.115] GetCurrentThreadId () returned 0x7f0 [0263.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.116] GetCurrentThreadId () returned 0x7f0 [0263.116] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0263.116] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0263.116] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0263.118] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0263.119] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0263.119] ReleaseMutex (hMutex=0x150) returned 1 [0263.119] ReleaseMutex (hMutex=0xf4) returned 1 [0263.119] GetCurrentThreadId () returned 0x7f0 [0263.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.119] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0263.119] GetCurrentThreadId () returned 0x7f0 [0263.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.119] GetTickCount () returned 0x1148103 [0263.119] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0263.119] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0263.120] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0263.122] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0263.122] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0263.122] ReleaseMutex (hMutex=0x150) returned 1 [0263.123] GetCurrentThreadId () returned 0x7f0 [0263.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x1ea98c50, dwHighDateTime=0x1d6076d)) [0263.123] GetCurrentThreadId () returned 0x7f0 [0263.123] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0263.123] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0263.123] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0263.126] VirtualFree (lpAddress=0x5260000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0263.126] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0263.126] ReleaseMutex (hMutex=0x150) returned 1 [0263.126] ReleaseMutex (hMutex=0xf4) returned 1 [0263.126] GetCurrentThreadId () returned 0x7f0 [0263.127] GetCurrentThreadId () returned 0x7f0 [0263.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x1eabedb0, dwHighDateTime=0x1d6076d)) [0263.127] Sleep (dwMilliseconds=0xb13) [0265.966] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0265.966] ReleaseMutex (hMutex=0x154) returned 1 [0265.966] GetCurrentThreadId () returned 0x7f0 [0265.966] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.967] GetCurrentThreadId () returned 0x7f0 [0265.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.967] GetCurrentThreadId () returned 0x7f0 [0265.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.967] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0265.967] GetCurrentThreadId () returned 0x7f0 [0265.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.967] GetTickCount () returned 0x1148c29 [0265.967] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0265.967] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0265.967] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0265.969] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.969] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.969] ReleaseMutex (hMutex=0x150) returned 1 [0265.969] GetCurrentThreadId () returned 0x7f0 [0265.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.969] GetCurrentThreadId () returned 0x7f0 [0265.969] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0265.969] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0265.970] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0265.971] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.971] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.972] ReleaseMutex (hMutex=0x150) returned 1 [0265.972] ReleaseMutex (hMutex=0xf4) returned 1 [0265.972] GetCurrentThreadId () returned 0x7f0 [0265.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.972] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0265.972] GetCurrentThreadId () returned 0x7f0 [0265.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.972] GetTickCount () returned 0x1148c29 [0265.972] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0265.972] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0265.972] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0265.974] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.974] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.974] ReleaseMutex (hMutex=0x150) returned 1 [0265.974] GetCurrentThreadId () returned 0x7f0 [0265.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.974] GetCurrentThreadId () returned 0x7f0 [0265.974] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0265.974] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0265.975] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0265.976] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.976] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0265.977] ReleaseMutex (hMutex=0x150) returned 1 [0265.977] ReleaseMutex (hMutex=0xf4) returned 1 [0265.977] GetCurrentThreadId () returned 0x7f0 [0265.977] GetCurrentThreadId () returned 0x7f0 [0265.977] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x205d27f0, dwHighDateTime=0x1d6076d)) [0265.977] Sleep (dwMilliseconds=0xd21) [0269.333] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0269.333] ReleaseMutex (hMutex=0x154) returned 1 [0269.333] GetCurrentThreadId () returned 0x7f0 [0269.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x225f50f0, dwHighDateTime=0x1d6076d)) [0269.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x225f50f0, dwHighDateTime=0x1d6076d)) [0269.334] GetCurrentThreadId () returned 0x7f0 [0269.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x225f50f0, dwHighDateTime=0x1d6076d)) [0269.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x225f50f0, dwHighDateTime=0x1d6076d)) [0269.334] GetCurrentThreadId () returned 0x7f0 [0269.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x225f50f0, dwHighDateTime=0x1d6076d)) [0269.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x225f50f0, dwHighDateTime=0x1d6076d)) [0269.334] Sleep (dwMilliseconds=0x32) [0269.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x226b37d0, dwHighDateTime=0x1d6076d)) [0269.411] Sleep (dwMilliseconds=0x32) [0269.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2274bd50, dwHighDateTime=0x1d6076d)) [0269.474] Sleep (dwMilliseconds=0x32) [0269.537] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x227e42d0, dwHighDateTime=0x1d6076d)) [0269.537] Sleep (dwMilliseconds=0x32) [0269.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2287c850, dwHighDateTime=0x1d6076d)) [0269.599] Sleep (dwMilliseconds=0x32) [0269.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.666] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0269.666] GetCurrentThreadId () returned 0x7f0 [0269.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.666] GetTickCount () returned 0x1149a9b [0269.666] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0269.667] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0269.667] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0269.669] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0269.670] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0269.670] ReleaseMutex (hMutex=0x150) returned 1 [0269.670] GetCurrentThreadId () returned 0x7f0 [0269.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.670] GetCurrentThreadId () returned 0x7f0 [0269.670] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0269.670] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0269.671] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0269.673] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0269.673] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0269.673] ReleaseMutex (hMutex=0x150) returned 1 [0269.673] ReleaseMutex (hMutex=0xf4) returned 1 [0269.673] GetCurrentThreadId () returned 0x7f0 [0269.673] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.673] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.673] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0269.674] GetCurrentThreadId () returned 0x7f0 [0269.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.674] GetTickCount () returned 0x1149a9b [0269.674] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0269.674] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0269.674] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0269.676] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0269.676] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0269.677] ReleaseMutex (hMutex=0x150) returned 1 [0269.677] GetCurrentThreadId () returned 0x7f0 [0269.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x2293af30, dwHighDateTime=0x1d6076d)) [0269.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x2293af30, dwHighDateTime=0x1d6076d)) [0269.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x2293af30, dwHighDateTime=0x1d6076d)) [0269.677] GetCurrentThreadId () returned 0x7f0 [0269.677] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0269.677] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0269.678] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0269.680] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0269.680] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0269.680] ReleaseMutex (hMutex=0x150) returned 1 [0269.680] ReleaseMutex (hMutex=0xf4) returned 1 [0269.680] GetCurrentThreadId () returned 0x7f0 [0269.680] GetCurrentThreadId () returned 0x7f0 [0269.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x2293af30, dwHighDateTime=0x1d6076d)) [0269.680] Sleep (dwMilliseconds=0xaad) [0272.438] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0272.438] ReleaseMutex (hMutex=0x154) returned 1 [0272.438] GetCurrentThreadId () returned 0x7f0 [0272.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x2436a130, dwHighDateTime=0x1d6076d)) [0272.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x2436a130, dwHighDateTime=0x1d6076d)) [0272.438] GetCurrentThreadId () returned 0x7f0 [0272.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x2436a130, dwHighDateTime=0x1d6076d)) [0272.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x2436a130, dwHighDateTime=0x1d6076d)) [0272.438] GetCurrentThreadId () returned 0x7f0 [0272.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2436a130, dwHighDateTime=0x1d6076d)) [0272.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2436a130, dwHighDateTime=0x1d6076d)) [0272.438] Sleep (dwMilliseconds=0x32) [0272.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x244026b0, dwHighDateTime=0x1d6076d)) [0272.500] Sleep (dwMilliseconds=0x32) [0272.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2449ac30, dwHighDateTime=0x1d6076d)) [0272.562] Sleep (dwMilliseconds=0x32) [0272.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x245331b0, dwHighDateTime=0x1d6076d)) [0272.625] Sleep (dwMilliseconds=0x32) [0272.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x245f1890, dwHighDateTime=0x1d6076d)) [0272.718] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0272.718] GetCurrentThreadId () returned 0x7f0 [0272.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.718] GetTickCount () returned 0x114a67d [0272.718] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0272.718] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0272.719] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0272.721] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.722] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.722] ReleaseMutex (hMutex=0x150) returned 1 [0272.722] GetCurrentThreadId () returned 0x7f0 [0272.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.722] GetCurrentThreadId () returned 0x7f0 [0272.722] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0272.722] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0272.723] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0272.725] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.725] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.726] ReleaseMutex (hMutex=0x150) returned 1 [0272.726] ReleaseMutex (hMutex=0xf4) returned 1 [0272.726] GetCurrentThreadId () returned 0x7f0 [0272.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.726] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0272.726] GetCurrentThreadId () returned 0x7f0 [0272.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.726] GetTickCount () returned 0x114a67d [0272.726] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0272.726] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0272.727] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0272.729] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.729] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.729] ReleaseMutex (hMutex=0x150) returned 1 [0272.729] GetCurrentThreadId () returned 0x7f0 [0272.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.730] GetCurrentThreadId () returned 0x7f0 [0272.730] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0272.730] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0272.730] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0272.732] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.733] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.733] ReleaseMutex (hMutex=0x150) returned 1 [0272.733] ReleaseMutex (hMutex=0xf4) returned 1 [0272.733] GetCurrentThreadId () returned 0x7f0 [0272.733] GetCurrentThreadId () returned 0x7f0 [0272.733] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x246179f0, dwHighDateTime=0x1d6076d)) [0272.733] Sleep (dwMilliseconds=0xd99) [0276.225] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0276.225] ReleaseMutex (hMutex=0x154) returned 1 [0276.225] GetCurrentThreadId () returned 0x7f0 [0276.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x2676adf0, dwHighDateTime=0x1d6076d)) [0276.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff50 | out: lpSystemTimeAsFileTime=0x4b8ff50*(dwLowDateTime=0x2676adf0, dwHighDateTime=0x1d6076d)) [0276.225] GetCurrentThreadId () returned 0x7f0 [0276.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x2676adf0, dwHighDateTime=0x1d6076d)) [0276.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff30 | out: lpSystemTimeAsFileTime=0x4b8ff30*(dwLowDateTime=0x2676adf0, dwHighDateTime=0x1d6076d)) [0276.225] GetCurrentThreadId () returned 0x7f0 [0276.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2676adf0, dwHighDateTime=0x1d6076d)) [0276.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2676adf0, dwHighDateTime=0x1d6076d)) [0276.225] Sleep (dwMilliseconds=0x32) [0276.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x26803370, dwHighDateTime=0x1d6076d)) [0276.276] Sleep (dwMilliseconds=0x32) [0276.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x2689b8f0, dwHighDateTime=0x1d6076d)) [0276.338] Sleep (dwMilliseconds=0x32) [0276.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x26933e70, dwHighDateTime=0x1d6076d)) [0276.401] Sleep (dwMilliseconds=0x32) [0276.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.463] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0276.463] GetCurrentThreadId () returned 0x7f0 [0276.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.463] GetTickCount () returned 0x114b51d [0276.463] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0276.463] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0276.464] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0276.466] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0276.466] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0276.466] ReleaseMutex (hMutex=0x150) returned 1 [0276.466] GetCurrentThreadId () returned 0x7f0 [0276.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.466] GetCurrentThreadId () returned 0x7f0 [0276.466] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0276.466] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0276.467] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0276.468] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0276.468] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0276.469] ReleaseMutex (hMutex=0x150) returned 1 [0276.469] ReleaseMutex (hMutex=0xf4) returned 1 [0276.469] GetCurrentThreadId () returned 0x7f0 [0276.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fef0 | out: lpSystemTimeAsFileTime=0x4b8fef0*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.469] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0x3e7) returned 0x0 [0276.469] GetCurrentThreadId () returned 0x7f0 [0276.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff10 | out: lpSystemTimeAsFileTime=0x4b8ff10*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8fee8 | out: lpSystemTimeAsFileTime=0x4b8fee8*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.469] GetTickCount () returned 0x114b51d [0276.469] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0276.469] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0276.469] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0276.471] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0276.471] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0276.471] ReleaseMutex (hMutex=0x150) returned 1 [0276.471] GetCurrentThreadId () returned 0x7f0 [0276.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff04 | out: lpSystemTimeAsFileTime=0x4b8ff04*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8febc | out: lpSystemTimeAsFileTime=0x4b8febc*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.471] GetCurrentThreadId () returned 0x7f0 [0276.471] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0x1b58) returned 0x0 [0276.471] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0276.472] VirtualAlloc (lpAddress=0x0, dwSize=0x1008, flAllocationType=0x3000, flProtect=0x40) returned 0x5280000 [0276.473] VirtualFree (lpAddress=0x5280000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0276.473] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0276.474] ReleaseMutex (hMutex=0x150) returned 1 [0276.474] ReleaseMutex (hMutex=0xf4) returned 1 [0276.474] GetCurrentThreadId () returned 0x7f0 [0276.474] GetCurrentThreadId () returned 0x7f0 [0276.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4b8ff70 | out: lpSystemTimeAsFileTime=0x4b8ff70*(dwLowDateTime=0x269cc3f0, dwHighDateTime=0x1d6076d)) [0276.474] Sleep (dwMilliseconds=0xc7d) Thread: id = 395 os_tid = 0x7f4 [0180.568] GetCurrentProcessId () returned 0x730 [0180.568] ProcessIdToSessionId (in: dwProcessId=0x730, pSessionId=0x45e6fe | out: pSessionId=0x45e6fe) returned 1 [0180.571] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="HYMEMkcU1") returned 0x17c [0180.571] CreateMutexA (lpMutexAttributes=0x458a18, bInitialOwner=0, lpName="LcQMUQsg1") returned 0x180 [0180.571] GetCurrentThreadId () returned 0x7f4 [0180.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf21d30b0, dwHighDateTime=0x1d6076c)) [0180.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf21d30b0, dwHighDateTime=0x1d6076c)) [0180.571] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0x3e8) returned 0x0 [0180.585] GetCurrentThreadId () returned 0x7f4 [0180.585] Sleep (dwMilliseconds=0x5b4) [0182.138] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0182.141] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0182.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf3041610, dwHighDateTime=0x1d6076c)) [0182.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf3041610, dwHighDateTime=0x1d6076c)) [0182.141] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0x16 [0182.142] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0x20 [0182.142] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x0 [0182.151] Sleep (dwMilliseconds=0x170) [0182.520] GetCurrentThreadId () returned 0x7f4 [0182.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf33d3710, dwHighDateTime=0x1d6076c)) [0182.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf33d3710, dwHighDateTime=0x1d6076c)) [0182.520] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0182.894] GetCurrentThreadId () returned 0x7f4 [0182.894] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0182.895] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0182.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf3765810, dwHighDateTime=0x1d6076c)) [0182.895] Sleep (dwMilliseconds=0x170) [0183.368] GetCurrentThreadId () returned 0x7f4 [0183.368] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf3bdc150, dwHighDateTime=0x1d6076c)) [0183.368] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf3bdc150, dwHighDateTime=0x1d6076c)) [0183.368] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0183.737] GetCurrentThreadId () returned 0x7f4 [0183.737] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0183.737] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0183.737] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf3f6e250, dwHighDateTime=0x1d6076c)) [0183.737] Sleep (dwMilliseconds=0x170) [0184.110] GetCurrentThreadId () returned 0x7f4 [0184.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf4300350, dwHighDateTime=0x1d6076c)) [0184.111] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0184.516] GetCurrentThreadId () returned 0x7f4 [0184.516] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0184.516] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0184.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf46b85b0, dwHighDateTime=0x1d6076c)) [0184.516] Sleep (dwMilliseconds=0x170) [0185.048] GetCurrentThreadId () returned 0x7f4 [0185.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf4a4a6b0, dwHighDateTime=0x1d6076c)) [0185.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf4a4a6b0, dwHighDateTime=0x1d6076c)) [0185.048] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0186.918] GetCurrentThreadId () returned 0x7f4 [0186.918] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0186.919] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0186.919] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf4ddc7b0, dwHighDateTime=0x1d6076c)) [0186.919] Sleep (dwMilliseconds=0x170) [0187.293] GetCurrentThreadId () returned 0x7f4 [0187.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf516e8b0, dwHighDateTime=0x1d6076c)) [0187.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf516e8b0, dwHighDateTime=0x1d6076c)) [0187.293] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0187.668] GetCurrentThreadId () returned 0x7f4 [0187.668] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0187.668] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0187.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf55009b0, dwHighDateTime=0x1d6076c)) [0187.668] Sleep (dwMilliseconds=0x170) [0188.042] GetCurrentThreadId () returned 0x7f4 [0188.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf5892ab0, dwHighDateTime=0x1d6076c)) [0188.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf5892ab0, dwHighDateTime=0x1d6076c)) [0188.042] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0188.467] GetCurrentThreadId () returned 0x7f4 [0188.467] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0188.471] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0188.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf5c96fd0, dwHighDateTime=0x1d6076c)) [0188.472] Sleep (dwMilliseconds=0x170) [0188.859] GetCurrentThreadId () returned 0x7f4 [0188.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf604f230, dwHighDateTime=0x1d6076c)) [0188.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf604f230, dwHighDateTime=0x1d6076c)) [0188.860] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0189.783] GetCurrentThreadId () returned 0x7f4 [0189.783] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0189.783] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0189.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf6916350, dwHighDateTime=0x1d6076c)) [0189.784] Sleep (dwMilliseconds=0x170) [0190.288] GetCurrentThreadId () returned 0x7f4 [0190.288] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf6dff0b0, dwHighDateTime=0x1d6076c)) [0190.288] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf6dff0b0, dwHighDateTime=0x1d6076c)) [0190.288] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0190.712] GetCurrentThreadId () returned 0x7f4 [0190.712] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0190.712] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0190.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf72035d0, dwHighDateTime=0x1d6076c)) [0190.712] Sleep (dwMilliseconds=0x170) [0191.095] GetCurrentThreadId () returned 0x7f4 [0191.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf75956d0, dwHighDateTime=0x1d6076c)) [0191.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf75956d0, dwHighDateTime=0x1d6076c)) [0191.096] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0191.630] GetCurrentThreadId () returned 0x7f4 [0191.630] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0191.630] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0191.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf7aca6f0, dwHighDateTime=0x1d6076c)) [0191.631] Sleep (dwMilliseconds=0x170) [0192.068] GetCurrentThreadId () returned 0x7f4 [0192.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf7ef4d70, dwHighDateTime=0x1d6076c)) [0192.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf7ef4d70, dwHighDateTime=0x1d6076c)) [0192.068] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0192.508] GetCurrentThreadId () returned 0x7f4 [0192.508] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0192.509] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0192.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf831f3f0, dwHighDateTime=0x1d6076c)) [0192.509] Sleep (dwMilliseconds=0x170) [0192.878] GetCurrentThreadId () returned 0x7f4 [0192.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf86b14f0, dwHighDateTime=0x1d6076c)) [0192.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf86b14f0, dwHighDateTime=0x1d6076c)) [0192.878] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0193.252] GetCurrentThreadId () returned 0x7f4 [0193.252] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0193.252] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0193.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf8a435f0, dwHighDateTime=0x1d6076c)) [0193.252] Sleep (dwMilliseconds=0x170) [0193.626] GetCurrentThreadId () returned 0x7f4 [0193.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf8dd56f0, dwHighDateTime=0x1d6076c)) [0193.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf8dd56f0, dwHighDateTime=0x1d6076c)) [0193.626] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0194.001] GetCurrentThreadId () returned 0x7f4 [0194.001] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0194.001] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0194.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf91677f0, dwHighDateTime=0x1d6076c)) [0194.001] Sleep (dwMilliseconds=0x170) [0194.375] GetCurrentThreadId () returned 0x7f4 [0194.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf94f98f0, dwHighDateTime=0x1d6076c)) [0194.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf94f98f0, dwHighDateTime=0x1d6076c)) [0194.375] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0194.850] GetCurrentThreadId () returned 0x7f4 [0194.850] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0194.850] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0194.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf988b9f0, dwHighDateTime=0x1d6076c)) [0194.850] Sleep (dwMilliseconds=0x170) [0195.264] GetCurrentThreadId () returned 0x7f4 [0195.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf9c8ff10, dwHighDateTime=0x1d6076c)) [0195.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf9c8ff10, dwHighDateTime=0x1d6076c)) [0195.264] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0195.639] GetCurrentThreadId () returned 0x7f4 [0195.639] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0195.639] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0195.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfa022010, dwHighDateTime=0x1d6076c)) [0195.639] Sleep (dwMilliseconds=0x170) [0196.045] GetCurrentThreadId () returned 0x7f4 [0196.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfa4003d0, dwHighDateTime=0x1d6076c)) [0196.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfa4003d0, dwHighDateTime=0x1d6076c)) [0196.045] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0196.421] GetCurrentThreadId () returned 0x7f4 [0196.421] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0196.422] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0196.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfa7924d0, dwHighDateTime=0x1d6076c)) [0196.422] Sleep (dwMilliseconds=0x170) [0196.809] GetCurrentThreadId () returned 0x7f4 [0196.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfab4a730, dwHighDateTime=0x1d6076c)) [0196.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfab4a730, dwHighDateTime=0x1d6076c)) [0196.809] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0197.204] GetCurrentThreadId () returned 0x7f4 [0197.205] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0197.205] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0197.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfaf02990, dwHighDateTime=0x1d6076c)) [0197.205] Sleep (dwMilliseconds=0x170) [0197.581] GetCurrentThreadId () returned 0x7f4 [0197.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfb294a90, dwHighDateTime=0x1d6076c)) [0197.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfb294a90, dwHighDateTime=0x1d6076c)) [0197.581] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0197.993] GetCurrentThreadId () returned 0x7f4 [0197.993] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0197.993] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0197.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfb672e50, dwHighDateTime=0x1d6076c)) [0197.993] Sleep (dwMilliseconds=0x170) [0198.385] GetCurrentThreadId () returned 0x7f4 [0198.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfba51210, dwHighDateTime=0x1d6076c)) [0198.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfba51210, dwHighDateTime=0x1d6076c)) [0198.385] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0198.760] GetCurrentThreadId () returned 0x7f4 [0198.760] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0198.760] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0198.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfbde3310, dwHighDateTime=0x1d6076c)) [0198.760] Sleep (dwMilliseconds=0x170) [0199.165] GetCurrentThreadId () returned 0x7f4 [0199.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfc1c16d0, dwHighDateTime=0x1d6076c)) [0199.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfc1c16d0, dwHighDateTime=0x1d6076c)) [0199.165] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0199.541] GetCurrentThreadId () returned 0x7f4 [0199.541] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0199.541] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0199.542] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfc5537d0, dwHighDateTime=0x1d6076c)) [0199.542] Sleep (dwMilliseconds=0x170) [0199.924] GetCurrentThreadId () returned 0x7f4 [0199.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfc8e58d0, dwHighDateTime=0x1d6076c)) [0199.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfc8e58d0, dwHighDateTime=0x1d6076c)) [0199.925] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0200.288] GetCurrentThreadId () returned 0x7f4 [0200.288] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0200.288] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0200.288] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfcc779d0, dwHighDateTime=0x1d6076c)) [0200.288] Sleep (dwMilliseconds=0x170) [0200.662] GetCurrentThreadId () returned 0x7f4 [0200.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfd009ad0, dwHighDateTime=0x1d6076c)) [0200.662] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfd009ad0, dwHighDateTime=0x1d6076c)) [0200.662] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0201.052] GetCurrentThreadId () returned 0x7f4 [0201.052] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0201.052] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0201.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfd3c1d30, dwHighDateTime=0x1d6076c)) [0201.052] Sleep (dwMilliseconds=0x170) [0201.427] GetCurrentThreadId () returned 0x7f4 [0201.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfd753e30, dwHighDateTime=0x1d6076c)) [0201.427] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfd753e30, dwHighDateTime=0x1d6076c)) [0201.427] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0201.802] GetCurrentThreadId () returned 0x7f4 [0201.802] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0201.802] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0201.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfdae5f30, dwHighDateTime=0x1d6076c)) [0201.802] Sleep (dwMilliseconds=0x170) [0202.191] GetCurrentThreadId () returned 0x7f4 [0202.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfde78030, dwHighDateTime=0x1d6076c)) [0202.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfde78030, dwHighDateTime=0x1d6076c)) [0202.191] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0202.581] GetCurrentThreadId () returned 0x7f4 [0202.581] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0202.581] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0202.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfe230290, dwHighDateTime=0x1d6076c)) [0202.581] Sleep (dwMilliseconds=0x170) [0202.965] GetCurrentThreadId () returned 0x7f4 [0202.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfe5c2390, dwHighDateTime=0x1d6076c)) [0202.965] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0203.346] GetCurrentThreadId () returned 0x7f4 [0203.346] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0203.346] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0203.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfe97a5f0, dwHighDateTime=0x1d6076c)) [0203.346] Sleep (dwMilliseconds=0x170) [0203.720] GetCurrentThreadId () returned 0x7f4 [0203.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfed0c6f0, dwHighDateTime=0x1d6076c)) [0203.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xfed0c6f0, dwHighDateTime=0x1d6076c)) [0203.720] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0204.094] GetCurrentThreadId () returned 0x7f4 [0204.094] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0204.094] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0204.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xff09e7f0, dwHighDateTime=0x1d6076c)) [0204.094] Sleep (dwMilliseconds=0x170) [0205.514] GetCurrentThreadId () returned 0x7f4 [0205.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xff456a50, dwHighDateTime=0x1d6076c)) [0205.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xff456a50, dwHighDateTime=0x1d6076c)) [0205.514] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0205.890] GetCurrentThreadId () returned 0x7f4 [0205.890] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0205.890] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0205.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xff7e8b50, dwHighDateTime=0x1d6076c)) [0205.890] Sleep (dwMilliseconds=0x170) [0206.263] GetCurrentThreadId () returned 0x7f4 [0206.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xffb7ac50, dwHighDateTime=0x1d6076c)) [0206.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xffb7ac50, dwHighDateTime=0x1d6076c)) [0206.263] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0206.637] GetCurrentThreadId () returned 0x7f4 [0206.637] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0206.637] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0206.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfff0cd50, dwHighDateTime=0x1d6076c)) [0206.637] Sleep (dwMilliseconds=0x170) [0207.011] GetCurrentThreadId () returned 0x7f4 [0207.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x29ee50, dwHighDateTime=0x1d6076d)) [0207.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x29ee50, dwHighDateTime=0x1d6076d)) [0207.011] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0207.387] GetCurrentThreadId () returned 0x7f4 [0207.387] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0207.387] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0207.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x630f50, dwHighDateTime=0x1d6076d)) [0207.387] Sleep (dwMilliseconds=0x170) [0207.791] GetCurrentThreadId () returned 0x7f4 [0207.791] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xa0f310, dwHighDateTime=0x1d6076d)) [0207.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xa0f310, dwHighDateTime=0x1d6076d)) [0207.792] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0208.171] GetCurrentThreadId () returned 0x7f4 [0208.171] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0208.172] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0208.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xda1410, dwHighDateTime=0x1d6076d)) [0208.172] Sleep (dwMilliseconds=0x170) [0208.556] GetCurrentThreadId () returned 0x7f4 [0208.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1159670, dwHighDateTime=0x1d6076d)) [0208.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1159670, dwHighDateTime=0x1d6076d)) [0208.556] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0208.932] GetCurrentThreadId () returned 0x7f4 [0208.932] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0208.932] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0208.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x14eb770, dwHighDateTime=0x1d6076d)) [0208.933] Sleep (dwMilliseconds=0x170) [0209.414] GetCurrentThreadId () returned 0x7f4 [0209.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x18a39d0, dwHighDateTime=0x1d6076d)) [0209.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x18a39d0, dwHighDateTime=0x1d6076d)) [0209.414] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0209.819] GetCurrentThreadId () returned 0x7f4 [0209.819] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0209.819] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0209.819] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1c81d90, dwHighDateTime=0x1d6076d)) [0209.819] Sleep (dwMilliseconds=0x170) [0210.194] GetCurrentThreadId () returned 0x7f4 [0210.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x2013e90, dwHighDateTime=0x1d6076d)) [0210.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x2013e90, dwHighDateTime=0x1d6076d)) [0210.194] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0210.599] GetCurrentThreadId () returned 0x7f4 [0210.599] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0210.599] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0210.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x23f2250, dwHighDateTime=0x1d6076d)) [0210.599] Sleep (dwMilliseconds=0x170) [0211.067] GetCurrentThreadId () returned 0x7f4 [0211.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x27aa4b0, dwHighDateTime=0x1d6076d)) [0211.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x27aa4b0, dwHighDateTime=0x1d6076d)) [0211.067] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0211.448] GetCurrentThreadId () returned 0x7f4 [0211.448] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0211.448] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0211.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x2b3c5b0, dwHighDateTime=0x1d6076d)) [0211.448] Sleep (dwMilliseconds=0x170) [0211.847] GetCurrentThreadId () returned 0x7f4 [0211.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x2f1a970, dwHighDateTime=0x1d6076d)) [0211.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x2f1a970, dwHighDateTime=0x1d6076d)) [0211.847] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0212.223] GetCurrentThreadId () returned 0x7f4 [0212.223] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0212.223] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0212.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x32aca70, dwHighDateTime=0x1d6076d)) [0212.223] Sleep (dwMilliseconds=0x170) [0212.612] GetCurrentThreadId () returned 0x7f4 [0212.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x363eb70, dwHighDateTime=0x1d6076d)) [0212.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x363eb70, dwHighDateTime=0x1d6076d)) [0212.612] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0212.986] GetCurrentThreadId () returned 0x7f4 [0212.986] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0212.986] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0212.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x39d0c70, dwHighDateTime=0x1d6076d)) [0212.986] Sleep (dwMilliseconds=0x170) [0213.361] GetCurrentThreadId () returned 0x7f4 [0213.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x3d62d70, dwHighDateTime=0x1d6076d)) [0213.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x3d62d70, dwHighDateTime=0x1d6076d)) [0213.361] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0213.735] GetCurrentThreadId () returned 0x7f4 [0213.735] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0213.735] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0213.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x40f4e70, dwHighDateTime=0x1d6076d)) [0213.735] Sleep (dwMilliseconds=0x170) [0214.125] GetCurrentThreadId () returned 0x7f4 [0214.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x44ad0d0, dwHighDateTime=0x1d6076d)) [0214.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x44ad0d0, dwHighDateTime=0x1d6076d)) [0214.125] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0214.515] GetCurrentThreadId () returned 0x7f4 [0214.515] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0214.515] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0214.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x4865330, dwHighDateTime=0x1d6076d)) [0214.515] Sleep (dwMilliseconds=0x170) [0214.889] GetCurrentThreadId () returned 0x7f4 [0214.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x4bf7430, dwHighDateTime=0x1d6076d)) [0214.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x4bf7430, dwHighDateTime=0x1d6076d)) [0214.889] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0215.295] GetCurrentThreadId () returned 0x7f4 [0215.295] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0215.295] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0215.295] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x4fd57f0, dwHighDateTime=0x1d6076d)) [0215.295] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x4fd57f0, dwHighDateTime=0x1d6076d)) [0215.298] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0x16 [0215.313] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0x20 [0215.313] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x0 [0215.314] Sleep (dwMilliseconds=0x170) [0215.780] GetCurrentThreadId () returned 0x7f4 [0215.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x5472290, dwHighDateTime=0x1d6076d)) [0215.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x5472290, dwHighDateTime=0x1d6076d)) [0215.781] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0216.156] GetCurrentThreadId () returned 0x7f4 [0216.156] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0216.156] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0216.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x5804390, dwHighDateTime=0x1d6076d)) [0216.156] Sleep (dwMilliseconds=0x170) [0216.543] GetCurrentThreadId () returned 0x7f4 [0216.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x5bbc5f0, dwHighDateTime=0x1d6076d)) [0216.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x5bbc5f0, dwHighDateTime=0x1d6076d)) [0216.544] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0216.943] GetCurrentThreadId () returned 0x7f4 [0216.943] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0216.943] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0216.943] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x5f74850, dwHighDateTime=0x1d6076d)) [0216.943] Sleep (dwMilliseconds=0x170) [0217.328] GetCurrentThreadId () returned 0x7f4 [0217.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x632cab0, dwHighDateTime=0x1d6076d)) [0217.328] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0217.706] GetCurrentThreadId () returned 0x7f4 [0217.706] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0217.706] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0217.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x66bebb0, dwHighDateTime=0x1d6076d)) [0217.706] Sleep (dwMilliseconds=0x170) [0218.104] GetCurrentThreadId () returned 0x7f4 [0218.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x6a9cf70, dwHighDateTime=0x1d6076d)) [0218.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x6a9cf70, dwHighDateTime=0x1d6076d)) [0218.105] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0218.477] GetCurrentThreadId () returned 0x7f4 [0218.477] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0218.477] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0218.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x6e2f070, dwHighDateTime=0x1d6076d)) [0218.477] Sleep (dwMilliseconds=0x170) [0219.489] GetCurrentThreadId () returned 0x7f4 [0219.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.489] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0220.053] GetCurrentThreadId () returned 0x7f4 [0220.053] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0220.053] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0220.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x7d35b50, dwHighDateTime=0x1d6076d)) [0220.053] Sleep (dwMilliseconds=0x170) [0220.429] GetCurrentThreadId () returned 0x7f4 [0220.429] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x80c7c50, dwHighDateTime=0x1d6076d)) [0220.429] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x80c7c50, dwHighDateTime=0x1d6076d)) [0220.429] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0220.802] GetCurrentThreadId () returned 0x7f4 [0220.802] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0220.802] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0220.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x8459d50, dwHighDateTime=0x1d6076d)) [0220.802] Sleep (dwMilliseconds=0x170) [0221.194] GetCurrentThreadId () returned 0x7f4 [0221.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x8811fb0, dwHighDateTime=0x1d6076d)) [0221.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x8811fb0, dwHighDateTime=0x1d6076d)) [0221.195] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0221.566] GetCurrentThreadId () returned 0x7f4 [0221.566] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0221.566] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0221.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x8ba40b0, dwHighDateTime=0x1d6076d)) [0221.566] Sleep (dwMilliseconds=0x170) [0221.941] GetCurrentThreadId () returned 0x7f4 [0221.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x8f361b0, dwHighDateTime=0x1d6076d)) [0221.941] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x8f361b0, dwHighDateTime=0x1d6076d)) [0221.941] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0222.330] GetCurrentThreadId () returned 0x7f4 [0222.330] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0222.330] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0222.330] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x92ee410, dwHighDateTime=0x1d6076d)) [0222.331] Sleep (dwMilliseconds=0x170) [0222.722] GetCurrentThreadId () returned 0x7f4 [0222.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x96a6670, dwHighDateTime=0x1d6076d)) [0222.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x96a6670, dwHighDateTime=0x1d6076d)) [0222.722] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0223.095] GetCurrentThreadId () returned 0x7f4 [0223.095] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0223.095] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0223.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x9a38770, dwHighDateTime=0x1d6076d)) [0223.095] Sleep (dwMilliseconds=0x170) [0223.470] GetCurrentThreadId () returned 0x7f4 [0223.470] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x9dca870, dwHighDateTime=0x1d6076d)) [0223.470] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x9dca870, dwHighDateTime=0x1d6076d)) [0223.470] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0223.859] GetCurrentThreadId () returned 0x7f4 [0223.859] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0223.859] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0223.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xa182ad0, dwHighDateTime=0x1d6076d)) [0223.859] Sleep (dwMilliseconds=0x170) [0224.251] GetCurrentThreadId () returned 0x7f4 [0224.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.251] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0224.656] GetCurrentThreadId () returned 0x7f4 [0224.656] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0224.656] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0224.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xa9190f0, dwHighDateTime=0x1d6076d)) [0224.656] Sleep (dwMilliseconds=0x170) [0225.031] GetCurrentThreadId () returned 0x7f4 [0225.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xacab1f0, dwHighDateTime=0x1d6076d)) [0225.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xacab1f0, dwHighDateTime=0x1d6076d)) [0225.032] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0225.407] GetCurrentThreadId () returned 0x7f4 [0225.409] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0225.410] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0225.410] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xb03d2f0, dwHighDateTime=0x1d6076d)) [0225.410] Sleep (dwMilliseconds=0x170) [0225.809] GetCurrentThreadId () returned 0x7f4 [0225.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xb41b6b0, dwHighDateTime=0x1d6076d)) [0225.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xb41b6b0, dwHighDateTime=0x1d6076d)) [0225.810] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0226.249] GetCurrentThreadId () returned 0x7f4 [0226.249] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0226.250] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0226.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xb7d3910, dwHighDateTime=0x1d6076d)) [0226.250] Sleep (dwMilliseconds=0x170) [0226.636] GetCurrentThreadId () returned 0x7f4 [0226.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xbb8bb70, dwHighDateTime=0x1d6076d)) [0226.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xbb8bb70, dwHighDateTime=0x1d6076d)) [0226.636] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0227.011] GetCurrentThreadId () returned 0x7f4 [0227.011] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0227.011] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0227.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xbf1dc70, dwHighDateTime=0x1d6076d)) [0227.011] Sleep (dwMilliseconds=0x170) [0227.385] GetCurrentThreadId () returned 0x7f4 [0227.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xc2afd70, dwHighDateTime=0x1d6076d)) [0227.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xc2afd70, dwHighDateTime=0x1d6076d)) [0227.385] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0227.792] GetCurrentThreadId () returned 0x7f4 [0227.792] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0227.792] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0227.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xc68e130, dwHighDateTime=0x1d6076d)) [0227.792] Sleep (dwMilliseconds=0x170) [0228.181] GetCurrentThreadId () returned 0x7f4 [0228.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xca46390, dwHighDateTime=0x1d6076d)) [0228.181] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0228.555] GetCurrentThreadId () returned 0x7f4 [0228.555] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0228.555] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0228.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xcdd8490, dwHighDateTime=0x1d6076d)) [0228.555] Sleep (dwMilliseconds=0x170) [0228.945] GetCurrentThreadId () returned 0x7f4 [0228.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xd1906f0, dwHighDateTime=0x1d6076d)) [0228.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xd1906f0, dwHighDateTime=0x1d6076d)) [0228.945] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0229.319] GetCurrentThreadId () returned 0x7f4 [0229.319] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0229.319] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0229.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xd5227f0, dwHighDateTime=0x1d6076d)) [0229.320] Sleep (dwMilliseconds=0x170) [0229.694] GetCurrentThreadId () returned 0x7f4 [0229.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xd8b48f0, dwHighDateTime=0x1d6076d)) [0229.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xd8b48f0, dwHighDateTime=0x1d6076d)) [0229.694] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0230.095] GetCurrentThreadId () returned 0x7f4 [0230.095] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0230.095] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0230.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xdc6cb50, dwHighDateTime=0x1d6076d)) [0230.095] Sleep (dwMilliseconds=0x170) [0230.490] GetCurrentThreadId () returned 0x7f4 [0230.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xe024db0, dwHighDateTime=0x1d6076d)) [0230.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xe024db0, dwHighDateTime=0x1d6076d)) [0230.490] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0230.866] GetCurrentThreadId () returned 0x7f4 [0230.866] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0230.866] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0230.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xe3b6eb0, dwHighDateTime=0x1d6076d)) [0230.866] Sleep (dwMilliseconds=0x170) [0231.239] GetCurrentThreadId () returned 0x7f4 [0231.239] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xe748fb0, dwHighDateTime=0x1d6076d)) [0231.239] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xe748fb0, dwHighDateTime=0x1d6076d)) [0231.239] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0231.628] GetCurrentThreadId () returned 0x7f4 [0231.628] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0231.628] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0231.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xeb01210, dwHighDateTime=0x1d6076d)) [0231.628] Sleep (dwMilliseconds=0x170) [0232.034] GetCurrentThreadId () returned 0x7f4 [0232.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xeedf5d0, dwHighDateTime=0x1d6076d)) [0232.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xeedf5d0, dwHighDateTime=0x1d6076d)) [0232.034] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0232.440] GetCurrentThreadId () returned 0x7f4 [0232.440] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0232.440] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0232.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xf2bd990, dwHighDateTime=0x1d6076d)) [0232.440] Sleep (dwMilliseconds=0x170) [0232.829] GetCurrentThreadId () returned 0x7f4 [0232.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf675bf0, dwHighDateTime=0x1d6076d)) [0232.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0xf675bf0, dwHighDateTime=0x1d6076d)) [0232.830] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0233.220] GetCurrentThreadId () returned 0x7f4 [0233.220] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0233.220] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0233.220] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.220] Sleep (dwMilliseconds=0x170) [0233.905] GetCurrentThreadId () returned 0x7f4 [0233.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x10093970, dwHighDateTime=0x1d6076d)) [0233.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x10093970, dwHighDateTime=0x1d6076d)) [0233.905] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0234.281] GetCurrentThreadId () returned 0x7f4 [0234.281] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0234.281] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0234.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1044bbd0, dwHighDateTime=0x1d6076d)) [0234.281] Sleep (dwMilliseconds=0x170) [0234.717] GetCurrentThreadId () returned 0x7f4 [0234.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x10876250, dwHighDateTime=0x1d6076d)) [0234.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x10876250, dwHighDateTime=0x1d6076d)) [0234.717] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0235.139] GetCurrentThreadId () returned 0x7f4 [0235.139] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0235.139] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0235.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x10c54610, dwHighDateTime=0x1d6076d)) [0235.140] Sleep (dwMilliseconds=0x170) [0235.548] GetCurrentThreadId () returned 0x7f4 [0235.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x110329d0, dwHighDateTime=0x1d6076d)) [0235.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x110329d0, dwHighDateTime=0x1d6076d)) [0235.548] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0235.934] GetCurrentThreadId () returned 0x7f4 [0235.934] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0235.934] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0235.934] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x113eac30, dwHighDateTime=0x1d6076d)) [0235.934] Sleep (dwMilliseconds=0x170) [0236.308] GetCurrentThreadId () returned 0x7f4 [0236.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1177cd30, dwHighDateTime=0x1d6076d)) [0236.308] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1177cd30, dwHighDateTime=0x1d6076d)) [0236.308] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0236.698] GetCurrentThreadId () returned 0x7f4 [0236.698] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0236.698] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0236.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x11b34f90, dwHighDateTime=0x1d6076d)) [0236.698] Sleep (dwMilliseconds=0x170) [0237.135] GetCurrentThreadId () returned 0x7f4 [0237.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x11f13350, dwHighDateTime=0x1d6076d)) [0237.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x11f13350, dwHighDateTime=0x1d6076d)) [0237.135] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0237.526] GetCurrentThreadId () returned 0x7f4 [0237.526] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0237.526] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0237.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x122cb5b0, dwHighDateTime=0x1d6076d)) [0237.526] Sleep (dwMilliseconds=0x170) [0237.931] GetCurrentThreadId () returned 0x7f4 [0237.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x12683810, dwHighDateTime=0x1d6076d)) [0237.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x12683810, dwHighDateTime=0x1d6076d)) [0237.931] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0238.305] GetCurrentThreadId () returned 0x7f4 [0238.305] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0238.306] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0238.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x12a15910, dwHighDateTime=0x1d6076d)) [0238.306] Sleep (dwMilliseconds=0x170) [0238.700] GetCurrentThreadId () returned 0x7f4 [0238.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x12dcdb70, dwHighDateTime=0x1d6076d)) [0238.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x12dcdb70, dwHighDateTime=0x1d6076d)) [0238.700] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0239.069] GetCurrentThreadId () returned 0x7f4 [0239.069] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0239.069] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0239.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1315fc70, dwHighDateTime=0x1d6076d)) [0239.070] Sleep (dwMilliseconds=0x170) [0240.771] GetCurrentThreadId () returned 0x7f4 [0240.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x134f1d70, dwHighDateTime=0x1d6076d)) [0240.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x134f1d70, dwHighDateTime=0x1d6076d)) [0240.771] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0242.485] GetCurrentThreadId () returned 0x7f4 [0242.486] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0242.486] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0242.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x13883e70, dwHighDateTime=0x1d6076d)) [0242.486] Sleep (dwMilliseconds=0x170) [0242.922] GetCurrentThreadId () returned 0x7f4 [0242.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x13c15f70, dwHighDateTime=0x1d6076d)) [0242.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x13c15f70, dwHighDateTime=0x1d6076d)) [0242.922] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0243.297] GetCurrentThreadId () returned 0x7f4 [0243.297] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0243.297] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0243.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x13fa8070, dwHighDateTime=0x1d6076d)) [0243.297] Sleep (dwMilliseconds=0x170) [0243.671] GetCurrentThreadId () returned 0x7f4 [0243.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1433a170, dwHighDateTime=0x1d6076d)) [0243.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1433a170, dwHighDateTime=0x1d6076d)) [0243.671] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0244.276] GetCurrentThreadId () returned 0x7f4 [0244.276] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0244.276] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0244.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x146cc270, dwHighDateTime=0x1d6076d)) [0244.276] Sleep (dwMilliseconds=0x170) [0244.639] GetCurrentThreadId () returned 0x7f4 [0244.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x14a5e370, dwHighDateTime=0x1d6076d)) [0244.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x14a5e370, dwHighDateTime=0x1d6076d)) [0244.639] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0245.013] GetCurrentThreadId () returned 0x7f4 [0245.013] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0245.013] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0245.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x14df0470, dwHighDateTime=0x1d6076d)) [0245.013] Sleep (dwMilliseconds=0x170) [0245.387] GetCurrentThreadId () returned 0x7f4 [0245.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x15182570, dwHighDateTime=0x1d6076d)) [0245.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x15182570, dwHighDateTime=0x1d6076d)) [0245.387] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0245.762] GetCurrentThreadId () returned 0x7f4 [0245.762] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0245.762] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0245.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x15514670, dwHighDateTime=0x1d6076d)) [0245.762] Sleep (dwMilliseconds=0x170) [0246.136] GetCurrentThreadId () returned 0x7f4 [0246.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x158a6770, dwHighDateTime=0x1d6076d)) [0246.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x158a6770, dwHighDateTime=0x1d6076d)) [0246.136] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0246.510] GetCurrentThreadId () returned 0x7f4 [0246.510] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0246.510] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0246.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x15c38870, dwHighDateTime=0x1d6076d)) [0246.511] Sleep (dwMilliseconds=0x170) [0246.885] GetCurrentThreadId () returned 0x7f4 [0246.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x15fca970, dwHighDateTime=0x1d6076d)) [0246.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x15fca970, dwHighDateTime=0x1d6076d)) [0246.885] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0247.259] GetCurrentThreadId () returned 0x7f4 [0247.259] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0247.259] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0247.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1635ca70, dwHighDateTime=0x1d6076d)) [0247.259] Sleep (dwMilliseconds=0x170) [0247.634] GetCurrentThreadId () returned 0x7f4 [0247.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x166eeb70, dwHighDateTime=0x1d6076d)) [0247.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x166eeb70, dwHighDateTime=0x1d6076d)) [0247.634] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0248.008] GetCurrentThreadId () returned 0x7f4 [0248.008] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0248.008] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0248.008] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x16a80c70, dwHighDateTime=0x1d6076d)) [0248.008] Sleep (dwMilliseconds=0x170) [0248.382] GetCurrentThreadId () returned 0x7f4 [0248.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x16e12d70, dwHighDateTime=0x1d6076d)) [0248.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x16e12d70, dwHighDateTime=0x1d6076d)) [0248.382] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0248.757] GetCurrentThreadId () returned 0x7f4 [0248.757] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0248.757] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0248.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x171a4e70, dwHighDateTime=0x1d6076d)) [0248.757] Sleep (dwMilliseconds=0x170) [0249.131] GetCurrentThreadId () returned 0x7f4 [0249.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x17536f70, dwHighDateTime=0x1d6076d)) [0249.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x17536f70, dwHighDateTime=0x1d6076d)) [0249.131] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0249.506] GetCurrentThreadId () returned 0x7f4 [0249.506] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0249.506] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0249.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x178c9070, dwHighDateTime=0x1d6076d)) [0249.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x178c9070, dwHighDateTime=0x1d6076d)) [0249.506] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI" (normalized: "c:\\programdata\\vwcueoyi")) returned 0x16 [0249.506] GetFileAttributesW (lpFileName="C:\\ProgramData\\VWcUEoYI\\ssYIYkgc.exe" (normalized: "c:\\programdata\\vwcueoyi\\ssyiykgc.exe")) returned 0x20 [0249.506] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x0 [0249.507] Sleep (dwMilliseconds=0x170) [0249.881] GetCurrentThreadId () returned 0x7f4 [0249.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x17c5b170, dwHighDateTime=0x1d6076d)) [0249.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x17c5b170, dwHighDateTime=0x1d6076d)) [0249.881] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0250.255] GetCurrentThreadId () returned 0x7f4 [0250.255] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0250.255] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0250.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x17fed270, dwHighDateTime=0x1d6076d)) [0250.255] Sleep (dwMilliseconds=0x170) [0250.629] GetCurrentThreadId () returned 0x7f4 [0250.629] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1837f370, dwHighDateTime=0x1d6076d)) [0250.629] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1837f370, dwHighDateTime=0x1d6076d)) [0250.629] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0251.019] GetCurrentThreadId () returned 0x7f4 [0251.019] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0251.019] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0251.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x18711470, dwHighDateTime=0x1d6076d)) [0251.019] Sleep (dwMilliseconds=0x170) [0251.394] GetCurrentThreadId () returned 0x7f4 [0251.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x18aa3570, dwHighDateTime=0x1d6076d)) [0251.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x18aa3570, dwHighDateTime=0x1d6076d)) [0251.394] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0251.768] GetCurrentThreadId () returned 0x7f4 [0251.768] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0251.768] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0251.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x18e35670, dwHighDateTime=0x1d6076d)) [0251.768] Sleep (dwMilliseconds=0x170) [0252.142] GetCurrentThreadId () returned 0x7f4 [0252.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x191c7770, dwHighDateTime=0x1d6076d)) [0252.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x191c7770, dwHighDateTime=0x1d6076d)) [0252.142] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0252.516] GetCurrentThreadId () returned 0x7f4 [0252.516] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0252.516] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0252.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x19559870, dwHighDateTime=0x1d6076d)) [0252.517] Sleep (dwMilliseconds=0x170) [0252.891] GetCurrentThreadId () returned 0x7f4 [0252.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x198eb970, dwHighDateTime=0x1d6076d)) [0252.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x198eb970, dwHighDateTime=0x1d6076d)) [0252.891] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0253.265] GetCurrentThreadId () returned 0x7f4 [0253.265] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0253.265] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0253.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x19c7da70, dwHighDateTime=0x1d6076d)) [0253.265] Sleep (dwMilliseconds=0x170) [0253.640] GetCurrentThreadId () returned 0x7f4 [0253.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1a00fb70, dwHighDateTime=0x1d6076d)) [0253.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1a00fb70, dwHighDateTime=0x1d6076d)) [0253.640] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0254.014] GetCurrentThreadId () returned 0x7f4 [0254.014] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0254.014] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0254.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1a3a1c70, dwHighDateTime=0x1d6076d)) [0254.014] Sleep (dwMilliseconds=0x170) [0254.388] GetCurrentThreadId () returned 0x7f4 [0254.388] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1a733d70, dwHighDateTime=0x1d6076d)) [0254.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1a733d70, dwHighDateTime=0x1d6076d)) [0254.389] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0254.763] GetCurrentThreadId () returned 0x7f4 [0254.763] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0254.763] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0254.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1aac5e70, dwHighDateTime=0x1d6076d)) [0254.763] Sleep (dwMilliseconds=0x170) [0255.137] GetCurrentThreadId () returned 0x7f4 [0255.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1ae57f70, dwHighDateTime=0x1d6076d)) [0255.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1ae57f70, dwHighDateTime=0x1d6076d)) [0255.137] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0255.513] GetCurrentThreadId () returned 0x7f4 [0255.513] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0255.513] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0255.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1b1ea070, dwHighDateTime=0x1d6076d)) [0255.513] Sleep (dwMilliseconds=0x170) [0255.886] GetCurrentThreadId () returned 0x7f4 [0255.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1b57c170, dwHighDateTime=0x1d6076d)) [0255.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1b57c170, dwHighDateTime=0x1d6076d)) [0255.887] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0256.265] GetCurrentThreadId () returned 0x7f4 [0256.266] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0256.266] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0256.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1b90e270, dwHighDateTime=0x1d6076d)) [0256.266] Sleep (dwMilliseconds=0x170) [0256.635] GetCurrentThreadId () returned 0x7f4 [0256.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1bca0370, dwHighDateTime=0x1d6076d)) [0256.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1bca0370, dwHighDateTime=0x1d6076d)) [0256.635] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0257.009] GetCurrentThreadId () returned 0x7f4 [0257.009] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0257.009] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0257.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1c032470, dwHighDateTime=0x1d6076d)) [0257.010] Sleep (dwMilliseconds=0x170) [0258.444] GetCurrentThreadId () returned 0x7f4 [0258.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1c3c4570, dwHighDateTime=0x1d6076d)) [0258.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1c3c4570, dwHighDateTime=0x1d6076d)) [0258.445] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0259.022] GetCurrentThreadId () returned 0x7f4 [0259.022] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0259.199] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0259.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1cba6e50, dwHighDateTime=0x1d6076d)) [0259.876] Sleep (dwMilliseconds=0x170) [0260.248] GetCurrentThreadId () returned 0x7f4 [0260.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1cf38f50, dwHighDateTime=0x1d6076d)) [0260.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1cf38f50, dwHighDateTime=0x1d6076d)) [0260.248] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0260.613] GetCurrentThreadId () returned 0x7f4 [0260.613] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0260.613] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0260.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1d2cb050, dwHighDateTime=0x1d6076d)) [0260.613] Sleep (dwMilliseconds=0x170) [0260.988] GetCurrentThreadId () returned 0x7f4 [0260.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1d65d150, dwHighDateTime=0x1d6076d)) [0260.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1d65d150, dwHighDateTime=0x1d6076d)) [0260.988] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0261.362] GetCurrentThreadId () returned 0x7f4 [0261.362] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0261.362] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0261.362] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1d9ef250, dwHighDateTime=0x1d6076d)) [0261.362] Sleep (dwMilliseconds=0x170) [0261.742] GetCurrentThreadId () returned 0x7f4 [0261.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1dd81350, dwHighDateTime=0x1d6076d)) [0261.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1dd81350, dwHighDateTime=0x1d6076d)) [0261.742] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0262.115] GetCurrentThreadId () returned 0x7f4 [0262.115] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0262.115] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0262.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1e113450, dwHighDateTime=0x1d6076d)) [0262.115] Sleep (dwMilliseconds=0x170) [0262.485] GetCurrentThreadId () returned 0x7f4 [0262.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1e4a5550, dwHighDateTime=0x1d6076d)) [0262.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1e4a5550, dwHighDateTime=0x1d6076d)) [0262.485] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0262.859] GetCurrentThreadId () returned 0x7f4 [0262.859] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0262.859] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0262.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1e837650, dwHighDateTime=0x1d6076d)) [0262.859] Sleep (dwMilliseconds=0x170) [0263.234] GetCurrentThreadId () returned 0x7f4 [0263.234] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1ebc9750, dwHighDateTime=0x1d6076d)) [0263.234] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1ebc9750, dwHighDateTime=0x1d6076d)) [0263.234] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0263.624] GetCurrentThreadId () returned 0x7f4 [0263.624] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0263.624] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0263.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1ef819b0, dwHighDateTime=0x1d6076d)) [0263.624] Sleep (dwMilliseconds=0x170) [0263.999] GetCurrentThreadId () returned 0x7f4 [0263.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1f313ab0, dwHighDateTime=0x1d6076d)) [0263.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1f313ab0, dwHighDateTime=0x1d6076d)) [0263.999] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0264.373] GetCurrentThreadId () returned 0x7f4 [0264.373] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0264.373] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0264.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1f6a5bb0, dwHighDateTime=0x1d6076d)) [0264.373] Sleep (dwMilliseconds=0x170) [0264.750] GetCurrentThreadId () returned 0x7f4 [0264.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1fa37cb0, dwHighDateTime=0x1d6076d)) [0264.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x1fa37cb0, dwHighDateTime=0x1d6076d)) [0264.750] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0265.121] GetCurrentThreadId () returned 0x7f4 [0265.121] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0265.121] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0265.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x1fdc9db0, dwHighDateTime=0x1d6076d)) [0265.121] Sleep (dwMilliseconds=0x170) [0265.496] GetCurrentThreadId () returned 0x7f4 [0265.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x2015beb0, dwHighDateTime=0x1d6076d)) [0265.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x2015beb0, dwHighDateTime=0x1d6076d)) [0265.496] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0265.870] GetCurrentThreadId () returned 0x7f4 [0265.870] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0265.870] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0265.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x204edfb0, dwHighDateTime=0x1d6076d)) [0265.870] Sleep (dwMilliseconds=0x170) [0266.245] GetCurrentThreadId () returned 0x7f4 [0266.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x208800b0, dwHighDateTime=0x1d6076d)) [0266.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x208800b0, dwHighDateTime=0x1d6076d)) [0266.245] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0266.619] GetCurrentThreadId () returned 0x7f4 [0266.619] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0266.619] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0266.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x20c121b0, dwHighDateTime=0x1d6076d)) [0266.619] Sleep (dwMilliseconds=0x170) [0267.003] GetCurrentThreadId () returned 0x7f4 [0267.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x20fa42b0, dwHighDateTime=0x1d6076d)) [0267.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x20fa42b0, dwHighDateTime=0x1d6076d)) [0267.003] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0267.368] GetCurrentThreadId () returned 0x7f4 [0267.368] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0267.368] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0267.368] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x213363b0, dwHighDateTime=0x1d6076d)) [0267.368] Sleep (dwMilliseconds=0x170) [0267.742] GetCurrentThreadId () returned 0x7f4 [0267.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x216c84b0, dwHighDateTime=0x1d6076d)) [0267.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x216c84b0, dwHighDateTime=0x1d6076d)) [0267.742] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0268.117] GetCurrentThreadId () returned 0x7f4 [0268.117] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0268.117] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0268.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x21a5a5b0, dwHighDateTime=0x1d6076d)) [0268.117] Sleep (dwMilliseconds=0x170) [0268.491] GetCurrentThreadId () returned 0x7f4 [0268.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x21dec6b0, dwHighDateTime=0x1d6076d)) [0268.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x21dec6b0, dwHighDateTime=0x1d6076d)) [0268.491] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0268.918] GetCurrentThreadId () returned 0x7f4 [0268.918] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0268.918] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0268.918] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x221f0bd0, dwHighDateTime=0x1d6076d)) [0268.918] Sleep (dwMilliseconds=0x170) [0269.287] GetCurrentThreadId () returned 0x7f4 [0269.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x22582cd0, dwHighDateTime=0x1d6076d)) [0269.287] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x22582cd0, dwHighDateTime=0x1d6076d)) [0269.287] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0269.666] GetCurrentThreadId () returned 0x7f4 [0269.666] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0269.666] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0269.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x22914dd0, dwHighDateTime=0x1d6076d)) [0269.666] Sleep (dwMilliseconds=0x170) [0270.036] GetCurrentThreadId () returned 0x7f4 [0270.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x22ca6ed0, dwHighDateTime=0x1d6076d)) [0270.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x22ca6ed0, dwHighDateTime=0x1d6076d)) [0270.036] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0270.410] GetCurrentThreadId () returned 0x7f4 [0270.410] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0270.410] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0270.410] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x23038fd0, dwHighDateTime=0x1d6076d)) [0270.410] Sleep (dwMilliseconds=0x170) [0270.786] GetCurrentThreadId () returned 0x7f4 [0270.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x233cb0d0, dwHighDateTime=0x1d6076d)) [0270.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x233cb0d0, dwHighDateTime=0x1d6076d)) [0270.786] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0271.177] GetCurrentThreadId () returned 0x7f4 [0271.177] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0271.177] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0271.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x2375d1d0, dwHighDateTime=0x1d6076d)) [0271.177] Sleep (dwMilliseconds=0x170) [0271.549] GetCurrentThreadId () returned 0x7f4 [0271.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x23aef2d0, dwHighDateTime=0x1d6076d)) [0271.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x23aef2d0, dwHighDateTime=0x1d6076d)) [0271.549] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0271.923] GetCurrentThreadId () returned 0x7f4 [0271.923] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0271.923] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0271.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x23e813d0, dwHighDateTime=0x1d6076d)) [0271.923] Sleep (dwMilliseconds=0x170) [0272.298] GetCurrentThreadId () returned 0x7f4 [0272.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x242134d0, dwHighDateTime=0x1d6076d)) [0272.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x242134d0, dwHighDateTime=0x1d6076d)) [0272.298] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0272.672] GetCurrentThreadId () returned 0x7f4 [0272.672] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0272.672] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0272.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x245a55d0, dwHighDateTime=0x1d6076d)) [0272.672] Sleep (dwMilliseconds=0x170) [0273.057] GetCurrentThreadId () returned 0x7f4 [0273.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x249376d0, dwHighDateTime=0x1d6076d)) [0273.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x249376d0, dwHighDateTime=0x1d6076d)) [0273.057] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0273.421] GetCurrentThreadId () returned 0x7f4 [0273.421] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0273.421] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0273.421] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x24cc97d0, dwHighDateTime=0x1d6076d)) [0273.422] Sleep (dwMilliseconds=0x170) [0273.796] GetCurrentThreadId () returned 0x7f4 [0273.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x2505b8d0, dwHighDateTime=0x1d6076d)) [0273.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x2505b8d0, dwHighDateTime=0x1d6076d)) [0273.796] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0274.170] GetCurrentThreadId () returned 0x7f4 [0274.170] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0274.170] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0274.170] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x253ed9d0, dwHighDateTime=0x1d6076d)) [0274.170] Sleep (dwMilliseconds=0x170) [0274.544] GetCurrentThreadId () returned 0x7f4 [0274.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x2577fad0, dwHighDateTime=0x1d6076d)) [0274.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x2577fad0, dwHighDateTime=0x1d6076d)) [0274.544] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0274.918] GetCurrentThreadId () returned 0x7f4 [0274.918] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0274.918] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0274.918] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x25b11bd0, dwHighDateTime=0x1d6076d)) [0274.918] Sleep (dwMilliseconds=0x170) [0275.293] GetCurrentThreadId () returned 0x7f4 [0275.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x25ea3cd0, dwHighDateTime=0x1d6076d)) [0275.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x25ea3cd0, dwHighDateTime=0x1d6076d)) [0275.293] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0275.678] GetCurrentThreadId () returned 0x7f4 [0275.678] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0275.678] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0275.679] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x26235dd0, dwHighDateTime=0x1d6076d)) [0275.679] Sleep (dwMilliseconds=0x170) [0276.051] GetCurrentThreadId () returned 0x7f4 [0276.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x265c7ed0, dwHighDateTime=0x1d6076d)) [0276.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x265c7ed0, dwHighDateTime=0x1d6076d)) [0276.051] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0276.421] GetCurrentThreadId () returned 0x7f4 [0276.421] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0276.421] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0276.421] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x26959fd0, dwHighDateTime=0x1d6076d)) [0276.421] Sleep (dwMilliseconds=0x170) [0276.790] GetCurrentThreadId () returned 0x7f4 [0276.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x26cec0d0, dwHighDateTime=0x1d6076d)) [0276.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x26cec0d0, dwHighDateTime=0x1d6076d)) [0276.790] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0277.165] GetCurrentThreadId () returned 0x7f4 [0277.165] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0277.165] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0277.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x2707e1d0, dwHighDateTime=0x1d6076d)) [0277.165] Sleep (dwMilliseconds=0x170) [0277.539] GetCurrentThreadId () returned 0x7f4 [0277.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x274102d0, dwHighDateTime=0x1d6076d)) [0277.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff44 | out: lpSystemTimeAsFileTime=0x4ccff44*(dwLowDateTime=0x274102d0, dwHighDateTime=0x1d6076d)) [0277.539] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x170) returned 0x102 [0277.914] GetCurrentThreadId () returned 0x7f4 [0277.914] FindWindowA (lpClassName=0x0, lpWindowName="BUccwoAg.exe") returned 0x0 [0277.914] FindWindowA (lpClassName=0x0, lpWindowName="Microsoft Windows") returned 0x0 [0277.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ccff78 | out: lpSystemTimeAsFileTime=0x4ccff78*(dwLowDateTime=0x277a23d0, dwHighDateTime=0x1d6076d)) [0277.914] Sleep (dwMilliseconds=0x170) Thread: id = 396 os_tid = 0x7f8 [0180.588] GetCurrentThreadId () returned 0x7f8 [0180.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff34 | out: lpSystemTimeAsFileTime=0x4e0ff34*(dwLowDateTime=0xf21f9210, dwHighDateTime=0x1d6076c)) [0180.611] GetCurrentThreadId () returned 0x7f8 [0180.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0xf221f370, dwHighDateTime=0x1d6076c)) [0180.614] Sleep (dwMilliseconds=0x1d3a) [0189.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff78 | out: lpSystemTimeAsFileTime=0x4e0ff78*(dwLowDateTime=0xf6a6cfb0, dwHighDateTime=0x1d6076c)) [0189.928] GetCurrentThreadId () returned 0x7f8 [0189.928] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0190.063] ReleaseMutex (hMutex=0x154) returned 1 [0190.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff50 | out: lpSystemTimeAsFileTime=0x4e0ff50*(dwLowDateTime=0xf6bc3c10, dwHighDateTime=0x1d6076c)) [0190.064] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0x32) returned 0x102 [0190.161] GetCurrentThreadId () returned 0x7f8 [0190.161] GetCurrentThreadId () returned 0x7f8 [0190.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0xf6ca8450, dwHighDateTime=0x1d6076c)) [0190.161] Sleep (dwMilliseconds=0x1c23) [0197.481] GetCurrentThreadId () returned 0x7f8 [0197.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0xfb1b0250, dwHighDateTime=0x1d6076c)) [0197.481] Sleep (dwMilliseconds=0x1c46) [0205.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff78 | out: lpSystemTimeAsFileTime=0x4e0ff78*(dwLowDateTime=0xff6b8050, dwHighDateTime=0x1d6076c)) [0205.764] GetCurrentThreadId () returned 0x7f8 [0205.764] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0205.764] ReleaseMutex (hMutex=0x154) returned 1 [0205.764] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff50 | out: lpSystemTimeAsFileTime=0x4e0ff50*(dwLowDateTime=0xff6b8050, dwHighDateTime=0x1d6076c)) [0205.764] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0x32) returned 0x102 [0205.827] GetCurrentThreadId () returned 0x7f8 [0205.827] GetCurrentThreadId () returned 0x7f8 [0205.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0xff7505d0, dwHighDateTime=0x1d6076c)) [0205.827] Sleep (dwMilliseconds=0x151f) [0211.421] GetCurrentThreadId () returned 0x7f8 [0211.421] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0x2af02f0, dwHighDateTime=0x1d6076d)) [0211.421] Sleep (dwMilliseconds=0x13a2) [0216.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff78 | out: lpSystemTimeAsFileTime=0x4e0ff78*(dwLowDateTime=0x5afdf10, dwHighDateTime=0x1d6076d)) [0216.476] GetCurrentThreadId () returned 0x7f8 [0216.476] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0216.476] ReleaseMutex (hMutex=0x154) returned 1 [0216.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff50 | out: lpSystemTimeAsFileTime=0x4e0ff50*(dwLowDateTime=0x5afdf10, dwHighDateTime=0x1d6076d)) [0216.476] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0x32) returned 0x102 [0216.544] GetCurrentThreadId () returned 0x7f8 [0216.544] GetCurrentThreadId () returned 0x7f8 [0216.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0x5bbc5f0, dwHighDateTime=0x1d6076d)) [0216.544] Sleep (dwMilliseconds=0x2221) [0225.296] GetCurrentThreadId () returned 0x7f8 [0225.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0xaf32950, dwHighDateTime=0x1d6076d)) [0225.296] Sleep (dwMilliseconds=0x2387) [0234.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff78 | out: lpSystemTimeAsFileTime=0x4e0ff78*(dwLowDateTime=0x10614c50, dwHighDateTime=0x1d6076d)) [0234.481] GetCurrentThreadId () returned 0x7f8 [0234.483] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0234.497] ReleaseMutex (hMutex=0x154) returned 1 [0234.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff50 | out: lpSystemTimeAsFileTime=0x4e0ff50*(dwLowDateTime=0x1063adb0, dwHighDateTime=0x1d6076d)) [0234.498] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0x32) returned 0x102 [0234.624] GetCurrentThreadId () returned 0x7f8 [0234.624] GetCurrentThreadId () returned 0x7f8 [0234.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0x10791a10, dwHighDateTime=0x1d6076d)) [0234.625] Sleep (dwMilliseconds=0x1ca8) [0244.982] GetCurrentThreadId () returned 0x7f8 [0244.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0x14da41b0, dwHighDateTime=0x1d6076d)) [0244.982] Sleep (dwMilliseconds=0x142a) [0250.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff78 | out: lpSystemTimeAsFileTime=0x4e0ff78*(dwLowDateTime=0x17ee28d0, dwHighDateTime=0x1d6076d)) [0250.145] GetCurrentThreadId () returned 0x7f8 [0250.145] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0250.145] ReleaseMutex (hMutex=0x154) returned 1 [0250.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff50 | out: lpSystemTimeAsFileTime=0x4e0ff50*(dwLowDateTime=0x17ee28d0, dwHighDateTime=0x1d6076d)) [0250.145] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0x32) returned 0x102 [0250.207] GetCurrentThreadId () returned 0x7f8 [0250.208] GetCurrentThreadId () returned 0x7f8 [0250.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0x17f7ae50, dwHighDateTime=0x1d6076d)) [0250.208] Sleep (dwMilliseconds=0x1d72) [0259.037] GetCurrentThreadId () returned 0x7f8 [0259.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0x1c77c7d0, dwHighDateTime=0x1d6076d)) [0259.037] Sleep (dwMilliseconds=0x1d27) [0266.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff78 | out: lpSystemTimeAsFileTime=0x4e0ff78*(dwLowDateTime=0x20ebfa70, dwHighDateTime=0x1d6076d)) [0266.900] GetCurrentThreadId () returned 0x7f8 [0266.900] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0266.900] ReleaseMutex (hMutex=0x154) returned 1 [0266.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff50 | out: lpSystemTimeAsFileTime=0x4e0ff50*(dwLowDateTime=0x20ebfa70, dwHighDateTime=0x1d6076d)) [0266.900] GetCurrentThreadId () returned 0x7f8 [0266.900] GetCurrentThreadId () returned 0x7f8 [0266.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0x20ebfa70, dwHighDateTime=0x1d6076d)) [0266.900] Sleep (dwMilliseconds=0x17e2) [0273.056] GetCurrentThreadId () returned 0x7f8 [0273.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4e0ff64 | out: lpSystemTimeAsFileTime=0x4e0ff64*(dwLowDateTime=0x249376d0, dwHighDateTime=0x1d6076d)) [0273.057] Sleep (dwMilliseconds=0x22d1) Thread: id = 397 os_tid = 0x7fc [0180.632] GetCurrentThreadId () returned 0x7fc [0180.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff28 | out: lpSystemTimeAsFileTime=0x4f4ff28*(dwLowDateTime=0xf226b630, dwHighDateTime=0x1d6076c)) [0180.632] GetCurrentThreadId () returned 0x7fc [0180.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0xf226b630, dwHighDateTime=0x1d6076c)) [0180.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0xf226b630, dwHighDateTime=0x1d6076c)) [0180.635] GetCurrentThreadId () returned 0x7fc [0180.635] gethostbyname (name="google.com") returned 0x536b38*(h_name="google.com", h_aliases=0x536b48*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x536b4c*=([0]="172.217.23.142")) [0194.759] socket (af=2, type=1, protocol=0) returned 0x228 [0194.844] htons (hostshort=0x50) returned 0x5000 [0194.844] connect (s=0x228, name=0x4f4ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0194.880] ioctlsocket (in: s=0x228, cmd=-2147195266, argp=0x4f4ff28 | out: argp=0x4f4ff28) returned 0 [0194.880] GetCurrentThreadId () returned 0x7fc [0194.880] send (s=0x228, buf=0x40f0a6*, len=36, flags=0) returned 36 [0194.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0xf98d7cb0, dwHighDateTime=0x1d6076c)) [0194.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0xf98d7cb0, dwHighDateTime=0x1d6076c)) [0194.880] ioctlsocket (in: s=0x228, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0194.880] Sleep (dwMilliseconds=0x32) [0194.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0xf9970230, dwHighDateTime=0x1d6076c)) [0194.937] ioctlsocket (in: s=0x228, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0194.937] Sleep (dwMilliseconds=0x32) [0195.015] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0195.016] GetCurrentThreadId () returned 0x7fc [0195.016] recv (in: s=0x228, buf=0x51d0000, len=528, flags=0 | out: buf=0x51d0000*) returned 528 [0195.016] shutdown (s=0x4f4ff84, how=2) returned -1 [0195.016] closesocket (s=0x4f4ff84) returned -1 [0195.016] GetCurrentThreadId () returned 0x7fc [0195.016] GetCurrentThreadId () returned 0x7fc [0195.016] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.018] GetCurrentThreadId () returned 0x7fc [0195.018] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0195.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0xf9a2e910, dwHighDateTime=0x1d6076c)) [0195.018] ReleaseMutex (hMutex=0x154) returned 1 [0195.018] GetCurrentThreadId () returned 0x7fc [0195.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0xf9a2e910, dwHighDateTime=0x1d6076c)) [0195.018] Sleep (dwMilliseconds=0x16bba) [0206.075] GetCurrentThreadId () returned 0x7fc [0206.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0xff9b1bd0, dwHighDateTime=0x1d6076c)) [0206.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0xff9b1bd0, dwHighDateTime=0x1d6076c)) [0206.076] GetCurrentThreadId () returned 0x7fc [0206.076] gethostbyname (name="google.com") returned 0x536b38*(h_name="google.com", h_aliases=0x536b48*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x536b4c*=([0]="172.217.23.142")) [0206.077] socket (af=2, type=1, protocol=0) returned 0x230 [0206.077] htons (hostshort=0x50) returned 0x5000 [0206.077] connect (s=0x230, name=0x4f4ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0206.096] ioctlsocket (in: s=0x230, cmd=-2147195266, argp=0x4f4ff28 | out: argp=0x4f4ff28) returned 0 [0206.096] GetCurrentThreadId () returned 0x7fc [0206.096] send (s=0x230, buf=0x40f0a6*, len=36, flags=0) returned 36 [0206.097] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0xff9d7d30, dwHighDateTime=0x1d6076c)) [0206.097] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0xff9d7d30, dwHighDateTime=0x1d6076c)) [0206.097] ioctlsocket (in: s=0x230, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0206.097] Sleep (dwMilliseconds=0x32) [0206.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0xffa702b0, dwHighDateTime=0x1d6076c)) [0206.153] ioctlsocket (in: s=0x230, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0206.153] Sleep (dwMilliseconds=0x32) [0206.216] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x51d0000 [0206.217] GetCurrentThreadId () returned 0x7fc [0206.217] recv (in: s=0x230, buf=0x51d0000, len=528, flags=0 | out: buf=0x51d0000*) returned 528 [0206.217] shutdown (s=0x4f4ff84, how=2) returned -1 [0206.217] closesocket (s=0x4f4ff84) returned -1 [0206.217] GetCurrentThreadId () returned 0x7fc [0206.217] GetCurrentThreadId () returned 0x7fc [0206.217] VirtualFree (lpAddress=0x51d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.222] GetCurrentThreadId () returned 0x7fc [0206.222] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0206.222] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0xffb08830, dwHighDateTime=0x1d6076c)) [0206.222] ReleaseMutex (hMutex=0x154) returned 1 [0206.222] GetCurrentThreadId () returned 0x7fc [0206.222] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0xffb08830, dwHighDateTime=0x1d6076c)) [0206.222] Sleep (dwMilliseconds=0x1a80b) [0216.475] GetCurrentThreadId () returned 0x7fc [0216.475] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0x5afdf10, dwHighDateTime=0x1d6076d)) [0216.475] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0x5afdf10, dwHighDateTime=0x1d6076d)) [0216.475] GetCurrentThreadId () returned 0x7fc [0216.475] gethostbyname (name="google.com") returned 0x536b38*(h_name="google.com", h_aliases=0x536b48*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x536b4c*=([0]="172.217.23.142")) [0216.497] socket (af=2, type=1, protocol=0) returned 0x218 [0216.497] htons (hostshort=0x50) returned 0x5000 [0216.497] connect (s=0x218, name=0x4f4ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0216.515] ioctlsocket (in: s=0x218, cmd=-2147195266, argp=0x4f4ff28 | out: argp=0x4f4ff28) returned 0 [0216.515] GetCurrentThreadId () returned 0x7fc [0216.515] send (s=0x218, buf=0x40f0a6*, len=36, flags=0) returned 36 [0216.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x5b70330, dwHighDateTime=0x1d6076d)) [0216.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x5b70330, dwHighDateTime=0x1d6076d)) [0216.515] ioctlsocket (in: s=0x218, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0216.515] Sleep (dwMilliseconds=0x32) [0216.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x5c2ea10, dwHighDateTime=0x1d6076d)) [0216.594] ioctlsocket (in: s=0x218, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0216.594] Sleep (dwMilliseconds=0x32) [0216.652] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0216.653] GetCurrentThreadId () returned 0x7fc [0216.653] recv (in: s=0x218, buf=0x5250000, len=528, flags=0 | out: buf=0x5250000*) returned 528 [0216.653] shutdown (s=0x4f4ff84, how=2) returned -1 [0216.653] closesocket (s=0x4f4ff84) returned -1 [0216.653] GetCurrentThreadId () returned 0x7fc [0216.653] GetCurrentThreadId () returned 0x7fc [0216.653] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0216.654] GetCurrentThreadId () returned 0x7fc [0216.654] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0216.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0x5cc6f90, dwHighDateTime=0x1d6076d)) [0216.654] ReleaseMutex (hMutex=0x154) returned 1 [0216.654] GetCurrentThreadId () returned 0x7fc [0216.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0x5cc6f90, dwHighDateTime=0x1d6076d)) [0216.654] Sleep (dwMilliseconds=0x18039) [0226.718] GetCurrentThreadId () returned 0x7fc [0226.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0xbc4a250, dwHighDateTime=0x1d6076d)) [0226.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0xbc4a250, dwHighDateTime=0x1d6076d)) [0226.718] GetCurrentThreadId () returned 0x7fc [0226.718] gethostbyname (name="google.com") Thread: id = 398 os_tid = 0x408 [0181.338] GetCurrentThreadId () returned 0x408 [0181.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe78 | out: lpSystemTimeAsFileTime=0x508fe78*(dwLowDateTime=0xf291d410, dwHighDateTime=0x1d6076c)) [0181.339] GetCurrentThreadId () returned 0x408 [0181.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0xf291d410, dwHighDateTime=0x1d6076c)) [0181.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508febc | out: lpSystemTimeAsFileTime=0x508febc*(dwLowDateTime=0xf291d410, dwHighDateTime=0x1d6076c)) [0181.342] GetCurrentThreadId () returned 0x408 [0181.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0xf291d410, dwHighDateTime=0x1d6076c)) [0181.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0xf291d410, dwHighDateTime=0x1d6076c)) [0181.342] GetCurrentThreadId () returned 0x408 [0181.342] GetCurrentThreadId () returned 0x408 [0181.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0xf291d410, dwHighDateTime=0x1d6076c)) [0181.342] Sleep (dwMilliseconds=0xa8af4) [0193.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508febc | out: lpSystemTimeAsFileTime=0x508febc*(dwLowDateTime=0xf88ec990, dwHighDateTime=0x1d6076c)) [0193.119] GetCurrentThreadId () returned 0x408 [0193.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0xf88ec990, dwHighDateTime=0x1d6076c)) [0193.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0xf88ec990, dwHighDateTime=0x1d6076c)) [0193.119] GetCurrentThreadId () returned 0x408 [0193.119] GetCurrentThreadId () returned 0x408 [0193.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0xf88ec990, dwHighDateTime=0x1d6076c)) [0193.120] Sleep (dwMilliseconds=0xbbd95) [0203.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508febc | out: lpSystemTimeAsFileTime=0x508febc*(dwLowDateTime=0xfe895db0, dwHighDateTime=0x1d6076c)) [0203.252] GetCurrentThreadId () returned 0x408 [0203.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0xfe895db0, dwHighDateTime=0x1d6076c)) [0203.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0xfe895db0, dwHighDateTime=0x1d6076c)) [0203.252] GetCurrentThreadId () returned 0x408 [0203.252] GetCurrentThreadId () returned 0x408 [0203.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0xfe895db0, dwHighDateTime=0x1d6076c)) [0203.252] Sleep (dwMilliseconds=0xca7bd) [0214.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508febc | out: lpSystemTimeAsFileTime=0x508febc*(dwLowDateTime=0x4819070, dwHighDateTime=0x1d6076d)) [0214.485] GetCurrentThreadId () returned 0x408 [0214.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0x4819070, dwHighDateTime=0x1d6076d)) [0214.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0x4819070, dwHighDateTime=0x1d6076d)) [0214.486] GetCurrentThreadId () returned 0x408 [0214.486] GetCurrentThreadId () returned 0x408 [0214.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0x4819070, dwHighDateTime=0x1d6076d)) [0214.486] Sleep (dwMilliseconds=0xc0d26) [0224.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508febc | out: lpSystemTimeAsFileTime=0x508febc*(dwLowDateTime=0xa7c2490, dwHighDateTime=0x1d6076d)) [0224.517] GetCurrentThreadId () returned 0x408 [0224.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0xa7c2490, dwHighDateTime=0x1d6076d)) [0224.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0xa7c2490, dwHighDateTime=0x1d6076d)) [0224.517] GetCurrentThreadId () returned 0x408 [0224.517] GetCurrentThreadId () returned 0x408 [0224.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0xa7c2490, dwHighDateTime=0x1d6076d)) [0224.517] Sleep (dwMilliseconds=0x74b56) [0234.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508febc | out: lpSystemTimeAsFileTime=0x508febc*(dwLowDateTime=0x107b7b70, dwHighDateTime=0x1d6076d)) [0234.648] GetCurrentThreadId () returned 0x408 [0234.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0x107b7b70, dwHighDateTime=0x1d6076d)) [0234.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0x107b7b70, dwHighDateTime=0x1d6076d)) [0234.648] GetCurrentThreadId () returned 0x408 [0234.648] GetCurrentThreadId () returned 0x408 [0234.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0x107b7b70, dwHighDateTime=0x1d6076d)) [0234.648] Sleep (dwMilliseconds=0xbd39c) [0247.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508febc | out: lpSystemTimeAsFileTime=0x508febc*(dwLowDateTime=0x1673ae30, dwHighDateTime=0x1d6076d)) [0247.665] GetCurrentThreadId () returned 0x408 [0247.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0x1673ae30, dwHighDateTime=0x1d6076d)) [0247.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0x1673ae30, dwHighDateTime=0x1d6076d)) [0247.665] GetCurrentThreadId () returned 0x408 [0247.665] GetCurrentThreadId () returned 0x408 [0247.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0x1673ae30, dwHighDateTime=0x1d6076d)) [0247.666] Sleep (dwMilliseconds=0x94e98) [0258.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508febc | out: lpSystemTimeAsFileTime=0x508febc*(dwLowDateTime=0x1c6be0f0, dwHighDateTime=0x1d6076d)) [0258.960] GetCurrentThreadId () returned 0x408 [0258.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0x1c6be0f0, dwHighDateTime=0x1d6076d)) [0258.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0x1c6be0f0, dwHighDateTime=0x1d6076d)) [0258.960] GetCurrentThreadId () returned 0x408 [0258.960] GetCurrentThreadId () returned 0x408 [0258.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0x1c6be0f0, dwHighDateTime=0x1d6076d)) [0258.960] Sleep (dwMilliseconds=0x721f7) [0269.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508febc | out: lpSystemTimeAsFileTime=0x508febc*(dwLowDateTime=0x226413b0, dwHighDateTime=0x1d6076d)) [0269.365] GetCurrentThreadId () returned 0x408 [0269.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0x226413b0, dwHighDateTime=0x1d6076d)) [0269.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fe98 | out: lpSystemTimeAsFileTime=0x508fe98*(dwLowDateTime=0x226413b0, dwHighDateTime=0x1d6076d)) [0269.365] GetCurrentThreadId () returned 0x408 [0269.365] GetCurrentThreadId () returned 0x408 [0269.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x508fea8 | out: lpSystemTimeAsFileTime=0x508fea8*(dwLowDateTime=0x226413b0, dwHighDateTime=0x1d6076d)) [0269.365] Sleep (dwMilliseconds=0xbed7f) Thread: id = 399 os_tid = 0x394 [0181.364] GetCurrentThreadId () returned 0x394 [0181.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfea8 | out: lpSystemTimeAsFileTime=0x51cfea8*(dwLowDateTime=0xf2943570, dwHighDateTime=0x1d6076c)) [0181.365] GetCurrentThreadId () returned 0x394 [0181.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xf29696d0, dwHighDateTime=0x1d6076c)) [0181.365] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0181.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xf29696d0, dwHighDateTime=0x1d6076c)) [0181.365] ReleaseMutex (hMutex=0x154) returned 1 [0181.365] Sleep (dwMilliseconds=0x4d6) [0182.731] GetCurrentThreadId () returned 0x394 [0182.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xf35c28f0, dwHighDateTime=0x1d6076c)) [0182.740] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0182.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xf35e8a50, dwHighDateTime=0x1d6076c)) [0182.745] ReleaseMutex (hMutex=0x154) returned 1 [0182.761] Sleep (dwMilliseconds=0x6af) [0184.798] GetCurrentThreadId () returned 0x394 [0184.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xf47e90b0, dwHighDateTime=0x1d6076c)) [0184.798] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0184.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xf47e90b0, dwHighDateTime=0x1d6076c)) [0184.798] ReleaseMutex (hMutex=0x154) returned 1 [0184.798] Sleep (dwMilliseconds=0x77e) [0188.307] GetCurrentThreadId () returned 0x394 [0188.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xf5b1a210, dwHighDateTime=0x1d6076c)) [0188.307] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0188.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xf5b1a210, dwHighDateTime=0x1d6076c)) [0188.307] ReleaseMutex (hMutex=0x154) returned 1 [0188.307] Sleep (dwMilliseconds=0x776) [0190.335] GetCurrentThreadId () returned 0x394 [0190.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xf6e714d0, dwHighDateTime=0x1d6076c)) [0190.335] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0190.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xf6e714d0, dwHighDateTime=0x1d6076c)) [0190.335] ReleaseMutex (hMutex=0x154) returned 1 [0190.335] Sleep (dwMilliseconds=0x513) [0191.724] GetCurrentThreadId () returned 0x394 [0191.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xf7baef30, dwHighDateTime=0x1d6076c)) [0191.724] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0191.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xf7baef30, dwHighDateTime=0x1d6076c)) [0191.724] ReleaseMutex (hMutex=0x154) returned 1 [0191.724] Sleep (dwMilliseconds=0x740) [0193.580] GetCurrentThreadId () returned 0x394 [0193.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xf8d632d0, dwHighDateTime=0x1d6076c)) [0193.580] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0193.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xf8d632d0, dwHighDateTime=0x1d6076c)) [0193.580] ReleaseMutex (hMutex=0x154) returned 1 [0193.580] Sleep (dwMilliseconds=0x7bb) [0195.654] GetCurrentThreadId () returned 0x394 [0195.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xfa048170, dwHighDateTime=0x1d6076c)) [0195.654] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0195.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xfa048170, dwHighDateTime=0x1d6076c)) [0195.655] ReleaseMutex (hMutex=0x154) returned 1 [0195.655] Sleep (dwMilliseconds=0x727) [0197.531] GetCurrentThreadId () returned 0x394 [0197.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xfb222670, dwHighDateTime=0x1d6076c)) [0197.531] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0197.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xfb222670, dwHighDateTime=0x1d6076c)) [0197.531] ReleaseMutex (hMutex=0x154) returned 1 [0197.531] Sleep (dwMilliseconds=0x5ea) [0199.086] GetCurrentThreadId () returned 0x394 [0199.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xfc102ff0, dwHighDateTime=0x1d6076c)) [0199.086] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0199.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xfc102ff0, dwHighDateTime=0x1d6076c)) [0199.087] ReleaseMutex (hMutex=0x154) returned 1 [0199.087] Sleep (dwMilliseconds=0x527) [0200.444] GetCurrentThreadId () returned 0x394 [0200.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xfcdf4790, dwHighDateTime=0x1d6076c)) [0200.444] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0200.444] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xfcdf4790, dwHighDateTime=0x1d6076c)) [0200.444] ReleaseMutex (hMutex=0x154) returned 1 [0200.444] Sleep (dwMilliseconds=0x6c2) [0202.191] GetCurrentThreadId () returned 0x394 [0202.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xfde78030, dwHighDateTime=0x1d6076c)) [0202.191] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0202.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xfde78030, dwHighDateTime=0x1d6076c)) [0202.191] ReleaseMutex (hMutex=0x154) returned 1 [0202.191] Sleep (dwMilliseconds=0x545) [0203.552] GetCurrentThreadId () returned 0x394 [0203.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.552] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0203.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xfeb697d0, dwHighDateTime=0x1d6076c)) [0203.552] ReleaseMutex (hMutex=0x154) returned 1 [0203.552] Sleep (dwMilliseconds=0x76f) [0206.481] GetCurrentThreadId () returned 0x394 [0206.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xffd8ff90, dwHighDateTime=0x1d6076c)) [0206.481] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0206.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xffd8ff90, dwHighDateTime=0x1d6076c)) [0206.481] ReleaseMutex (hMutex=0x154) returned 1 [0206.481] Sleep (dwMilliseconds=0x6a7) [0208.197] GetCurrentThreadId () returned 0x394 [0208.197] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xded6d0, dwHighDateTime=0x1d6076d)) [0208.197] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0208.197] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xded6d0, dwHighDateTime=0x1d6076d)) [0208.197] ReleaseMutex (hMutex=0x154) returned 1 [0208.197] Sleep (dwMilliseconds=0x6fe) [0210.085] GetCurrentThreadId () returned 0x394 [0210.085] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.085] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0210.085] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x1f094f0, dwHighDateTime=0x1d6076d)) [0210.085] ReleaseMutex (hMutex=0x154) returned 1 [0210.085] Sleep (dwMilliseconds=0x529) [0211.527] GetCurrentThreadId () returned 0x394 [0211.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x2bfac90, dwHighDateTime=0x1d6076d)) [0211.527] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0211.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x2bfac90, dwHighDateTime=0x1d6076d)) [0211.527] ReleaseMutex (hMutex=0x154) returned 1 [0211.527] Sleep (dwMilliseconds=0x62e) [0213.127] GetCurrentThreadId () returned 0x394 [0213.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x3b278d0, dwHighDateTime=0x1d6076d)) [0213.127] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0213.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x3b278d0, dwHighDateTime=0x1d6076d)) [0213.127] ReleaseMutex (hMutex=0x154) returned 1 [0213.127] Sleep (dwMilliseconds=0x48d) [0214.327] GetCurrentThreadId () returned 0x394 [0214.327] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x469c2b0, dwHighDateTime=0x1d6076d)) [0214.328] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0214.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x469c2b0, dwHighDateTime=0x1d6076d)) [0214.328] ReleaseMutex (hMutex=0x154) returned 1 [0214.328] Sleep (dwMilliseconds=0x5be) [0215.842] GetCurrentThreadId () returned 0x394 [0215.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x550a810, dwHighDateTime=0x1d6076d)) [0215.843] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0215.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x550a810, dwHighDateTime=0x1d6076d)) [0215.843] ReleaseMutex (hMutex=0x154) returned 1 [0215.843] Sleep (dwMilliseconds=0x553) [0217.247] GetCurrentThreadId () returned 0x394 [0217.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x626e3d0, dwHighDateTime=0x1d6076d)) [0217.247] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0217.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x626e3d0, dwHighDateTime=0x1d6076d)) [0217.247] ReleaseMutex (hMutex=0x154) returned 1 [0217.247] Sleep (dwMilliseconds=0x74e) [0219.490] GetCurrentThreadId () returned 0x394 [0219.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.490] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0219.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x77b4870, dwHighDateTime=0x1d6076d)) [0219.490] ReleaseMutex (hMutex=0x154) returned 1 [0219.490] Sleep (dwMilliseconds=0x639) [0221.107] GetCurrentThreadId () returned 0x394 [0221.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x872d770, dwHighDateTime=0x1d6076d)) [0221.107] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0221.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x872d770, dwHighDateTime=0x1d6076d)) [0221.107] ReleaseMutex (hMutex=0x154) returned 1 [0221.107] Sleep (dwMilliseconds=0x642) [0222.721] GetCurrentThreadId () returned 0x394 [0222.721] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x96a6670, dwHighDateTime=0x1d6076d)) [0222.721] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0222.721] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x96a6670, dwHighDateTime=0x1d6076d)) [0222.721] ReleaseMutex (hMutex=0x154) returned 1 [0222.721] Sleep (dwMilliseconds=0x5f3) [0224.251] GetCurrentThreadId () returned 0x394 [0224.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.251] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0224.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xa53ad30, dwHighDateTime=0x1d6076d)) [0224.251] ReleaseMutex (hMutex=0x154) returned 1 [0224.252] Sleep (dwMilliseconds=0x4e8) [0225.529] GetCurrentThreadId () returned 0x394 [0225.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xb16ddf0, dwHighDateTime=0x1d6076d)) [0225.529] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0225.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xb16ddf0, dwHighDateTime=0x1d6076d)) [0225.529] ReleaseMutex (hMutex=0x154) returned 1 [0225.529] Sleep (dwMilliseconds=0x4f1) [0226.870] GetCurrentThreadId () returned 0x394 [0226.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.870] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0226.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xbdc7010, dwHighDateTime=0x1d6076d)) [0226.870] ReleaseMutex (hMutex=0x154) returned 1 [0226.870] Sleep (dwMilliseconds=0x6e2) [0228.648] GetCurrentThreadId () returned 0x394 [0228.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xcebccd0, dwHighDateTime=0x1d6076d)) [0228.649] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0228.649] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xcebccd0, dwHighDateTime=0x1d6076d)) [0228.649] ReleaseMutex (hMutex=0x154) returned 1 [0228.649] Sleep (dwMilliseconds=0x71b) [0230.493] GetCurrentThreadId () returned 0x394 [0230.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xe024db0, dwHighDateTime=0x1d6076d)) [0230.493] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0230.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xe024db0, dwHighDateTime=0x1d6076d)) [0230.493] ReleaseMutex (hMutex=0x154) returned 1 [0230.493] Sleep (dwMilliseconds=0x67e) [0232.162] GetCurrentThreadId () returned 0x394 [0232.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xf0100d0, dwHighDateTime=0x1d6076d)) [0232.162] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0232.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xf0100d0, dwHighDateTime=0x1d6076d)) [0232.163] ReleaseMutex (hMutex=0x154) returned 1 [0232.163] Sleep (dwMilliseconds=0x423) [0233.221] GetCurrentThreadId () returned 0x394 [0233.221] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.221] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0233.221] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0xfa2de50, dwHighDateTime=0x1d6076d)) [0233.221] ReleaseMutex (hMutex=0x154) returned 1 [0233.221] Sleep (dwMilliseconds=0x775) [0235.185] GetCurrentThreadId () returned 0x394 [0235.185] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.185] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0235.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x10cc6a30, dwHighDateTime=0x1d6076d)) [0235.186] ReleaseMutex (hMutex=0x154) returned 1 [0235.186] Sleep (dwMilliseconds=0x607) [0236.745] GetCurrentThreadId () returned 0x394 [0236.745] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x11ba73b0, dwHighDateTime=0x1d6076d)) [0236.745] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0236.745] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x11ba73b0, dwHighDateTime=0x1d6076d)) [0236.745] ReleaseMutex (hMutex=0x154) returned 1 [0236.745] Sleep (dwMilliseconds=0x439) [0237.884] GetCurrentThreadId () returned 0x394 [0237.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x126113f0, dwHighDateTime=0x1d6076d)) [0237.917] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0237.917] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x1265d6b0, dwHighDateTime=0x1d6076d)) [0237.917] ReleaseMutex (hMutex=0x154) returned 1 [0237.930] Sleep (dwMilliseconds=0x41a) [0239.022] GetCurrentThreadId () returned 0x394 [0239.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x130ed850, dwHighDateTime=0x1d6076d)) [0239.022] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0239.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x130ed850, dwHighDateTime=0x1d6076d)) [0239.023] ReleaseMutex (hMutex=0x154) returned 1 [0239.023] Sleep (dwMilliseconds=0x4b3) [0242.969] GetCurrentThreadId () returned 0x394 [0242.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x13c88390, dwHighDateTime=0x1d6076d)) [0242.969] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0242.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x13c88390, dwHighDateTime=0x1d6076d)) [0242.969] ReleaseMutex (hMutex=0x154) returned 1 [0242.969] Sleep (dwMilliseconds=0x5ef) [0244.716] GetCurrentThreadId () returned 0x394 [0244.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x14b1ca50, dwHighDateTime=0x1d6076d)) [0244.716] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0244.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x14b1ca50, dwHighDateTime=0x1d6076d)) [0244.716] ReleaseMutex (hMutex=0x154) returned 1 [0244.716] Sleep (dwMilliseconds=0x474) [0245.871] GetCurrentThreadId () returned 0x394 [0245.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x1561f010, dwHighDateTime=0x1d6076d)) [0245.871] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0245.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x1561f010, dwHighDateTime=0x1d6076d)) [0245.871] ReleaseMutex (hMutex=0x154) returned 1 [0245.871] Sleep (dwMilliseconds=0x45f) [0246.994] GetCurrentThreadId () returned 0x394 [0246.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x160d5310, dwHighDateTime=0x1d6076d)) [0246.994] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0246.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x160d5310, dwHighDateTime=0x1d6076d)) [0246.994] ReleaseMutex (hMutex=0x154) returned 1 [0246.994] Sleep (dwMilliseconds=0x63e) [0248.602] GetCurrentThreadId () returned 0x394 [0248.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x170280b0, dwHighDateTime=0x1d6076d)) [0248.602] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0248.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x170280b0, dwHighDateTime=0x1d6076d)) [0248.602] ReleaseMutex (hMutex=0x154) returned 1 [0248.602] Sleep (dwMilliseconds=0x757) [0250.489] GetCurrentThreadId () returned 0x394 [0250.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x18228710, dwHighDateTime=0x1d6076d)) [0250.489] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0250.489] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x18228710, dwHighDateTime=0x1d6076d)) [0250.489] ReleaseMutex (hMutex=0x154) returned 1 [0250.489] Sleep (dwMilliseconds=0x776) [0252.423] GetCurrentThreadId () returned 0x394 [0252.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x19475030, dwHighDateTime=0x1d6076d)) [0252.423] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0252.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x19475030, dwHighDateTime=0x1d6076d)) [0252.423] ReleaseMutex (hMutex=0x154) returned 1 [0252.423] Sleep (dwMilliseconds=0x793) [0254.373] GetCurrentThreadId () returned 0x394 [0254.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x1a70dc10, dwHighDateTime=0x1d6076d)) [0254.373] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0254.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x1a70dc10, dwHighDateTime=0x1d6076d)) [0254.373] ReleaseMutex (hMutex=0x154) returned 1 [0254.373] Sleep (dwMilliseconds=0x4fe) [0255.652] GetCurrentThreadId () returned 0x394 [0255.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x1b340cd0, dwHighDateTime=0x1d6076d)) [0255.652] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0255.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x1b340cd0, dwHighDateTime=0x1d6076d)) [0255.652] ReleaseMutex (hMutex=0x154) returned 1 [0255.652] Sleep (dwMilliseconds=0x7a9) [0258.885] GetCurrentThreadId () returned 0x394 [0258.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x1c5ffa10, dwHighDateTime=0x1d6076d)) [0258.885] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0258.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x1c5ffa10, dwHighDateTime=0x1d6076d)) [0258.885] ReleaseMutex (hMutex=0x154) returned 1 [0258.885] Sleep (dwMilliseconds=0x737) [0261.144] GetCurrentThreadId () returned 0x394 [0261.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x1d7d9f10, dwHighDateTime=0x1d6076d)) [0261.144] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0261.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x1d7d9f10, dwHighDateTime=0x1d6076d)) [0261.144] ReleaseMutex (hMutex=0x154) returned 1 [0261.144] Sleep (dwMilliseconds=0x548) [0262.501] GetCurrentThreadId () returned 0x394 [0262.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x1e4cb6b0, dwHighDateTime=0x1d6076d)) [0262.501] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0262.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x1e4cb6b0, dwHighDateTime=0x1d6076d)) [0262.501] ReleaseMutex (hMutex=0x154) returned 1 [0262.501] Sleep (dwMilliseconds=0x433) [0263.577] GetCurrentThreadId () returned 0x394 [0263.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x1ef0f590, dwHighDateTime=0x1d6076d)) [0263.577] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0263.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x1ef0f590, dwHighDateTime=0x1d6076d)) [0263.577] ReleaseMutex (hMutex=0x154) returned 1 [0263.577] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xbb8) returned 0x0 [0263.577] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0263.578] VirtualAlloc (lpAddress=0x0, dwSize=0x8000, flAllocationType=0x3000, flProtect=0x40) returned 0x5260000 [0263.578] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x400fa [0263.579] Sleep (dwMilliseconds=0x4ec) [0264.841] GetCurrentThreadId () returned 0x394 [0264.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x1fb1c4f0, dwHighDateTime=0x1d6076d)) [0264.841] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0264.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x1fb1c4f0, dwHighDateTime=0x1d6076d)) [0264.841] ReleaseMutex (hMutex=0x154) returned 1 [0264.841] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xbb8) returned 0x0 [0264.841] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x400fa [0264.841] Sleep (dwMilliseconds=0x6fa) [0266.650] GetCurrentThreadId () returned 0x394 [0266.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x20c5e470, dwHighDateTime=0x1d6076d)) [0266.650] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0266.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x20c5e470, dwHighDateTime=0x1d6076d)) [0266.650] ReleaseMutex (hMutex=0x154) returned 1 [0266.650] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xbb8) returned 0x0 [0266.650] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x400fa [0266.650] Sleep (dwMilliseconds=0x6de) [0268.414] GetCurrentThreadId () returned 0x394 [0268.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x21d2dfd0, dwHighDateTime=0x1d6076d)) [0268.414] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0268.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x21d2dfd0, dwHighDateTime=0x1d6076d)) [0268.414] ReleaseMutex (hMutex=0x154) returned 1 [0268.414] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xbb8) returned 0x0 [0268.414] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x400fa [0268.414] Sleep (dwMilliseconds=0x639) [0270.020] GetCurrentThreadId () returned 0x394 [0270.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x22c80d70, dwHighDateTime=0x1d6076d)) [0270.020] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0270.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x22c80d70, dwHighDateTime=0x1d6076d)) [0270.020] ReleaseMutex (hMutex=0x154) returned 1 [0270.020] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xbb8) returned 0x0 [0270.020] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x400fa [0270.020] Sleep (dwMilliseconds=0x45a) [0271.158] GetCurrentThreadId () returned 0x394 [0271.158] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x23737070, dwHighDateTime=0x1d6076d)) [0271.158] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0271.158] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x23737070, dwHighDateTime=0x1d6076d)) [0271.158] ReleaseMutex (hMutex=0x154) returned 1 [0271.158] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xbb8) returned 0x0 [0271.159] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x400fa [0271.159] Sleep (dwMilliseconds=0x494) [0272.365] GetCurrentThreadId () returned 0x394 [0272.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x242aba50, dwHighDateTime=0x1d6076d)) [0272.365] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0272.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x242aba50, dwHighDateTime=0x1d6076d)) [0272.365] ReleaseMutex (hMutex=0x154) returned 1 [0272.365] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xbb8) returned 0x0 [0272.365] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x400fa [0272.365] Sleep (dwMilliseconds=0x697) [0274.106] GetCurrentThreadId () returned 0x394 [0274.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x2532f2f0, dwHighDateTime=0x1d6076d)) [0274.106] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0274.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x2532f2f0, dwHighDateTime=0x1d6076d)) [0274.106] ReleaseMutex (hMutex=0x154) returned 1 [0274.106] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xbb8) returned 0x0 [0274.106] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x400fa [0274.106] Sleep (dwMilliseconds=0x576) [0275.504] GetCurrentThreadId () returned 0x394 [0275.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x26092eb0, dwHighDateTime=0x1d6076d)) [0275.504] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0275.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x26092eb0, dwHighDateTime=0x1d6076d)) [0275.504] ReleaseMutex (hMutex=0x154) returned 1 [0275.504] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xbb8) returned 0x0 [0275.504] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x400fa [0275.504] Sleep (dwMilliseconds=0x539) [0276.837] GetCurrentThreadId () returned 0x394 [0276.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfed8 | out: lpSystemTimeAsFileTime=0x51cfed8*(dwLowDateTime=0x26d5e4f0, dwHighDateTime=0x1d6076d)) [0276.837] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0276.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x51cfedc | out: lpSystemTimeAsFileTime=0x51cfedc*(dwLowDateTime=0x26d5e4f0, dwHighDateTime=0x1d6076d)) [0276.837] ReleaseMutex (hMutex=0x154) returned 1 [0276.837] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xbb8) returned 0x0 [0276.837] FindWindowA (lpClassName=0x0, lpWindowName="dIgkcsQg") returned 0x400fa [0276.837] Sleep (dwMilliseconds=0x64c) Thread: id = 402 os_tid = 0x634 Thread: id = 403 os_tid = 0x630 Thread: id = 405 os_tid = 0x580 [0226.824] GetCurrentThreadId () returned 0x580 [0226.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff28 | out: lpSystemTimeAsFileTime=0x4f4ff28*(dwLowDateTime=0xbd54bf0, dwHighDateTime=0x1d6076d)) [0226.824] GetCurrentThreadId () returned 0x580 [0226.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0xbd54bf0, dwHighDateTime=0x1d6076d)) [0226.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0xbd54bf0, dwHighDateTime=0x1d6076d)) [0226.825] GetCurrentThreadId () returned 0x580 [0226.825] gethostbyname (name="google.com") returned 0x53ca60*(h_name="google.com", h_aliases=0x53ca70*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x53ca74*=([0]="172.217.23.142")) [0226.869] socket (af=2, type=1, protocol=0) returned 0x258 [0226.869] htons (hostshort=0x50) returned 0x5000 [0226.869] connect (s=0x258, name=0x4f4ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0226.888] ioctlsocket (in: s=0x258, cmd=-2147195266, argp=0x4f4ff28 | out: argp=0x4f4ff28) returned 0 [0226.888] GetCurrentThreadId () returned 0x580 [0226.888] send (s=0x258, buf=0x40f0a6*, len=36, flags=0) returned 36 [0226.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0xbded170, dwHighDateTime=0x1d6076d)) [0226.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0xbded170, dwHighDateTime=0x1d6076d)) [0226.889] ioctlsocket (in: s=0x258, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0226.889] Sleep (dwMilliseconds=0x32) [0226.948] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0xbe856f0, dwHighDateTime=0x1d6076d)) [0226.948] ioctlsocket (in: s=0x258, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0226.948] Sleep (dwMilliseconds=0x32) [0227.011] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0227.011] GetCurrentThreadId () returned 0x580 [0227.011] recv (in: s=0x258, buf=0x5250000, len=528, flags=0 | out: buf=0x5250000*) returned 528 [0227.014] shutdown (s=0x4f4ff84, how=2) returned -1 [0227.014] closesocket (s=0x4f4ff84) returned -1 [0227.014] GetCurrentThreadId () returned 0x580 [0227.014] GetCurrentThreadId () returned 0x580 [0227.014] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0227.039] GetCurrentThreadId () returned 0x580 [0227.039] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0227.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0xbf43dd0, dwHighDateTime=0x1d6076d)) [0227.039] ReleaseMutex (hMutex=0x154) returned 1 [0227.039] GetCurrentThreadId () returned 0x580 [0227.039] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0xbf43dd0, dwHighDateTime=0x1d6076d)) [0227.039] Sleep (dwMilliseconds=0x105d0) [0237.135] GetCurrentThreadId () returned 0x580 [0237.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0x11f13350, dwHighDateTime=0x1d6076d)) [0237.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0x11f13350, dwHighDateTime=0x1d6076d)) [0237.135] GetCurrentThreadId () returned 0x580 [0237.135] gethostbyname (name="google.com") returned 0x53ca60*(h_name="google.com", h_aliases=0x53ca70*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x53ca74*=([0]="172.217.23.142")) [0237.182] socket (af=2, type=1, protocol=0) returned 0x25c [0237.182] htons (hostshort=0x50) returned 0x5000 [0237.182] connect (s=0x25c, name=0x4f4ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0237.210] ioctlsocket (in: s=0x25c, cmd=-2147195266, argp=0x4f4ff28 | out: argp=0x4f4ff28) returned 0 [0237.210] GetCurrentThreadId () returned 0x580 [0237.210] send (s=0x25c, buf=0x40f0a6*, len=36, flags=0) returned 36 [0237.210] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x11fab8d0, dwHighDateTime=0x1d6076d)) [0237.210] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x11fab8d0, dwHighDateTime=0x1d6076d)) [0237.210] ioctlsocket (in: s=0x25c, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0237.210] Sleep (dwMilliseconds=0x32) [0237.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x12043e50, dwHighDateTime=0x1d6076d)) [0237.260] ioctlsocket (in: s=0x25c, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0237.260] Sleep (dwMilliseconds=0x32) Thread: id = 406 os_tid = 0x570 [0237.374] GetCurrentThreadId () returned 0x570 [0237.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff28 | out: lpSystemTimeAsFileTime=0x590ff28*(dwLowDateTime=0x1214e7f0, dwHighDateTime=0x1d6076d)) [0237.374] GetCurrentThreadId () returned 0x570 [0237.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff58 | out: lpSystemTimeAsFileTime=0x590ff58*(dwLowDateTime=0x1214e7f0, dwHighDateTime=0x1d6076d)) [0237.374] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff6c | out: lpSystemTimeAsFileTime=0x590ff6c*(dwLowDateTime=0x1214e7f0, dwHighDateTime=0x1d6076d)) [0237.374] GetCurrentThreadId () returned 0x570 [0237.374] gethostbyname (name="google.com") returned 0x53cb08*(h_name="google.com", h_aliases=0x53cb18*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x53cb1c*=([0]="172.217.23.142")) [0237.416] socket (af=2, type=1, protocol=0) returned 0x278 [0237.416] htons (hostshort=0x50) returned 0x5000 [0237.416] connect (s=0x278, name=0x590ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0237.446] ioctlsocket (in: s=0x278, cmd=-2147195266, argp=0x590ff28 | out: argp=0x590ff28) returned 0 [0237.446] GetCurrentThreadId () returned 0x570 [0237.446] send (s=0x278, buf=0x40f0a6*, len=36, flags=0) returned 36 [0237.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff44 | out: lpSystemTimeAsFileTime=0x590ff44*(dwLowDateTime=0x121e6d70, dwHighDateTime=0x1d6076d)) [0237.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff44 | out: lpSystemTimeAsFileTime=0x590ff44*(dwLowDateTime=0x121e6d70, dwHighDateTime=0x1d6076d)) [0237.446] ioctlsocket (in: s=0x278, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0237.446] Sleep (dwMilliseconds=0x32) [0237.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff44 | out: lpSystemTimeAsFileTime=0x590ff44*(dwLowDateTime=0x122cb5b0, dwHighDateTime=0x1d6076d)) [0237.525] ioctlsocket (in: s=0x278, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0237.525] Sleep (dwMilliseconds=0x32) [0237.589] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x4e10000 [0237.589] GetCurrentThreadId () returned 0x570 [0237.589] recv (in: s=0x278, buf=0x4e10000, len=528, flags=0 | out: buf=0x4e10000*) returned 528 [0237.589] shutdown (s=0x590ff84, how=2) returned -1 [0237.589] closesocket (s=0x590ff84) returned -1 [0237.589] GetCurrentThreadId () returned 0x570 [0237.589] GetCurrentThreadId () returned 0x570 [0237.589] VirtualFree (lpAddress=0x4e10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0237.590] GetCurrentThreadId () returned 0x570 [0237.590] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0237.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff6c | out: lpSystemTimeAsFileTime=0x590ff6c*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.590] ReleaseMutex (hMutex=0x154) returned 1 [0237.590] GetCurrentThreadId () returned 0x570 [0237.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff58 | out: lpSystemTimeAsFileTime=0x590ff58*(dwLowDateTime=0x12363b30, dwHighDateTime=0x1d6076d)) [0237.590] Sleep (dwMilliseconds=0x14b16) [0250.566] GetCurrentThreadId () returned 0x570 [0250.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff58 | out: lpSystemTimeAsFileTime=0x590ff58*(dwLowDateTime=0x182e6df0, dwHighDateTime=0x1d6076d)) [0250.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff6c | out: lpSystemTimeAsFileTime=0x590ff6c*(dwLowDateTime=0x182e6df0, dwHighDateTime=0x1d6076d)) [0250.567] GetCurrentThreadId () returned 0x570 [0250.567] gethostbyname (name="google.com") returned 0x53cb08*(h_name="google.com", h_aliases=0x53cb18*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x53cb1c*=([0]="172.217.23.142")) [0250.567] socket (af=2, type=1, protocol=0) returned 0x12c [0250.567] htons (hostshort=0x50) returned 0x5000 [0250.567] connect (s=0x12c, name=0x590ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0250.586] ioctlsocket (in: s=0x12c, cmd=-2147195266, argp=0x590ff28 | out: argp=0x590ff28) returned 0 [0250.586] GetCurrentThreadId () returned 0x570 [0250.586] send (s=0x12c, buf=0x40f0a6*, len=36, flags=0) returned 36 [0250.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff44 | out: lpSystemTimeAsFileTime=0x590ff44*(dwLowDateTime=0x1830cf50, dwHighDateTime=0x1d6076d)) [0250.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x590ff44 | out: lpSystemTimeAsFileTime=0x590ff44*(dwLowDateTime=0x1830cf50, dwHighDateTime=0x1d6076d)) [0250.586] ioctlsocket (in: s=0x12c, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0250.587] Sleep (dwMilliseconds=0x32) Thread: id = 408 os_tid = 0x538 [0250.616] GetCurrentThreadId () returned 0x538 [0250.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff28 | out: lpSystemTimeAsFileTime=0x4f4ff28*(dwLowDateTime=0x18359210, dwHighDateTime=0x1d6076d)) [0250.617] GetCurrentThreadId () returned 0x538 [0250.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0x18359210, dwHighDateTime=0x1d6076d)) [0250.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0x18359210, dwHighDateTime=0x1d6076d)) [0250.617] GetCurrentThreadId () returned 0x538 [0250.617] gethostbyname (name="google.com") returned 0x53cb78*(h_name="google.com", h_aliases=0x53cb88*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x53cb8c*=([0]="172.217.23.142")) [0250.618] socket (af=2, type=1, protocol=0) returned 0x294 [0250.618] htons (hostshort=0x50) returned 0x5000 [0250.618] connect (s=0x294, name=0x4f4ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0250.637] ioctlsocket (in: s=0x294, cmd=-2147195266, argp=0x4f4ff28 | out: argp=0x4f4ff28) returned 0 [0250.637] GetCurrentThreadId () returned 0x538 [0250.637] send (s=0x294, buf=0x40f0a6*, len=36, flags=0) returned 36 [0250.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x1837f370, dwHighDateTime=0x1d6076d)) [0250.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x1837f370, dwHighDateTime=0x1d6076d)) [0250.638] ioctlsocket (in: s=0x294, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0250.638] Sleep (dwMilliseconds=0x32) [0250.691] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x184178f0, dwHighDateTime=0x1d6076d)) [0250.691] ioctlsocket (in: s=0x294, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0250.691] Sleep (dwMilliseconds=0x32) [0250.754] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0250.754] GetCurrentThreadId () returned 0x538 [0250.754] recv (in: s=0x294, buf=0x5250000, len=528, flags=0 | out: buf=0x5250000*) returned 528 [0250.754] shutdown (s=0x4f4ff84, how=2) returned -1 [0250.755] closesocket (s=0x4f4ff84) returned -1 [0250.755] GetCurrentThreadId () returned 0x538 [0250.755] GetCurrentThreadId () returned 0x538 [0250.755] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0250.755] GetCurrentThreadId () returned 0x538 [0250.755] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0250.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0x184afe70, dwHighDateTime=0x1d6076d)) [0250.755] ReleaseMutex (hMutex=0x154) returned 1 [0250.755] GetCurrentThreadId () returned 0x538 [0250.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0x184afe70, dwHighDateTime=0x1d6076d)) [0250.755] Sleep (dwMilliseconds=0x1b5fe) [0262.440] GetCurrentThreadId () returned 0x538 [0262.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0x1e433130, dwHighDateTime=0x1d6076d)) [0262.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0x1e433130, dwHighDateTime=0x1d6076d)) [0262.440] GetCurrentThreadId () returned 0x538 [0262.440] gethostbyname (name="google.com") returned 0x53cb78*(h_name="google.com", h_aliases=0x53cb88*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x53cb8c*=([0]="172.217.23.142")) [0262.440] socket (af=2, type=1, protocol=0) returned 0x298 [0262.441] htons (hostshort=0x50) returned 0x5000 [0262.441] connect (s=0x298, name=0x4f4ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0262.461] ioctlsocket (in: s=0x298, cmd=-2147195266, argp=0x4f4ff28 | out: argp=0x4f4ff28) returned 0 [0262.461] GetCurrentThreadId () returned 0x538 [0262.462] send (s=0x298, buf=0x40f0a6*, len=36, flags=0) returned 36 [0262.462] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x1e459290, dwHighDateTime=0x1d6076d)) [0262.462] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x1e459290, dwHighDateTime=0x1d6076d)) [0262.462] ioctlsocket (in: s=0x298, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0262.462] Sleep (dwMilliseconds=0x32) [0262.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x1e4f1810, dwHighDateTime=0x1d6076d)) [0262.516] ioctlsocket (in: s=0x298, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0262.516] Sleep (dwMilliseconds=0x32) [0262.590] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x5250000 [0262.590] GetCurrentThreadId () returned 0x538 [0262.590] recv (in: s=0x298, buf=0x5250000, len=528, flags=0 | out: buf=0x5250000*) returned 528 [0262.590] shutdown (s=0x4f4ff84, how=2) returned -1 [0262.591] closesocket (s=0x4f4ff84) returned -1 [0262.591] GetCurrentThreadId () returned 0x538 [0262.591] GetCurrentThreadId () returned 0x538 [0262.591] VirtualFree (lpAddress=0x5250000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0262.591] GetCurrentThreadId () returned 0x538 [0262.591] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0262.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0x1e589d90, dwHighDateTime=0x1d6076d)) [0262.591] ReleaseMutex (hMutex=0x154) returned 1 [0262.591] GetCurrentThreadId () returned 0x538 [0262.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0x1e589d90, dwHighDateTime=0x1d6076d)) [0262.591] Sleep (dwMilliseconds=0x1786f) [0272.610] GetCurrentThreadId () returned 0x538 [0272.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0x2450d050, dwHighDateTime=0x1d6076d)) [0272.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0x2450d050, dwHighDateTime=0x1d6076d)) [0272.610] GetCurrentThreadId () returned 0x538 [0272.610] gethostbyname (name="google.com") returned 0x53cb78*(h_name="google.com", h_aliases=0x53cb88*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x53cb8c*=([0]="172.217.23.142")) [0272.610] socket (af=2, type=1, protocol=0) returned 0x2a0 [0272.611] htons (hostshort=0x50) returned 0x5000 [0272.611] connect (s=0x2a0, name=0x4f4ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0272.631] ioctlsocket (in: s=0x2a0, cmd=-2147195266, argp=0x4f4ff28 | out: argp=0x4f4ff28) returned 0 [0272.632] GetCurrentThreadId () returned 0x538 [0272.632] send (s=0x2a0, buf=0x40f0a6*, len=36, flags=0) returned 36 [0272.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x245331b0, dwHighDateTime=0x1d6076d)) [0272.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x245331b0, dwHighDateTime=0x1d6076d)) [0272.632] ioctlsocket (in: s=0x2a0, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0272.632] Sleep (dwMilliseconds=0x32) Thread: id = 412 os_tid = 0x6c8 [0272.681] GetCurrentThreadId () returned 0x6c8 [0272.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff28 | out: lpSystemTimeAsFileTime=0x4f4ff28*(dwLowDateTime=0x245a55d0, dwHighDateTime=0x1d6076d)) [0272.682] GetCurrentThreadId () returned 0x6c8 [0272.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0x245a55d0, dwHighDateTime=0x1d6076d)) [0272.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0x245a55d0, dwHighDateTime=0x1d6076d)) [0272.682] GetCurrentThreadId () returned 0x6c8 [0272.682] gethostbyname (name="google.com") returned 0x53cbe8*(h_name="google.com", h_aliases=0x53cbf8*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x53cbfc*=([0]="172.217.23.142")) [0272.683] socket (af=2, type=1, protocol=0) returned 0x2b8 [0272.683] htons (hostshort=0x50) returned 0x5000 [0272.683] connect (s=0x2b8, name=0x4f4ff2c*(sa_family=2, sin_port=0x50, sin_addr="172.217.23.142"), namelen=16) returned 0 [0272.717] ioctlsocket (in: s=0x2b8, cmd=-2147195266, argp=0x4f4ff28 | out: argp=0x4f4ff28) returned 0 [0272.717] GetCurrentThreadId () returned 0x6c8 [0272.717] send (s=0x2b8, buf=0x40f0a6*, len=36, flags=0) returned 36 [0272.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x245f1890, dwHighDateTime=0x1d6076d)) [0272.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x245f1890, dwHighDateTime=0x1d6076d)) [0272.718] ioctlsocket (in: s=0x2b8, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0272.718] Sleep (dwMilliseconds=0x32) [0272.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff44 | out: lpSystemTimeAsFileTime=0x4f4ff44*(dwLowDateTime=0x24689e10, dwHighDateTime=0x1d6076d)) [0272.766] ioctlsocket (in: s=0x2b8, cmd=1074030207, argp=0x40f100 | out: argp=0x40f100) returned 0 [0272.766] Sleep (dwMilliseconds=0x32) [0272.828] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x3000, flProtect=0x40) returned 0x5270000 [0272.828] GetCurrentThreadId () returned 0x6c8 [0272.828] recv (in: s=0x2b8, buf=0x5270000, len=528, flags=0 | out: buf=0x5270000*) returned 528 [0272.828] shutdown (s=0x4f4ff84, how=2) returned -1 [0272.829] closesocket (s=0x4f4ff84) returned -1 [0272.829] GetCurrentThreadId () returned 0x6c8 [0272.829] GetCurrentThreadId () returned 0x6c8 [0272.829] VirtualFree (lpAddress=0x5270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.829] GetCurrentThreadId () returned 0x6c8 [0272.829] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0xbb8) returned 0x0 [0272.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff6c | out: lpSystemTimeAsFileTime=0x4f4ff6c*(dwLowDateTime=0x24722390, dwHighDateTime=0x1d6076d)) [0272.829] ReleaseMutex (hMutex=0x154) returned 1 [0272.829] GetCurrentThreadId () returned 0x6c8 [0272.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4f4ff58 | out: lpSystemTimeAsFileTime=0x4f4ff58*(dwLowDateTime=0x24722390, dwHighDateTime=0x1d6076d)) [0272.829] Sleep (dwMilliseconds=0xf709)